Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
NzL6O1Q.exe

Overview

General Information

Sample name:NzL6O1Q.exe
Analysis ID:1585556
MD5:d22612d2899fc888514c3ca553b49f79
SHA1:6dba3a3b96225fe24229f1b39509a503547d1401
SHA256:b2acd91fdcef767fa027519e3be0f61ce027c8bdf57027e2c161257dfa5d6543
Tags:exemalwarexwormuser-Joker
Infos:

Detection

XWorm
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected XWorm
.NET source code contains potential unpacker
.NET source code contains very large strings
AI detected suspicious sample
Drops PE files to the startup folder
Machine Learning detection for dropped file
Machine Learning detection for sample
Uses schtasks.exe or at.exe to add and modify task schedules
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Schtasks From Env Var Folder
Stores files to the Windows start menu directory
Uses 32bit PE files
Yara signature match

Classification

Process Tree

  • System is w10x64
  • NzL6O1Q.exe (PID: 7252 cmdline: "C:\Users\user\Desktop\NzL6O1Q.exe" MD5: D22612D2899FC888514C3CA553B49F79)
    • schtasks.exe (PID: 7320 cmdline: "C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "NzL6O1Q" /tr "C:\Users\user\AppData\Roaming\NzL6O1Q.exe" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • conhost.exe (PID: 7344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • NzL6O1Q.exe (PID: 7400 cmdline: C:\Users\user\AppData\Roaming\NzL6O1Q.exe MD5: D22612D2899FC888514C3CA553B49F79)
  • NzL6O1Q.exe (PID: 7464 cmdline: C:\Users\user\AppData\Roaming\NzL6O1Q.exe MD5: D22612D2899FC888514C3CA553B49F79)
  • NzL6O1Q.exe (PID: 7596 cmdline: "C:\Users\user\AppData\Roaming\NzL6O1Q.exe" MD5: D22612D2899FC888514C3CA553B49F79)
  • NzL6O1Q.exe (PID: 7812 cmdline: "C:\Users\user\AppData\Roaming\NzL6O1Q.exe" MD5: D22612D2899FC888514C3CA553B49F79)
  • NzL6O1Q.exe (PID: 7964 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe" MD5: D22612D2899FC888514C3CA553B49F79)
  • NzL6O1Q.exe (PID: 3168 cmdline: C:\Users\user\AppData\Roaming\NzL6O1Q.exe MD5: D22612D2899FC888514C3CA553B49F79)
  • NzL6O1Q.exe (PID: 7440 cmdline: C:\Users\user\AppData\Roaming\NzL6O1Q.exe MD5: D22612D2899FC888514C3CA553B49F79)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
NzL6O1Q.exeJoeSecurity_XWormYara detected XWormJoe Security
    NzL6O1Q.exerat_win_xworm_v2Finds XWorm v2 samples based on characteristic stringsSekoia.io
    • 0x7652:$str02: ngrok
    • 0x1979b:$str02: ngrok
    • 0x197f5:$str02: ngrok
    • 0x73b1:$str03: Mutexx
    • 0x1991d:$str04: FileManagerSplitFileManagerSplit
    • 0x197c1:$str05: InstallngC
    • 0x19385:$str06: downloadedfile
    • 0x1927d:$str11: txtttt
    • 0x1a179:$str12: \root\SecurityCenter2
    • 0x199a3:$str13: [USB]
    • 0x19989:$str14: [Drive]
    • 0x1990b:$str15: [Folder]
    • 0x1a1a5:$str19: Select * from AntivirusProduct
    • 0x18e91:$str21: RunBotKiller

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeJoeSecurity_XWormYara detected XWormJoe Security
      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exerat_win_xworm_v2Finds XWorm v2 samples based on characteristic stringsSekoia.io
      • 0x7652:$str02: ngrok
      • 0x1979b:$str02: ngrok
      • 0x197f5:$str02: ngrok
      • 0x73b1:$str03: Mutexx
      • 0x1991d:$str04: FileManagerSplitFileManagerSplit
      • 0x197c1:$str05: InstallngC
      • 0x19385:$str06: downloadedfile
      • 0x1927d:$str11: txtttt
      • 0x1a179:$str12: \root\SecurityCenter2
      • 0x199a3:$str13: [USB]
      • 0x19989:$str14: [Drive]
      • 0x1990b:$str15: [Folder]
      • 0x1a1a5:$str19: Select * from AntivirusProduct
      • 0x18e91:$str21: RunBotKiller
      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exerat_win_xworm_v2Finds XWorm v2 samples based on characteristic stringsSekoia.io
      • 0x7652:$str02: ngrok
      • 0x1979b:$str02: ngrok
      • 0x197f5:$str02: ngrok
      • 0x73b1:$str03: Mutexx
      • 0x1991d:$str04: FileManagerSplitFileManagerSplit
      • 0x197c1:$str05: InstallngC
      • 0x19385:$str06: downloadedfile
      • 0x1927d:$str11: txtttt
      • 0x1a179:$str12: \root\SecurityCenter2
      • 0x199a3:$str13: [USB]
      • 0x19989:$str14: [Drive]
      • 0x1990b:$str15: [Folder]
      • 0x1a1a5:$str19: Select * from AntivirusProduct
      • 0x18e91:$str21: RunBotKiller
      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exerat_win_xworm_v2Finds XWorm v2 samples based on characteristic stringsSekoia.io
      • 0x7652:$str02: ngrok
      • 0x1979b:$str02: ngrok
      • 0x197f5:$str02: ngrok
      • 0x73b1:$str03: Mutexx
      • 0x1991d:$str04: FileManagerSplitFileManagerSplit
      • 0x197c1:$str05: InstallngC
      • 0x19385:$str06: downloadedfile
      • 0x1927d:$str11: txtttt
      • 0x1a179:$str12: \root\SecurityCenter2
      • 0x199a3:$str13: [USB]
      • 0x19989:$str14: [Drive]
      • 0x1990b:$str15: [Folder]
      • 0x1a1a5:$str19: Select * from AntivirusProduct
      • 0x18e91:$str21: RunBotKiller

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000000.1647097653.0000000000252000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_XWormYara detected XWormJoe Security
        00000000.00000002.4097980583.00000000024D1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
          Process Memory Space: NzL6O1Q.exe PID: 7252JoeSecurity_XWormYara detected XWormJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.0.NzL6O1Q.exe.250000.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
              0.0.NzL6O1Q.exe.250000.0.unpackrat_win_xworm_v2Finds XWorm v2 samples based on characteristic stringsSekoia.io
              • 0x7652:$str02: ngrok
              • 0x1979b:$str02: ngrok
              • 0x197f5:$str02: ngrok
              • 0x73b1:$str03: Mutexx
              • 0x1991d:$str04: FileManagerSplitFileManagerSplit
              • 0x197c1:$str05: InstallngC
              • 0x19385:$str06: downloadedfile
              • 0x1927d:$str11: txtttt
              • 0x1a179:$str12: \root\SecurityCenter2
              • 0x199a3:$str13: [USB]
              • 0x19989:$str14: [Drive]
              • 0x1990b:$str15: [Folder]
              • 0x1a1a5:$str19: Select * from AntivirusProduct
              • 0x18e91:$str21: RunBotKiller

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: CurrentVersion Autorun Keys Modification
              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\NzL6O1Q.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\NzL6O1Q.exe, ProcessId: 7252, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NzL6O1Q
              Sigma detected: Startup Folder File Write
              Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\NzL6O1Q.exe, ProcessId: 7252, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe
              Sigma detected: Suspicious Schtasks From Env Var Folder
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "NzL6O1Q" /tr "C:\Users\user\AppData\Roaming\NzL6O1Q.exe", CommandLine: "C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "NzL6O1Q" /tr "C:\Users\user\AppData\Roaming\NzL6O1Q.exe", CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\NzL6O1Q.exe", ParentImage: C:\Users\user\Desktop\NzL6O1Q.exe, ParentProcessId: 7252, ParentProcessName: NzL6O1Q.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "NzL6O1Q" /tr "C:\Users\user\AppData\Roaming\NzL6O1Q.exe", ProcessId: 7320, ProcessName: schtasks.exe

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-07T20:34:28.286017+010028528701Malware Command and Control Activity Detected172.190.167.1077000192.168.2.449730TCP
              2025-01-07T20:34:58.277959+010028528701Malware Command and Control Activity Detected172.190.167.1077000192.168.2.449730TCP
              2025-01-07T20:35:28.283592+010028528701Malware Command and Control Activity Detected172.190.167.1077000192.168.2.449730TCP
              2025-01-07T20:35:28.510329+010028528701Malware Command and Control Activity Detected172.190.167.1077000192.168.2.449730TCP
              2025-01-07T20:35:58.303410+010028528701Malware Command and Control Activity Detected172.190.167.1077000192.168.2.449730TCP
              2025-01-07T20:36:28.294378+010028528701Malware Command and Control Activity Detected172.190.167.1077000192.168.2.449730TCP
              2025-01-07T20:36:58.293256+010028528701Malware Command and Control Activity Detected172.190.167.1077000192.168.2.449730TCP
              2025-01-07T20:37:28.285982+010028528701Malware Command and Control Activity Detected172.190.167.1077000192.168.2.449730TCP
              2025-01-07T20:37:58.292489+010028528701Malware Command and Control Activity Detected172.190.167.1077000192.168.2.449730TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-07T20:34:15.273416+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:34:27.850434+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:34:40.430199+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:34:52.999720+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:05.569040+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:14.973199+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:16.710476+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:16.897645+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:17.308440+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:18.687254+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:18.847383+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:19.985337+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:20.115931+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:22.717430+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:23.028145+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:23.091102+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:23.299484+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:23.706269+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:24.969002+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:25.468727+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:25.855584+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:25.860461+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:25.900070+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:25.983717+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:28.026031+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:29.379136+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:29.576341+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:29.678305+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:31.371582+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:31.393385+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:32.080418+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:34.365844+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:34.722494+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:34.921671+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:36.084602+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:36.617666+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:36.637427+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:36.709347+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:37.177555+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:37.290485+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:37.964097+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:38.524895+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:38.902504+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:39.414534+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:43.388518+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:44.996629+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:45.388110+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:46.972307+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:47.021153+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:47.049949+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:47.062056+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:47.069603+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:47.174246+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:48.654598+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:48.722238+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:52.723743+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:53.097613+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:01.256647+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:02.969863+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:04.550779+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:04.613642+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:05.045612+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:05.059809+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:05.265203+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:05.510699+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:05.531191+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:07.119151+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:07.365904+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:07.584845+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:08.840640+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:09.032874+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:09.065500+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:09.077075+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:09.225449+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:09.456790+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:10.449394+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:10.745948+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:10.837611+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:10.885622+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:10.944599+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:11.009713+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:11.088919+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:11.267069+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:11.441222+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:11.487426+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:11.549121+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:12.619647+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:12.654489+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:12.747529+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:12.811923+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:12.953914+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:12.965425+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:12.982573+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:12.994382+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:13.000665+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:13.007440+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:13.012860+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:13.270285+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:13.284618+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:13.355812+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:13.365559+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:14.675411+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:15.066763+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:15.126497+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:16.653539+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:17.498518+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:18.002419+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:19.314042+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:20.759948+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:20.773382+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:21.967936+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:22.597037+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:23.168438+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:23.290026+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:24.924293+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:26.276483+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:26.599064+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:26.698384+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:26.923845+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:26.998576+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:27.583404+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:28.690494+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:28.865964+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:29.053465+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:29.227254+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:29.376869+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:29.407280+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:30.704776+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:30.775076+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:30.820927+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:32.086397+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:32.873946+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:32.886189+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:34.392485+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:34.455340+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:34.665870+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:35.091768+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:35.338361+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:36.731064+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:36.939458+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:36.996559+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:37.412006+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:37.446098+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:37.473383+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:37.479987+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:38.020408+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:39.520330+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:41.323242+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:41.494491+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:42.550867+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:42.684740+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:42.813760+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:42.983029+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:43.030337+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:43.041616+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:44.710226+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:44.734228+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:44.739204+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:44.803416+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:44.975118+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:45.013650+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:45.361468+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:45.406159+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:45.534574+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:45.551837+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:47.271034+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:49.627730+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:49.634973+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:50.474431+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:50.855088+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:50.864692+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:50.880035+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:50.983555+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:51.263925+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:52.863963+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:52.921251+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:53.930202+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:54.715422+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:54.753534+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:54.838433+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:54.850212+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:55.034614+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:55.041074+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:55.045897+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:55.050666+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:55.085506+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:55.528049+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:55.559187+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:56.746279+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:56.832253+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:56.837462+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:56.844606+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:57.579945+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:57.645754+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:58.261400+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:58.302354+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:58.714704+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:58.832572+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:58.840974+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:59.248920+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:59.438475+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:01.278485+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:01.292562+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:01.511555+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:01.577841+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:01.804217+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:02.766455+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:02.790291+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:02.797810+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:02.825604+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:02.869245+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:02.874067+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:02.889424+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:02.908066+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:04.672471+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:04.881429+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:04.909051+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:05.485377+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:05.515854+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:05.523966+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:05.544634+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:05.555790+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:05.599383+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:06.647339+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:06.689672+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:06.763784+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:06.774978+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:06.845811+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:07.250295+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:08.397857+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:08.728999+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:08.846567+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:08.894785+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:09.088942+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:09.114060+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:10.719231+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:10.840833+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:10.884266+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:10.889102+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:10.893901+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:11.134121+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:11.147334+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:11.181298+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:11.268032+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:11.654031+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:12.747898+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:12.767282+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:12.791863+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:13.003132+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:13.032853+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:13.037699+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:13.340055+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:14.724768+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:14.744326+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:14.831820+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:14.842894+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:14.851570+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:15.053333+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:15.080187+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:15.131434+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:15.144400+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:16.972910+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:17.190728+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:19.059596+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:20.860165+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:20.878215+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:20.976663+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:21.011300+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:21.111981+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:21.145135+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:21.212710+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:21.346113+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:21.670922+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:22.007056+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:22.880769+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:22.895829+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:22.909496+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:22.937113+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:24.349145+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:24.784533+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:24.885500+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:24.931192+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:24.994330+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:25.302722+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:25.672807+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:25.686124+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:26.797480+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:26.822198+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:26.862031+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:26.971043+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:27.004638+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:27.365554+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:27.437353+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:27.483785+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:30.830949+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:30.887305+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:30.990861+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:31.086014+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:32.819906+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:32.830973+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:32.845462+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:33.212054+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:33.229276+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:35.223052+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:36.902846+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:37.104705+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:37.114989+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:38.755516+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:38.817738+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:38.897046+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:38.973776+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:39.100935+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:39.642221+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:41.182556+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:41.282076+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:41.287137+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:42.998110+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:44.270109+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:44.780889+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:45.374845+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:47.353713+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:47.720507+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:47.746633+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:48.093148+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:50.696335+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:50.789022+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:50.892864+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:50.922944+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:51.617468+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:53.038449+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:53.063126+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:53.176291+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:53.500220+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:53.505118+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:56.696004+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:56.885883+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:57.288104+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:59.693778+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:38:01.441663+010028529231Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-07T20:34:28.286017+010028528741Malware Command and Control Activity Detected172.190.167.1077000192.168.2.449730TCP
              2025-01-07T20:34:58.277959+010028528741Malware Command and Control Activity Detected172.190.167.1077000192.168.2.449730TCP
              2025-01-07T20:35:28.283592+010028528741Malware Command and Control Activity Detected172.190.167.1077000192.168.2.449730TCP
              2025-01-07T20:35:28.510329+010028528741Malware Command and Control Activity Detected172.190.167.1077000192.168.2.449730TCP
              2025-01-07T20:35:58.303410+010028528741Malware Command and Control Activity Detected172.190.167.1077000192.168.2.449730TCP
              2025-01-07T20:36:28.294378+010028528741Malware Command and Control Activity Detected172.190.167.1077000192.168.2.449730TCP
              2025-01-07T20:36:58.293256+010028528741Malware Command and Control Activity Detected172.190.167.1077000192.168.2.449730TCP
              2025-01-07T20:37:28.285982+010028528741Malware Command and Control Activity Detected172.190.167.1077000192.168.2.449730TCP
              2025-01-07T20:37:58.292489+010028528741Malware Command and Control Activity Detected172.190.167.1077000192.168.2.449730TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-07T20:34:15.273416+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:34:27.850434+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:34:40.430199+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:34:52.999720+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:05.569040+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:14.973199+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:16.710476+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:16.897645+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:17.308440+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:18.687254+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:18.847383+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:19.985337+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:20.115931+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:22.717430+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:23.028145+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:23.091102+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:23.299484+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:23.706269+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:24.969002+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:25.468727+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:25.855584+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:25.860461+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:25.900070+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:25.983717+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:28.026031+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:29.379136+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:29.576341+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:29.678305+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:31.371582+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:31.393385+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:32.080418+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:34.365844+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:34.722494+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:34.921671+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:36.084602+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:36.617666+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:36.637427+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:36.709347+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:37.177555+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:37.290485+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:37.964097+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:38.524895+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:38.902504+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:39.414534+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:43.388518+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:44.996629+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:45.388110+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:46.972307+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:47.021153+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:47.049949+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:47.062056+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:47.069603+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:47.174246+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:48.654598+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:48.722238+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:52.723743+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:35:53.097613+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:01.256647+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:02.969863+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:04.550779+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:04.613642+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:05.045612+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:05.059809+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:05.265203+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:05.510699+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:05.531191+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:07.119151+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:07.365904+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:07.584845+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:08.840640+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:09.032874+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:09.065500+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:09.077075+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:09.225449+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:09.456790+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:10.449394+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:10.745948+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:10.837611+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:10.885622+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:10.944599+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:11.009713+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:11.088919+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:11.267069+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:11.441222+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:11.487426+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:11.549121+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:12.619647+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:12.654489+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:12.747529+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:12.811923+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:12.953914+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:12.965425+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:12.982573+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:12.994382+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:13.000665+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:13.007440+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:13.012860+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:13.270285+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:13.284618+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:13.355812+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:13.365559+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:14.675411+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:15.066763+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:15.126497+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:16.653539+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:17.498518+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:18.002419+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:19.314042+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:20.759948+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:20.773382+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:21.967936+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:22.597037+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:23.168438+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:23.290026+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:24.924293+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:26.276483+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:26.599064+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:26.698384+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:26.923845+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:26.998576+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:27.583404+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:28.690494+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:28.865964+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:29.053465+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:29.227254+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:29.376869+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:29.407280+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:30.704776+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:30.775076+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:30.820927+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:32.086397+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:32.873946+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:32.886189+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:34.392485+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:34.455340+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:34.665870+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:35.091768+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:35.338361+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:36.731064+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:36.939458+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:36.996559+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:37.412006+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:37.446098+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:37.473383+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:37.479987+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:38.020408+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:39.520330+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:41.323242+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:41.494491+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:42.550867+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:42.684740+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:42.813760+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:42.983029+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:43.030337+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:43.041616+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:44.710226+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:44.734228+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:44.739204+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:44.803416+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:44.975118+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:45.013650+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:45.361468+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:45.406159+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:45.534574+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:45.551837+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:47.271034+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:49.627730+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:49.634973+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:50.474431+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:50.855088+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:50.864692+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:50.880035+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:50.983555+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:51.263925+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:52.863963+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:52.921251+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:53.930202+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:54.715422+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:54.753534+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:54.838433+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:54.850212+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:55.034614+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:55.041074+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:55.045897+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:55.050666+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:55.085506+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:55.528049+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:55.559187+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:56.746279+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:56.832253+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:56.837462+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:56.844606+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:57.579945+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:57.645754+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:58.261400+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:58.302354+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:58.714704+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:58.832572+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:58.840974+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:59.248920+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:36:59.438475+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:01.278485+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:01.292562+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:01.511555+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:01.577841+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:01.804217+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:02.766455+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:02.790291+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:02.797810+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:02.825604+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:02.869245+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:02.874067+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:02.889424+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:02.908066+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:04.672471+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:04.881429+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:04.909051+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:05.485377+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:05.515854+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:05.523966+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:05.544634+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:05.555790+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:05.599383+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:06.647339+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:06.689672+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:06.763784+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:06.774978+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:06.845811+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:07.250295+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:08.397857+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:08.728999+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:08.846567+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:08.894785+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:09.088942+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:09.114060+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:10.719231+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:10.840833+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:10.884266+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:10.889102+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:10.893901+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:11.134121+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:11.147334+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:11.181298+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:11.268032+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:11.654031+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:12.747898+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:12.767282+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:12.791863+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:13.003132+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:13.032853+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:13.037699+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:13.340055+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:14.724768+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:14.744326+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:14.831820+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:14.842894+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:14.851570+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:15.053333+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:15.080187+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:15.131434+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:15.144400+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:16.972910+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:17.190728+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:19.059596+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:20.860165+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:20.878215+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:20.976663+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:21.011300+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:21.111981+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:21.145135+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:21.212710+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:21.346113+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:21.670922+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:22.007056+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:22.880769+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:22.895829+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:22.909496+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:22.937113+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:24.349145+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:24.784533+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:24.885500+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:24.931192+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:24.994330+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:25.302722+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:25.672807+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:25.686124+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:26.797480+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:26.822198+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:26.862031+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:26.971043+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:27.004638+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:27.365554+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:27.437353+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:27.483785+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:30.830949+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:30.887305+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:30.990861+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:31.086014+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:32.819906+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:32.830973+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:32.845462+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:33.212054+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:33.229276+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:35.223052+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:36.902846+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:37.104705+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:37.114989+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:38.755516+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:38.817738+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:38.897046+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:38.973776+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:39.100935+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:39.642221+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:41.182556+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:41.282076+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:41.287137+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:42.998110+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:44.270109+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:44.780889+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:45.374845+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:47.353713+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:47.720507+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:47.746633+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:48.093148+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:50.696335+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:50.789022+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:50.892864+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:50.922944+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:51.617468+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:53.038449+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:53.063126+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:53.176291+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:53.500220+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:53.505118+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:56.696004+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:56.885883+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:57.288104+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:37:59.693778+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP
              2025-01-07T20:38:01.441663+010028528731Malware Command and Control Activity Detected192.168.2.449730172.190.167.1077000TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: NzL6O1Q.exeAvira: detected
              Antivirus detection for dropped file
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeAvira: detection malicious, Label: TR/Dropper.Gen2
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeAvira: detection malicious, Label: TR/Dropper.Gen2
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeReversingLabs: Detection: 52%
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeReversingLabs: Detection: 52%
              Multi AV Scanner detection for submitted file
              Source: NzL6O1Q.exeReversingLabs: Detection: 52%
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Machine Learning detection for dropped file
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeJoe Sandbox ML: detected
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeJoe Sandbox ML: detected
              Machine Learning detection for sample
              Source: NzL6O1Q.exeJoe Sandbox ML: detected
              Source: NzL6O1Q.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: NzL6O1Q.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeFile opened: C:\Users\user\AppData\Jump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeFile opened: C:\Users\user\Jump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.4:49730 -> 172.190.167.107:7000
              Source: Network trafficSuricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.4:49730 -> 172.190.167.107:7000
              Source: Network trafficSuricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 172.190.167.107:7000 -> 192.168.2.4:49730
              Source: Network trafficSuricata IDS: 2852874 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 : 172.190.167.107:7000 -> 192.168.2.4:49730
              Source: Joe Sandbox ViewASN Name: ATT-INTERNET4US ATT-INTERNET4US
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: unknownTCP traffic detected without corresponding DNS query: 172.190.167.107
              Source: global trafficDNS traffic detected: DNS query: appengine.google.com
              Source: NzL6O1Q.exe, 0000000B.00000002.2313461099.0000000000F2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.mic
              Source: NzL6O1Q.exe, 00000000.00000002.4097980583.00000000024D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: NzL6O1Q.exe, 00000004.00000002.1728956226.000000000309D000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 00000005.00000002.1799901272.000000000285D000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 00000007.00000002.1881805906.00000000027CD000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 0000000B.00000002.2314020948.0000000002DCD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.
              Source: NzL6O1Q.exe, 00000000.00000002.4097980583.00000000024D1000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 00000003.00000002.1689152403.0000000002641000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 00000004.00000002.1728956226.0000000003051000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 00000005.00000002.1799901272.0000000002811000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 00000007.00000002.1881805906.0000000002781000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 0000000A.00000002.1963300032.0000000003181000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 0000000B.00000002.2314020948.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 0000000D.00000002.4097543046.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: NzL6O1Q.exe, type: SAMPLEMatched rule: Finds XWorm v2 samples based on characteristic strings Author: Sekoia.io
              Source: 0.0.NzL6O1Q.exe.250000.0.unpack, type: UNPACKEDPEMatched rule: Finds XWorm v2 samples based on characteristic strings Author: Sekoia.io
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe, type: DROPPEDMatched rule: Finds XWorm v2 samples based on characteristic strings Author: Sekoia.io
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe, type: DROPPEDMatched rule: Finds XWorm v2 samples based on characteristic strings Author: Sekoia.io
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe, type: DROPPEDMatched rule: Finds XWorm v2 samples based on characteristic strings Author: Sekoia.io
              .NET source code contains very large strings
              Source: NzL6O1Q.exe, Settings.csLong String: Length: 32327
              Source: NzL6O1Q.exe, Settings.csLong String: Length: 32327
              Source: NzL6O1Q.exe, Settings.csLong String: Length: 32327
              Source: NzL6O1Q.exe, BankAccount.csLong String: Length: 32327
              Source: NzL6O1Q.exe, BankAccount.csLong String: Length: 32327
              Source: NzL6O1Q.exe, BankAccount.csLong String: Length: 32327
              Source: NzL6O1Q.exe, BankAccount.csLong String: Length: 32327
              Source: NzL6O1Q.exe, BankAccount.csLong String: Length: 32327
              Source: NzL6O1Q.exe, Person.csLong String: Length: 32327
              Source: NzL6O1Q.exe.0.dr, Settings.csLong String: Length: 32327
              Source: NzL6O1Q.exe.0.dr, Settings.csLong String: Length: 32327
              Source: NzL6O1Q.exe.0.dr, Settings.csLong String: Length: 32327
              Source: NzL6O1Q.exe.0.dr, BankAccount.csLong String: Length: 32327
              Source: NzL6O1Q.exe.0.dr, BankAccount.csLong String: Length: 32327
              Source: NzL6O1Q.exe.0.dr, BankAccount.csLong String: Length: 32327
              Source: NzL6O1Q.exe.0.dr, BankAccount.csLong String: Length: 32327
              Source: NzL6O1Q.exe.0.dr, BankAccount.csLong String: Length: 32327
              Source: NzL6O1Q.exe.0.dr, Person.csLong String: Length: 32327
              Source: NzL6O1Q.exe0.0.dr, Settings.csLong String: Length: 32327
              Source: NzL6O1Q.exe0.0.dr, Settings.csLong String: Length: 32327
              Source: NzL6O1Q.exe0.0.dr, Settings.csLong String: Length: 32327
              Source: NzL6O1Q.exe0.0.dr, BankAccount.csLong String: Length: 32327
              Source: NzL6O1Q.exe0.0.dr, BankAccount.csLong String: Length: 32327
              Source: NzL6O1Q.exe0.0.dr, BankAccount.csLong String: Length: 32327
              Source: NzL6O1Q.exe0.0.dr, BankAccount.csLong String: Length: 32327
              Source: NzL6O1Q.exe0.0.dr, BankAccount.csLong String: Length: 32327
              Source: NzL6O1Q.exe0.0.dr, Person.csLong String: Length: 32327
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess Stats: CPU usage > 49%
              Source: C:\Users\user\Desktop\NzL6O1Q.exeCode function: 0_2_00007FFD9B8864160_2_00007FFD9B886416
              Source: C:\Users\user\Desktop\NzL6O1Q.exeCode function: 0_2_00007FFD9B8871C20_2_00007FFD9B8871C2
              Source: NzL6O1Q.exe, 00000000.00000000.1647120534.00000000002C3000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameupdates.exe4 vs NzL6O1Q.exe
              Source: NzL6O1Q.exe, 00000003.00000002.1688646334.00000000007EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs NzL6O1Q.exe
              Source: NzL6O1Q.exeBinary or memory string: OriginalFilenameupdates.exe4 vs NzL6O1Q.exe
              Source: NzL6O1Q.exe.0.drBinary or memory string: OriginalFilenameupdates.exe4 vs NzL6O1Q.exe
              Source: NzL6O1Q.exe0.0.drBinary or memory string: OriginalFilenameupdates.exe4 vs NzL6O1Q.exe
              Source: NzL6O1Q.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: NzL6O1Q.exe, type: SAMPLEMatched rule: rat_win_xworm_v2 author = Sekoia.io, description = Finds XWorm v2 samples based on characteristic strings, creation_date = 2022-11-07, classification = TLP:CLEAR, version = 1.0, reference = https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/, id = 6cf06f52-0337-415d-8f29-f63d67e228f8
              Source: 0.0.NzL6O1Q.exe.250000.0.unpack, type: UNPACKEDPEMatched rule: rat_win_xworm_v2 author = Sekoia.io, description = Finds XWorm v2 samples based on characteristic strings, creation_date = 2022-11-07, classification = TLP:CLEAR, version = 1.0, reference = https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/, id = 6cf06f52-0337-415d-8f29-f63d67e228f8
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe, type: DROPPEDMatched rule: rat_win_xworm_v2 author = Sekoia.io, description = Finds XWorm v2 samples based on characteristic strings, creation_date = 2022-11-07, classification = TLP:CLEAR, version = 1.0, reference = https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/, id = 6cf06f52-0337-415d-8f29-f63d67e228f8
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe, type: DROPPEDMatched rule: rat_win_xworm_v2 author = Sekoia.io, description = Finds XWorm v2 samples based on characteristic strings, creation_date = 2022-11-07, classification = TLP:CLEAR, version = 1.0, reference = https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/, id = 6cf06f52-0337-415d-8f29-f63d67e228f8
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe, type: DROPPEDMatched rule: rat_win_xworm_v2 author = Sekoia.io, description = Finds XWorm v2 samples based on characteristic strings, creation_date = 2022-11-07, classification = TLP:CLEAR, version = 1.0, reference = https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/, id = 6cf06f52-0337-415d-8f29-f63d67e228f8
              Source: NzL6O1Q.exe, Helper.csCryptographic APIs: 'TransformFinalBlock'
              Source: NzL6O1Q.exe, Helper.csCryptographic APIs: 'TransformFinalBlock'
              Source: NzL6O1Q.exe.0.dr, Helper.csCryptographic APIs: 'TransformFinalBlock'
              Source: NzL6O1Q.exe.0.dr, Helper.csCryptographic APIs: 'TransformFinalBlock'
              Source: NzL6O1Q.exe0.0.dr, Helper.csCryptographic APIs: 'TransformFinalBlock'
              Source: NzL6O1Q.exe0.0.dr, Helper.csCryptographic APIs: 'TransformFinalBlock'
              Source: NzL6O1Q.exe0.0.dr, Helper.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
              Source: NzL6O1Q.exe0.0.dr, Helper.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: NzL6O1Q.exe.0.dr, Helper.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
              Source: NzL6O1Q.exe.0.dr, Helper.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: NzL6O1Q.exe, Helper.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
              Source: NzL6O1Q.exe, Helper.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: classification engineClassification label: mal100.troj.adwa.evad.winEXE@11/5@2/2
              Source: C:\Users\user\Desktop\NzL6O1Q.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeMutant created: NULL
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7344:120:WilError_03
              Source: C:\Users\user\Desktop\NzL6O1Q.exeMutant created: \Sessions\1\BaseNamedObjects\zqSMCisGkvTtWK5F
              Source: NzL6O1Q.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: NzL6O1Q.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
              Source: C:\Users\user\Desktop\NzL6O1Q.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: NzL6O1Q.exeReversingLabs: Detection: 52%
              Source: C:\Users\user\Desktop\NzL6O1Q.exeFile read: C:\Users\user\Desktop\NzL6O1Q.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\NzL6O1Q.exe "C:\Users\user\Desktop\NzL6O1Q.exe"
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "NzL6O1Q" /tr "C:\Users\user\AppData\Roaming\NzL6O1Q.exe"
              Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: unknownProcess created: C:\Users\user\AppData\Roaming\NzL6O1Q.exe C:\Users\user\AppData\Roaming\NzL6O1Q.exe
              Source: unknownProcess created: C:\Users\user\AppData\Roaming\NzL6O1Q.exe C:\Users\user\AppData\Roaming\NzL6O1Q.exe
              Source: unknownProcess created: C:\Users\user\AppData\Roaming\NzL6O1Q.exe "C:\Users\user\AppData\Roaming\NzL6O1Q.exe"
              Source: unknownProcess created: C:\Users\user\AppData\Roaming\NzL6O1Q.exe "C:\Users\user\AppData\Roaming\NzL6O1Q.exe"
              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe"
              Source: unknownProcess created: C:\Users\user\AppData\Roaming\NzL6O1Q.exe C:\Users\user\AppData\Roaming\NzL6O1Q.exe
              Source: unknownProcess created: C:\Users\user\AppData\Roaming\NzL6O1Q.exe C:\Users\user\AppData\Roaming\NzL6O1Q.exe
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "NzL6O1Q" /tr "C:\Users\user\AppData\Roaming\NzL6O1Q.exe"Jump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: avicap32.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: msvfw32.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\InProcServer32Jump to behavior
              Source: NzL6O1Q.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: NzL6O1Q.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

              Data Obfuscation

              barindex
              .NET source code contains potential unpacker
              Source: NzL6O1Q.exe, Helper.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
              Source: NzL6O1Q.exe.0.dr, Helper.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
              Source: NzL6O1Q.exe0.0.dr, Helper.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
              Source: C:\Users\user\Desktop\NzL6O1Q.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeJump to dropped file
              Source: C:\Users\user\Desktop\NzL6O1Q.exeFile created: C:\Users\user\AppData\Roaming\NzL6O1Q.exeJump to dropped file

              Boot Survival

              barindex
              Drops PE files to the startup folder
              Source: C:\Users\user\Desktop\NzL6O1Q.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeJump to dropped file
              Uses schtasks.exe or at.exe to add and modify task schedules
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "NzL6O1Q" /tr "C:\Users\user\AppData\Roaming\NzL6O1Q.exe"
              Source: C:\Users\user\Desktop\NzL6O1Q.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe\:Zone.Identifier:$DATAJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NzL6O1QJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NzL6O1QJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeMemory allocated: 800000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeMemory allocated: 1A4D0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeMemory allocated: B10000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeMemory allocated: 1A640000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeMemory allocated: 1350000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeMemory allocated: 1B050000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeMemory allocated: 2680000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeMemory allocated: 1A810000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeMemory allocated: C70000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeMemory allocated: 1A780000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeMemory allocated: 1410000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeMemory allocated: 1B180000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeMemory allocated: 1210000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeMemory allocated: 1AD80000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeMemory allocated: 10A0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeMemory allocated: 1AAA0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeWindow / User API: threadDelayed 7070Jump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeWindow / User API: threadDelayed 2751Jump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exe TID: 7512Thread sleep count: 31 > 30Jump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exe TID: 7512Thread sleep time: -28592453314249787s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exe TID: 7520Thread sleep count: 7070 > 30Jump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exe TID: 7520Thread sleep count: 2751 > 30Jump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exe TID: 7420Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exe TID: 7484Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exe TID: 7620Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exe TID: 7840Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe TID: 7984Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exe TID: 4588Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Users\user\Desktop\NzL6O1Q.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeFile opened: C:\Users\user\AppData\Jump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeFile opened: C:\Users\user\Jump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
              Source: NzL6O1Q.exe, 00000007.00000002.1881316037.00000000009D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll)?
              Source: NzL6O1Q.exe, 0000000B.00000002.2313461099.0000000000EF9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: NzL6O1Q.exe, 0000000A.00000002.1962900600.00000000014D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll~~4
              Source: NzL6O1Q.exe, 00000000.00000002.4097058203.00000000008DB000.00000004.00000020.00020000.00000000.sdmp, NzL6O1Q.exe, 00000003.00000002.1688646334.000000000088C000.00000004.00000020.00020000.00000000.sdmp, NzL6O1Q.exe, 00000004.00000002.1727160097.00000000012F7000.00000004.00000020.00020000.00000000.sdmp, NzL6O1Q.exe, 00000005.00000002.1799277801.00000000009BA000.00000004.00000020.00020000.00000000.sdmp, NzL6O1Q.exe, 0000000B.00000002.2313461099.0000000000EF9000.00000004.00000020.00020000.00000000.sdmp, NzL6O1Q.exe, 0000000D.00000002.4096719772.0000000000DA8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeMemory allocated: page read and write | page guardJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "NzL6O1Q" /tr "C:\Users\user\AppData\Roaming\NzL6O1Q.exe"Jump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeQueries volume information: C:\Users\user\Desktop\NzL6O1Q.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeQueries volume information: C:\Users\user\AppData\Roaming\NzL6O1Q.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeQueries volume information: C:\Users\user\AppData\Roaming\NzL6O1Q.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeQueries volume information: C:\Users\user\AppData\Roaming\NzL6O1Q.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeQueries volume information: C:\Users\user\AppData\Roaming\NzL6O1Q.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeQueries volume information: C:\Users\user\AppData\Roaming\NzL6O1Q.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\NzL6O1Q.exeQueries volume information: C:\Users\user\AppData\Roaming\NzL6O1Q.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: C:\Users\user\Desktop\NzL6O1Q.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

              Stealing of Sensitive Information

              barindex
              Yara detected XWorm
              Source: Yara matchFile source: NzL6O1Q.exe, type: SAMPLE
              Source: Yara matchFile source: 0.0.NzL6O1Q.exe.250000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000000.1647097653.0000000000252000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.4097980583.00000000024D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: NzL6O1Q.exe PID: 7252, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe, type: DROPPED

              Remote Access Functionality

              barindex
              Yara detected XWorm
              Source: Yara matchFile source: NzL6O1Q.exe, type: SAMPLE
              Source: Yara matchFile source: 0.0.NzL6O1Q.exe.250000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000000.1647097653.0000000000252000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.4097980583.00000000024D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: NzL6O1Q.exe PID: 7252, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe, type: DROPPED

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
              Windows Management Instrumentation              		1
              Scheduled Task/Job              		11
              Process Injection              		1
              Masquerading              		OS Credential Dumping111
              Security Software Discovery              		Remote Services11
              Archive Collected Data              		1
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts1
              Scheduled Task/Job              		121
              Registry Run Keys / Startup Folder              		1
              Scheduled Task/Job              		1
              Disable or Modify Tools              		LSASS Memory31
              Virtualization/Sandbox Evasion              		Remote Desktop ProtocolData from Removable Media1
              Non-Application Layer Protocol              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAt1
              DLL Side-Loading              		121
              Registry Run Keys / Startup Folder              		31
              Virtualization/Sandbox Evasion              		Security Account Manager1
              Application Window Discovery              		SMB/Windows Admin SharesData from Network Shared Drive1
              Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
              DLL Side-Loading              		11
              Process Injection              		NTDS2
              File and Directory Discovery              		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Deobfuscate/Decode Files or Information              		LSA Secrets13
              System Information Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              Software Packing              		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              DLL Side-Loading              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              NzL6O1Q.exe53%ReversingLabsByteCode-MSIL.Trojan.Zilla
              NzL6O1Q.exe100%AviraTR/Dropper.Gen2
              NzL6O1Q.exe100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe100%AviraTR/Dropper.Gen2
              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe100%AviraTR/Dropper.Gen2
              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe53%ReversingLabsByteCode-MSIL.Trojan.Zilla
              C:\Users\user\AppData\Roaming\NzL6O1Q.exe53%ReversingLabsByteCode-MSIL.Trojan.Zilla

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://www.w3.0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              www3.l.google.com
              		142.250.185.78
              		truefalse
                		high
                appengine.google.com
                		unknown
                		unknownfalse
                  		high

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://www.w3.NzL6O1Q.exe, 00000004.00000002.1728956226.000000000309D000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 00000005.00000002.1799901272.000000000285D000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 00000007.00000002.1881805906.00000000027CD000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 0000000B.00000002.2314020948.0000000002DCD000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://google.comNzL6O1Q.exe, 00000000.00000002.4097980583.00000000024D1000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 00000003.00000002.1689152403.0000000002641000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 00000004.00000002.1728956226.0000000003051000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 00000005.00000002.1799901272.0000000002811000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 00000007.00000002.1881805906.0000000002781000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 0000000A.00000002.1963300032.0000000003181000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 0000000B.00000002.2314020948.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, NzL6O1Q.exe, 0000000D.00000002.4097543046.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameNzL6O1Q.exe, 00000000.00000002.4097980583.00000000024D1000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://go.micNzL6O1Q.exe, 0000000B.00000002.2313461099.0000000000F2B000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        142.250.185.78
                        		www3.l.google.comUnited States
                        		15169GOOGLEUSfalse
                        172.190.167.107
                        		unknownUnited States
                        		7018ATT-INTERNET4UStrue

                        General Information

                        Joe Sandbox version:41.0.0 Charoite
                        Analysis ID:1585556
                        Start date and time:2025-01-07 20:33:07 +01:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 7m 39s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:14
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:NzL6O1Q.exe
                        Detection:MAL
                        Classification:mal100.troj.adwa.evad.winEXE@11/5@2/2
                        EGA Information:Failed
                        HCA Information:
                        • Successful, ratio: 100%
                        • Number of executed functions: 88
                        • Number of non-executed functions: 0
                        Cookbook Comments:
                        • Found application associated with file extension: .exe
                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                        Warnings

                        • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                        • Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.45
                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                        • Execution Graph export aborted for target NzL6O1Q.exe, PID 3168 because it is empty
                        • Execution Graph export aborted for target NzL6O1Q.exe, PID 7252 because it is empty
                        • Execution Graph export aborted for target NzL6O1Q.exe, PID 7400 because it is empty
                        • Execution Graph export aborted for target NzL6O1Q.exe, PID 7440 because it is empty
                        • Execution Graph export aborted for target NzL6O1Q.exe, PID 7464 because it is empty
                        • Execution Graph export aborted for target NzL6O1Q.exe, PID 7596 because it is empty
                        • Execution Graph export aborted for target NzL6O1Q.exe, PID 7812 because it is empty
                        • Execution Graph export aborted for target NzL6O1Q.exe, PID 7964 because it is empty
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        • VT rate limit hit for: NzL6O1Q.exe

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        14:34:01API Interceptor8500919x Sleep call for process: NzL6O1Q.exe modified
                        19:33:57Task SchedulerRun new task: NzL6O1Q path: C:\Users\user\AppData\Roaming\NzL6O1Q.exe
                        19:34:00AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run NzL6O1Q C:\Users\user\AppData\Roaming\NzL6O1Q.exe
                        19:34:09AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run NzL6O1Q C:\Users\user\AppData\Roaming\NzL6O1Q.exe
                        19:34:17AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe

                        Joe Sandbox View / Context

                        IPs

                        No context

                        Domains

                        No context

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        ATT-INTERNET4USbotnet.spc.elfGet hashmaliciousMirai, MoobotBrowse
                        • 108.246.189.110
                        miori.arm5.elfGet hashmaliciousUnknownBrowse
                        • 75.40.129.170
                        miori.m68k.elfGet hashmaliciousUnknownBrowse
                        • 67.122.7.190
                        miori.arm5.elfGet hashmaliciousUnknownBrowse
                        • 99.14.76.225
                        miori.sh4.elfGet hashmaliciousUnknownBrowse
                        • 99.2.248.222
                        miori.m68k.elfGet hashmaliciousUnknownBrowse
                        • 99.154.208.225
                        miori.arm.elfGet hashmaliciousUnknownBrowse
                        • 12.198.36.145
                        sora.sh4.elfGet hashmaliciousMiraiBrowse
                        • 99.78.85.28
                        sora.mpsl.elfGet hashmaliciousMiraiBrowse
                        • 107.218.72.205
                        sora.spc.elfGet hashmaliciousMiraiBrowse
                        • 74.180.16.48

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        No context

                        Created / dropped Files

                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\NzL6O1Q.exe.log

                        Download File
                        Process:C:\Users\user\AppData\Roaming\NzL6O1Q.exe
                        File Type:CSV text
                        Category:dropped
                        Size (bytes):1076
                        Entropy (8bit):5.370431226217922
                        Encrypted:false
                        SSDEEP:24:ML9E4KQwKDE4KGKZI6Kh6+84xp3/VclSKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6o6+vxp3/elStHTHhAHW
                        MD5:D603D2ADCDCF6029A48173C1C7CE4BCB
                        SHA1:CB3FDFD78704FE3877DA96B4D62638B3C28D73C7
                        SHA-256:6358CA58034DFBCEFF0B7A53ACAF24FDEAD10AFCB48411183DE774732E5B7723
                        SHA-512:C1682C6845011CE79A6BC53738E3A190B91695DAA48EA82EAFEFBE6E90F1DF4D9928A499D398B4932B7528228E76397CBAD4FF39F859AE7903BEB51451EE1B7D
                        Malicious:true
                        Reputation:low
                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\04de61553901f06e2f763b6f03a6f65a\Microsoft.VisualBasic.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0

                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe

                        Download File
                        Process:C:\Users\user\Desktop\NzL6O1Q.exe
                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                        Category:dropped
                        Size (bytes):482304
                        Entropy (8bit):3.1342365717789904
                        Encrypted:false
                        SSDEEP:3072:4FAvjMvA4v2Oh9R8DZqYplTTiX5Ak6kGyR8W5lHbRAnEmmOJOh4Zg:NjMvA4fh9qDZqYOXYyRR5lb2nEQj
                        MD5:D22612D2899FC888514C3CA553B49F79
                        SHA1:6DBA3A3B96225FE24229F1B39509A503547D1401
                        SHA-256:B2ACD91FDCEF767FA027519E3BE0F61CE027C8BDF57027E2C161257DFA5D6543
                        SHA-512:9DF54DF59FE341C0719C0D329DB4D2810DE385F133E210D6046DEB06F94BC3A3C5591A7E52906F91E93DAFB2ADC110021354FDA505B64A974274DC03E83ED4C9
                        Malicious:true
                        Yara Hits:
                        • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe, Author: Joe Security
                        • Rule: rat_win_xworm_v2, Description: Finds XWorm v2 samples based on characteristic strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe, Author: Sekoia.io
                        • Rule: rat_win_xworm_v2, Description: Finds XWorm v2 samples based on characteristic strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe, Author: Sekoia.io
                        • Rule: rat_win_xworm_v2, Description: Finds XWorm v2 samples based on characteristic strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe, Author: Sekoia.io
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        • Antivirus: ReversingLabs, Detection: 53%
                        Reputation:low
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....t}g................................. ........@.. ....................................@.................................X...S................................................................................... ............... ..H............text........ ...................... ..`.rsrc..............................@..@.reloc...............Z..............@..B........................H........s..XX......$.....................................................(....*..(....*.s.........s.........s.........s.........*...0..........~....o.....+..*..0..........~....o.....+..*..0..........~....o.....+..*..0..........~....o.....+..*..0............(....(.....+..*....0...........(.....+..*..0...............(.....+..*..0...........(.....+..*..0................-.(...+.+.+...+..*.0.........................*..(....*.0.. .......~.........-.(...+.....~.....+..*..(....*.0..

                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe:Zone.Identifier

                        Download File
                        Process:C:\Users\user\Desktop\NzL6O1Q.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):26
                        Entropy (8bit):3.95006375643621
                        Encrypted:false
                        SSDEEP:3:ggPYV:rPYV
                        MD5:187F488E27DB4AF347237FE461A079AD
                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                        Malicious:true
                        Reputation:high, very likely benign file
                        Preview:[ZoneTransfer]....ZoneId=0

                        C:\Users\user\AppData\Roaming\NzL6O1Q.exe

                        Download File
                        Process:C:\Users\user\Desktop\NzL6O1Q.exe
                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                        Category:dropped
                        Size (bytes):482304
                        Entropy (8bit):3.1342365717789904
                        Encrypted:false
                        SSDEEP:3072:4FAvjMvA4v2Oh9R8DZqYplTTiX5Ak6kGyR8W5lHbRAnEmmOJOh4Zg:NjMvA4fh9qDZqYOXYyRR5lb2nEQj
                        MD5:D22612D2899FC888514C3CA553B49F79
                        SHA1:6DBA3A3B96225FE24229F1B39509A503547D1401
                        SHA-256:B2ACD91FDCEF767FA027519E3BE0F61CE027C8BDF57027E2C161257DFA5D6543
                        SHA-512:9DF54DF59FE341C0719C0D329DB4D2810DE385F133E210D6046DEB06F94BC3A3C5591A7E52906F91E93DAFB2ADC110021354FDA505B64A974274DC03E83ED4C9
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 53%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....t}g................................. ........@.. ....................................@.................................X...S................................................................................... ............... ..H............text........ ...................... ..`.rsrc..............................@..@.reloc...............Z..............@..B........................H........s..XX......$.....................................................(....*..(....*.s.........s.........s.........s.........*...0..........~....o.....+..*..0..........~....o.....+..*..0..........~....o.....+..*..0..........~....o.....+..*..0............(....(.....+..*....0...........(.....+..*..0...............(.....+..*..0...........(.....+..*..0................-.(...+.+.+...+..*.0.........................*..(....*.0.. .......~.........-.(...+.....~.....+..*..(....*.0..

                        C:\Users\user\AppData\Roaming\NzL6O1Q.exe:Zone.Identifier

                        Download File
                        Process:C:\Users\user\Desktop\NzL6O1Q.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):26
                        Entropy (8bit):3.95006375643621
                        Encrypted:false
                        SSDEEP:3:ggPYV:rPYV
                        MD5:187F488E27DB4AF347237FE461A079AD
                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                        Malicious:true
                        Preview:[ZoneTransfer]....ZoneId=0

                        Static File Info

                        General

                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                        Entropy (8bit):3.1342365717789904
                        TrID:
                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                        • Win32 Executable (generic) a (10002005/4) 49.78%
                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                        • Generic Win/DOS Executable (2004/3) 0.01%
                        • DOS Executable Generic (2002/1) 0.01%
                        File name:NzL6O1Q.exe
                        File size:482'304 bytes
                        MD5:d22612d2899fc888514c3ca553b49f79
                        SHA1:6dba3a3b96225fe24229f1b39509a503547d1401
                        SHA256:b2acd91fdcef767fa027519e3be0f61ce027c8bdf57027e2c161257dfa5d6543
                        SHA512:9df54df59fe341c0719c0d329db4d2810de385f133e210d6046deb06f94bc3a3c5591a7e52906f91e93dafb2adc110021354fda505b64a974274dc03e83ed4c9
                        SSDEEP:3072:4FAvjMvA4v2Oh9R8DZqYplTTiX5Ak6kGyR8W5lHbRAnEmmOJOh4Zg:NjMvA4fh9qDZqYOXYyRR5lb2nEQj
                        TLSH:C5A420173EE66038F37B6EBF0A94B199497EBE2256C9A05A340DF30E4E35E41CD41672
                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....t}g................................. ........@.. ....................................@................................

                        File Icon

                        Icon Hash:33d8989292d8d827

                        Static PE Info

                        General

                        Entrypoint:0x41cbae
                        Entrypoint Section:.text
                        Digitally signed:false
                        Imagebase:0x400000
                        Subsystem:windows gui
                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                        Time Stamp:0x677D74A0 [Tue Jan 7 18:38:24 2025 UTC]
                        TLS Callbacks:
                        CLR (.Net) Version:
                        OS Version Major:4
                        OS Version Minor:0
                        File Version Major:4
                        File Version Minor:0
                        Subsystem Version Major:4
                        Subsystem Version Minor:0
                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                        Entrypoint Preview

                        Instruction
                        jmp dword ptr [00402000h]
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al

                        Data Directories

                        NameVirtual AddressVirtual Size Is in Section
                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IMPORT0x1cb580x53.text
                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x1e0000x5abdc.rsrc
                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x7a0000xc.reloc
                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                        Sections

                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                        .text0x20000x1abb40x1ac00c567bb594bde726be34d087c9f37c6a8False0.46295451226635514data4.94476480077628IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        .rsrc0x1e0000x5abdc0x5ac000c87055b2a4648d7538ea95d7cdc67a1False0.0315513085399449data2.177821274774719IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                        .reloc0x7a0000xc0x200f13c7a08cc134ef9abd5e6582a51fab8False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                        Resources

                        NameRVASizeTypeLanguageCountryZLIB Complexity
                        RT_ICON0x1e2200x42028Device independent bitmap graphic, 256 x 512 x 32, image size 262144, resolution 2835 x 2835 px/m0.02073039027132586
                        RT_ICON0x602480x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m0.2632978723404255
                        RT_ICON0x606b00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m0.09398340248962656
                        RT_ICON0x62c580x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m0.15806754221388367
                        RT_ICON0x63d000x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/m0.03714657518040932
                        RT_ICON0x745280x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m0.07345299952763344
                        RT_GROUP_ICON0x787500x5adata0.7111111111111111
                        RT_VERSION0x787ac0x244data0.4706896551724138
                        RT_MANIFEST0x789f00x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041

                        Imports

                        DLLImport
                        mscoree.dll_CorExeMain

                        Network Behavior

                        Suricata IDS Alerts

                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                        2025-01-07T20:34:15.273416+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:34:15.273416+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:34:27.850434+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:34:27.850434+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:34:28.286017+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.190.167.1077000192.168.2.449730TCP
                        2025-01-07T20:34:28.286017+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21172.190.167.1077000192.168.2.449730TCP
                        2025-01-07T20:34:40.430199+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:34:40.430199+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:34:52.999720+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:34:52.999720+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:34:58.277959+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.190.167.1077000192.168.2.449730TCP
                        2025-01-07T20:34:58.277959+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21172.190.167.1077000192.168.2.449730TCP
                        2025-01-07T20:35:05.569040+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:05.569040+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:14.973199+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:14.973199+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:16.710476+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:16.710476+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:16.897645+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:16.897645+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:17.308440+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:17.308440+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:18.687254+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:18.687254+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:18.847383+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:18.847383+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:19.985337+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:19.985337+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:20.115931+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:20.115931+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:22.717430+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:22.717430+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:23.028145+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:23.028145+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:23.091102+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:23.091102+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:23.299484+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:23.299484+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:23.706269+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:23.706269+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:24.969002+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:24.969002+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:25.468727+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:25.468727+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:25.855584+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:25.855584+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:25.860461+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:25.860461+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:25.900070+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:25.900070+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:25.983717+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:25.983717+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:28.026031+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:28.026031+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:28.283592+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.190.167.1077000192.168.2.449730TCP
                        2025-01-07T20:35:28.283592+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21172.190.167.1077000192.168.2.449730TCP
                        2025-01-07T20:35:28.510329+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.190.167.1077000192.168.2.449730TCP
                        2025-01-07T20:35:28.510329+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21172.190.167.1077000192.168.2.449730TCP
                        2025-01-07T20:35:29.379136+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:29.379136+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:29.576341+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:29.576341+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:29.678305+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:29.678305+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:31.371582+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:31.371582+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:31.393385+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:31.393385+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:32.080418+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:32.080418+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:34.365844+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:34.365844+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:34.722494+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:34.722494+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:34.921671+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:34.921671+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:36.084602+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:36.084602+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:36.617666+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:36.617666+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:36.637427+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:36.637427+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:36.709347+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:36.709347+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:37.177555+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:37.177555+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:37.290485+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:37.290485+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:37.964097+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:37.964097+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:38.524895+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:38.524895+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:38.902504+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:38.902504+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:39.414534+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:39.414534+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:43.388518+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:43.388518+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:44.996629+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:44.996629+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:45.388110+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:45.388110+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:46.972307+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:46.972307+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:47.021153+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:47.021153+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:47.049949+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:47.049949+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:47.062056+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:47.062056+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:47.069603+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:47.069603+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:47.174246+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:47.174246+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:48.654598+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:48.654598+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:48.722238+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:48.722238+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:52.723743+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:52.723743+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:53.097613+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:53.097613+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:35:58.303410+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.190.167.1077000192.168.2.449730TCP
                        2025-01-07T20:35:58.303410+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21172.190.167.1077000192.168.2.449730TCP
                        2025-01-07T20:36:01.256647+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:01.256647+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:02.969863+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:02.969863+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:04.550779+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:04.550779+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:04.613642+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:04.613642+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:05.045612+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:05.045612+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:05.059809+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:05.059809+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:05.265203+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:05.265203+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:05.510699+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:05.510699+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:05.531191+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:05.531191+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:07.119151+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:07.119151+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:07.365904+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:07.365904+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:07.584845+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:07.584845+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:08.840640+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:08.840640+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:09.032874+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:09.032874+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:09.065500+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:09.065500+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:09.077075+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:09.077075+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:09.225449+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:09.225449+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:09.456790+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:09.456790+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:10.449394+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:10.449394+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:10.745948+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:10.745948+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:10.837611+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:10.837611+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:10.885622+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:10.885622+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:10.944599+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:10.944599+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:11.009713+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:11.009713+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:11.088919+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:11.088919+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:11.267069+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:11.267069+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:11.441222+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:11.441222+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:11.487426+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:11.487426+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:11.549121+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:11.549121+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:12.619647+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:12.619647+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:12.654489+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:12.654489+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:12.747529+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:12.747529+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:12.811923+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:12.811923+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:12.953914+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:12.953914+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:12.965425+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:12.965425+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:12.982573+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:12.982573+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:12.994382+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:12.994382+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:13.000665+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:13.000665+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:13.007440+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:13.007440+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:13.012860+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:13.012860+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:13.270285+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:13.270285+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:13.284618+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:13.284618+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:13.355812+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:13.355812+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:13.365559+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:13.365559+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:14.675411+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:14.675411+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:15.066763+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:15.066763+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:15.126497+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:15.126497+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:16.653539+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:16.653539+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:17.498518+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:17.498518+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:18.002419+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:18.002419+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:19.314042+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:19.314042+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:20.759948+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:20.759948+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:20.773382+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:20.773382+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:21.967936+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:21.967936+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:22.597037+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:22.597037+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:23.168438+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:23.168438+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:23.290026+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:23.290026+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:24.924293+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:24.924293+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:26.276483+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:26.276483+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:26.599064+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:26.599064+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:26.698384+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:26.698384+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:26.923845+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:26.923845+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:26.998576+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:26.998576+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:27.583404+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:27.583404+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:28.294378+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.190.167.1077000192.168.2.449730TCP
                        2025-01-07T20:36:28.294378+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21172.190.167.1077000192.168.2.449730TCP
                        2025-01-07T20:36:28.690494+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:28.690494+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:28.865964+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:28.865964+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:29.053465+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:29.053465+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:29.227254+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:29.227254+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:29.376869+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:29.376869+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:29.407280+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:29.407280+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:30.704776+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:30.704776+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:30.775076+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:30.775076+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:30.820927+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:30.820927+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:32.086397+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:32.086397+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:32.873946+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:32.873946+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:32.886189+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:32.886189+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:34.392485+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:34.392485+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:34.455340+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:34.455340+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:34.665870+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:34.665870+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:35.091768+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:35.091768+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:35.338361+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:35.338361+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:36.731064+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:36.731064+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:36.939458+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:36.939458+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:36.996559+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:36.996559+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:37.412006+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:37.412006+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:37.446098+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:37.446098+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:37.473383+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:37.473383+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:37.479987+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:37.479987+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:38.020408+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:38.020408+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:39.520330+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:39.520330+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:41.323242+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:41.323242+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:41.494491+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:41.494491+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:42.550867+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:42.550867+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:42.684740+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:42.684740+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:42.813760+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:42.813760+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:42.983029+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:42.983029+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:43.030337+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:43.030337+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:43.041616+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:43.041616+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:44.710226+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:44.710226+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:44.734228+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:44.734228+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:44.739204+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:44.739204+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:44.803416+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:44.803416+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:44.975118+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:44.975118+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:45.013650+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:45.013650+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:45.361468+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:45.361468+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:45.406159+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:45.406159+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:45.534574+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:45.534574+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:45.551837+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:45.551837+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:47.271034+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:47.271034+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:49.627730+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:49.627730+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:49.634973+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:49.634973+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:50.474431+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:50.474431+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:50.855088+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:50.855088+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:50.864692+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:50.864692+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:50.880035+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:50.880035+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:50.983555+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:50.983555+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:51.263925+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:51.263925+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:52.863963+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:52.863963+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:52.921251+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:52.921251+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:53.930202+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:53.930202+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:54.715422+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:54.715422+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:54.753534+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:54.753534+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:54.838433+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:54.838433+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:54.850212+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:54.850212+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:55.034614+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:55.034614+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:55.041074+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:55.041074+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:55.045897+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:55.045897+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:55.050666+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:55.050666+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:55.085506+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:55.085506+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:55.528049+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:55.528049+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:55.559187+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:55.559187+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:56.746279+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:56.746279+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:56.832253+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:56.832253+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:56.837462+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:56.837462+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:56.844606+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:56.844606+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:57.579945+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:57.579945+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:57.645754+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:57.645754+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:58.261400+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:58.261400+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:58.293256+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.190.167.1077000192.168.2.449730TCP
                        2025-01-07T20:36:58.293256+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21172.190.167.1077000192.168.2.449730TCP
                        2025-01-07T20:36:58.302354+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:58.302354+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:58.714704+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:58.714704+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:58.832572+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:58.832572+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:58.840974+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:58.840974+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:59.248920+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:59.248920+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:59.438475+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:36:59.438475+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:01.278485+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:01.278485+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:01.292562+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:01.292562+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:01.511555+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:01.511555+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:01.577841+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:01.577841+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:01.804217+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:01.804217+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:02.766455+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:02.766455+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:02.790291+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:02.790291+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:02.797810+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:02.797810+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:02.825604+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:02.825604+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:02.869245+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:02.869245+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:02.874067+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:02.874067+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:02.889424+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:02.889424+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:02.908066+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:02.908066+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:04.672471+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:04.672471+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:04.881429+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:04.881429+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:04.909051+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:04.909051+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:05.485377+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:05.485377+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:05.515854+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:05.515854+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:05.523966+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:05.523966+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:05.544634+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:05.544634+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:05.555790+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:05.555790+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:05.599383+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:05.599383+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:06.647339+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:06.647339+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:06.689672+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:06.689672+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:06.763784+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:06.763784+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:06.774978+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:06.774978+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:06.845811+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:06.845811+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:07.250295+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:07.250295+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:08.397857+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:08.397857+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:08.728999+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:08.728999+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:08.846567+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:08.846567+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:08.894785+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:08.894785+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:09.088942+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:09.088942+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:09.114060+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:09.114060+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:10.719231+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:10.719231+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:10.840833+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:10.840833+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:10.884266+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:10.884266+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:10.889102+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:10.889102+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:10.893901+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:10.893901+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:11.134121+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:11.134121+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:11.147334+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:11.147334+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:11.181298+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:11.181298+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:11.268032+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:11.268032+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:11.654031+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:11.654031+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:12.747898+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:12.747898+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:12.767282+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:12.767282+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:12.791863+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:12.791863+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:13.003132+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:13.003132+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:13.032853+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:13.032853+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:13.037699+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:13.037699+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:13.340055+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:13.340055+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:14.724768+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:14.724768+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:14.744326+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:14.744326+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:14.831820+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:14.831820+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:14.842894+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:14.842894+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:14.851570+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:14.851570+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:15.053333+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:15.053333+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:15.080187+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:15.080187+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:15.131434+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:15.131434+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:15.144400+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:15.144400+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:16.972910+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:16.972910+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:17.190728+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:17.190728+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:19.059596+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:19.059596+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:20.860165+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:20.860165+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:20.878215+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:20.878215+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:20.976663+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:20.976663+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:21.011300+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:21.011300+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:21.111981+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:21.111981+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:21.145135+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:21.145135+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:21.212710+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:21.212710+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:21.346113+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:21.346113+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:21.670922+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:21.670922+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:22.007056+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:22.007056+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:22.880769+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:22.880769+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:22.895829+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:22.895829+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:22.909496+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:22.909496+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:22.937113+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:22.937113+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:24.349145+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:24.349145+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:24.784533+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:24.784533+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:24.885500+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:24.885500+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:24.931192+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:24.931192+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:24.994330+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:24.994330+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:25.302722+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:25.302722+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:25.672807+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:25.672807+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:25.686124+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:25.686124+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:26.797480+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:26.797480+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:26.822198+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:26.822198+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:26.862031+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:26.862031+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:26.971043+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:26.971043+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:27.004638+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:27.004638+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:27.365554+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:27.365554+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:27.437353+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:27.437353+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:27.483785+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:27.483785+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:28.285982+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.190.167.1077000192.168.2.449730TCP
                        2025-01-07T20:37:28.285982+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21172.190.167.1077000192.168.2.449730TCP
                        2025-01-07T20:37:30.830949+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:30.830949+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:30.887305+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:30.887305+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:30.990861+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:30.990861+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:31.086014+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:31.086014+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:32.819906+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:32.819906+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:32.830973+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:32.830973+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:32.845462+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:32.845462+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:33.212054+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:33.212054+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:33.229276+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:33.229276+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:35.223052+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:35.223052+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:36.902846+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:36.902846+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:37.104705+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:37.104705+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:37.114989+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:37.114989+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:38.755516+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:38.755516+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:38.817738+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:38.817738+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:38.897046+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:38.897046+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:38.973776+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:38.973776+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:39.100935+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:39.100935+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:39.642221+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:39.642221+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:41.182556+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:41.182556+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:41.282076+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:41.282076+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:41.287137+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:41.287137+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:42.998110+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:42.998110+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:44.270109+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:44.270109+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:44.780889+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:44.780889+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:45.374845+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:45.374845+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:47.353713+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:47.353713+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:47.720507+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:47.720507+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:47.746633+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:47.746633+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:48.093148+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:48.093148+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:50.696335+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:50.696335+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:50.789022+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:50.789022+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:50.892864+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:50.892864+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:50.922944+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:50.922944+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:51.617468+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:51.617468+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:53.038449+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:53.038449+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:53.063126+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:53.063126+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:53.176291+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:53.176291+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:53.500220+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:53.500220+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:53.505118+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:53.505118+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:56.696004+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:56.696004+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:56.885883+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:56.885883+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:57.288104+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:57.288104+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:58.292489+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.190.167.1077000192.168.2.449730TCP
                        2025-01-07T20:37:58.292489+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21172.190.167.1077000192.168.2.449730TCP
                        2025-01-07T20:37:59.693778+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:37:59.693778+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:38:01.441663+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449730172.190.167.1077000TCP
                        2025-01-07T20:38:01.441663+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730172.190.167.1077000TCP

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Jan 7, 2025 20:34:02.552692890 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:34:02.558223963 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:34:02.558316946 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:34:02.698367119 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:34:02.703169107 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:34:15.273416042 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:34:15.278249979 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:34:27.850434065 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:34:27.855372906 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:34:28.286016941 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:34:28.334266901 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:34:40.430198908 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:34:40.435497046 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:34:52.999720097 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:34:53.004554033 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:34:58.277959108 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:34:58.318742037 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:05.569040060 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:05.573805094 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:14.973198891 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:14.978004932 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:16.710475922 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:16.715270042 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:16.897644997 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:16.903860092 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:17.308439970 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:17.313225031 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:18.687253952 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:18.692106009 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:18.847383022 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:18.852298021 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:19.985337019 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:19.990118027 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:20.115931034 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:20.120738983 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:22.717430115 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:22.723017931 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:23.028145075 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:23.032942057 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:23.091101885 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:23.095942020 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:23.299484015 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:23.304327965 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:23.706269026 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:23.711580038 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:24.969002008 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:24.975672960 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:25.468727112 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:25.473520041 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:25.855583906 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:25.860393047 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:25.860460997 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:25.865282059 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:25.900069952 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:25.904844046 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:25.983716965 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:25.988660097 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:28.026031017 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:28.030803919 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:28.283591986 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:28.506263018 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:28.510329008 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:28.510368109 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:29.379136086 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:29.384176970 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:29.576340914 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:29.581159115 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:29.678304911 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:29.683053970 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:31.371582031 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:31.376477957 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:31.393384933 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:31.398185015 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:32.080418110 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:32.085200071 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:34.365844011 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:34.370732069 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:34.722493887 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:34.727300882 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:34.921670914 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:34.926526070 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:36.084602118 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:36.089411020 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:36.617666006 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:36.622534037 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:36.637427092 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:36.642210007 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:36.709347010 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:36.714133978 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:37.177555084 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:37.182390928 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:37.290484905 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:37.295250893 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:37.964097023 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:37.968955994 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:38.524894953 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:38.529684067 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:38.902503967 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:38.907340050 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:39.414534092 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:39.419342995 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:43.388518095 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:43.393337011 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:44.996629000 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:45.002077103 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:45.388109922 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:45.393004894 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:46.972306967 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:46.977205038 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:47.021152973 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:47.025938034 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:47.049948931 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:47.054721117 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:47.062056065 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:47.066788912 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:47.069602966 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:47.074395895 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:47.174246073 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:47.179006100 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:48.654597998 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:48.659480095 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:48.722238064 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:48.727077961 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:52.723742962 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:52.728600979 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:53.097613096 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:35:53.102433920 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:58.303410053 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:35:58.506354094 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:01.256647110 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:01.261497974 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:02.969862938 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:02.975469112 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:04.550779104 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:04.556579113 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:04.613641977 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:04.618448973 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:05.045612097 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:05.050416946 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:05.059808969 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:05.064544916 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:05.265202999 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:05.270004988 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:05.510699034 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:05.515535116 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:05.531191111 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:05.535958052 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:07.119151115 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:07.125097990 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:07.365904093 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:07.541268110 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:07.584845066 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:07.589665890 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:08.840640068 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:08.871553898 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:09.032874107 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:09.037669897 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:09.065500021 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:09.070240021 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:09.077075005 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:09.081841946 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:09.225449085 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:09.230231047 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:09.456789970 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:09.461554050 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:10.449393988 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:10.454240084 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:10.745948076 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:10.750777960 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:10.837610960 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:10.842375040 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:10.885622025 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:10.890381098 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:10.944598913 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:10.949348927 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:11.009712934 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:11.014538050 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:11.088918924 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:11.093755007 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:11.267069101 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:11.271928072 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:11.441221952 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:11.446023941 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:11.487426043 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:11.492186069 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:11.549120903 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:11.553963900 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:12.619647026 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:12.624408960 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:12.654489040 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:12.659322977 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:12.747529030 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:12.752264023 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:12.811923027 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:12.816703081 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:12.953913927 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:12.958666086 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:12.965425014 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:12.970244884 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:12.982573032 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:12.988115072 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:12.994381905 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:12.999608994 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:13.000664949 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:13.005414009 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:13.007440090 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:13.012723923 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:13.012860060 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:13.018193960 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:13.270284891 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:13.275063992 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:13.284617901 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:13.289438009 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:13.355812073 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:13.360635996 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:13.365559101 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:13.370338917 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:14.675410986 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:14.680325031 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:15.066762924 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:15.071538925 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:15.126497030 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:15.132879972 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:16.653538942 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:16.658400059 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:17.498517990 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:17.503284931 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:18.002418995 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:18.007158041 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:19.314042091 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:19.318859100 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:20.759948015 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:20.764777899 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:20.773381948 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:20.778139114 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:21.967936039 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:21.972721100 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:22.597037077 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:22.601802111 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:23.168437958 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:23.173296928 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:23.290025949 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:23.294876099 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:24.924293041 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:24.929121017 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:26.276483059 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:26.281346083 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:26.599064112 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:26.603950024 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:26.698384047 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:26.703196049 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:26.923845053 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:26.928690910 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:26.998575926 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:27.003372908 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:27.583404064 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:27.588191986 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:28.294378042 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:28.399836063 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:28.690494061 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:28.695300102 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:28.865963936 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:28.870739937 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:29.053464890 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:29.058295012 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:29.227253914 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:29.232105970 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:29.376868963 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:29.381647110 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:29.407279968 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:29.412029028 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:30.704776049 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:30.709578991 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:30.775075912 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:30.779959917 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:30.820926905 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:30.826519012 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:32.086396933 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:32.091178894 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:32.873945951 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:32.878732920 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:32.886188984 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:32.891006947 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:34.392484903 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:34.397260904 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:34.455339909 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:34.460170031 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:34.665869951 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:34.670670033 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:35.091768026 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:35.096580029 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:35.338361025 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:35.343142986 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:36.731064081 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:36.736288071 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:36.939457893 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:36.944266081 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:36.996558905 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:37.001446962 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:37.412005901 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:37.416788101 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:37.446098089 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:37.450942039 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:37.473382950 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:37.478132010 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:37.479986906 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:37.485147953 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:38.020407915 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:38.025172949 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:39.520329952 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:39.525113106 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:41.323241949 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:41.328073978 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:41.494491100 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:41.499346018 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:42.550867081 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:42.555635929 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:42.684740067 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:42.689553022 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:42.813760042 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:42.818583965 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:42.983028889 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:42.987883091 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:43.030337095 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:43.035130024 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:43.041615963 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:43.046360016 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:44.710226059 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:44.715116024 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:44.734227896 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:44.739094973 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:44.739203930 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:44.744069099 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:44.803416014 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:44.808173895 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:44.975117922 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:44.979887009 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:45.013649940 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:45.018388033 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:45.361468077 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:45.366300106 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:45.406158924 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:45.410916090 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:45.534574032 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:45.539398909 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:45.551836967 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:45.556596994 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:47.271034002 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:47.275861979 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:49.627729893 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:49.632515907 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:49.634973049 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:49.639693975 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:50.474431038 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:50.479228973 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:50.855087996 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:50.859890938 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:50.864691973 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:50.869467020 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:50.880034924 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:50.884840965 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:50.983555079 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:50.988373041 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:51.263925076 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:51.268781900 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:52.863962889 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:52.868716002 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:52.921251059 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:52.926038027 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:53.930202007 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:53.935036898 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:54.715421915 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:54.720184088 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:54.753534079 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:54.758382082 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:54.838433027 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:54.843187094 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:54.850212097 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:54.854979038 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:55.034614086 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:55.039391994 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:55.041074038 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:55.045798063 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:55.045897007 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:55.050621986 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:55.050666094 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:55.055445910 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:55.085505962 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:55.090301991 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:55.528048992 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:55.532844067 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:55.559186935 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:55.563946962 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:56.746279001 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:56.751059055 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:56.832252979 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:56.837416887 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:56.837461948 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:56.842243910 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:56.844605923 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:56.849520922 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:57.579945087 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:57.584778070 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:57.645754099 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:57.650530100 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:58.261399984 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:58.266247988 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:58.293256044 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:58.302354097 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:58.354310989 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:58.714704037 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:58.719497919 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:58.832571983 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:58.837476015 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:58.840974092 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:58.845740080 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:59.248919964 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:59.253753901 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:36:59.438474894 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:36:59.443293095 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:01.278485060 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:01.283256054 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:01.292562008 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:01.297349930 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:01.511554956 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:01.516339064 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:01.577841043 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:01.583517075 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:01.804217100 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:01.809012890 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:02.766454935 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:02.771262884 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:02.790291071 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:02.795059919 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:02.797810078 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:02.802552938 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:02.825603962 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:02.830384970 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:02.869245052 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:02.874023914 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:02.874067068 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:02.878880024 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:02.889424086 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:02.894195080 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:02.908066034 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:02.912856102 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:04.672471046 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:04.677298069 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:04.881428957 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:04.886184931 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:04.909050941 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:04.914653063 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:05.485377073 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:05.490199089 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:05.515853882 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:05.520679951 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:05.523966074 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:05.528776884 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:05.544634104 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:05.549431086 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:05.555789948 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:05.560554028 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:05.599383116 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:05.604155064 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:06.647339106 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:06.652986050 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:06.689671993 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:06.695343971 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:06.763783932 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:06.768639088 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:06.774977922 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:06.779762030 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:06.845810890 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:06.851188898 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:07.250294924 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:07.255551100 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:08.397856951 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:08.402707100 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:08.728998899 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:08.733810902 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:08.846566916 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:08.851385117 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:08.894784927 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:08.899539948 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:09.088942051 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:09.093995094 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:09.114059925 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:09.118916988 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:10.719230890 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:10.724216938 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:10.840832949 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:10.845622063 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:10.884265900 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:10.889055014 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:10.889101982 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:10.893846989 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:10.893901110 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:10.898695946 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:11.134120941 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:11.138971090 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:11.147334099 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:11.152132988 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:11.181298018 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:11.186067104 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:11.268032074 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:11.272859097 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:11.654031038 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:11.658911943 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:12.747898102 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:12.752690077 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:12.767282009 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:12.772085905 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:12.791862965 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:12.796675920 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:13.003132105 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:13.007996082 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:13.032852888 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:13.037657022 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:13.037698984 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:13.042450905 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:13.340054989 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:13.344855070 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:14.724767923 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:14.729625940 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:14.744326115 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:14.749155998 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:14.831820011 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:14.837414026 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:14.842894077 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:14.848534107 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:14.851569891 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:14.857093096 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:15.053333044 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:15.058228016 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:15.080187082 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:15.084995985 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:15.131433964 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:15.136302948 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:15.144399881 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:15.149175882 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:16.972909927 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:16.980892897 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:17.190727949 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:17.195523977 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:19.059596062 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:19.064393044 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:20.860165119 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:20.864999056 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:20.878215075 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:20.883013964 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:20.976663113 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:20.981476068 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:21.011300087 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:21.016150951 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:21.111980915 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:21.116823912 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:21.145134926 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:21.149919987 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:21.212709904 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:21.221260071 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:21.346112967 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:21.350958109 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:21.670922041 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:21.675870895 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:22.007055998 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:22.011950016 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:22.880769014 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:22.885662079 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:22.895828962 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:22.900583029 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:22.909496069 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:22.914253950 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:22.937113047 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:22.941864967 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:24.349144936 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:24.354013920 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:24.784533024 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:24.789802074 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:24.885499954 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:24.890403032 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:24.931191921 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:24.936023951 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:24.994329929 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:24.999135971 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:25.302721977 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:25.307539940 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:25.672806978 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:25.677716017 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:25.686124086 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:25.690901041 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:26.797480106 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:26.802373886 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:26.822197914 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:26.827052116 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:26.862030983 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:26.867512941 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:26.971043110 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:26.975841999 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:27.004637957 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:27.009376049 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:27.365554094 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:27.370399952 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:27.437352896 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:27.442162037 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:27.483784914 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:27.488538980 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:28.285981894 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:28.398250103 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:30.830949068 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:30.835751057 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:30.887305021 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:30.892096996 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:30.990860939 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:30.995683908 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:31.086014032 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:31.090847015 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:32.819905996 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:32.824716091 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:32.830972910 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:32.835728884 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:32.845462084 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:32.850229025 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:33.212054014 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:33.216907024 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:33.229275942 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:33.234015942 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:35.223052025 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:35.227996111 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:36.902846098 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:36.907660961 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:37.104705095 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:37.109587908 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:37.114989042 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:37.119756937 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:38.755516052 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:38.760374069 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:38.817738056 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:38.822585106 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:38.897046089 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:38.901895046 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:38.973776102 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:38.978617907 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:39.100934982 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:39.105791092 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:39.642220974 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:39.646996975 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:41.182555914 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:41.187453032 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:41.282075882 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:41.287080050 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:41.287137032 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:41.292021036 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:42.998110056 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:43.003519058 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:44.270108938 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:44.275126934 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:44.780889034 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:44.785741091 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:45.374845028 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:45.380264997 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:47.353713036 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:47.358464003 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:47.720506907 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:47.725332975 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:47.746633053 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:47.751378059 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:48.093147993 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:48.098948956 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:50.696335077 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:50.701659918 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:50.789021969 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:50.793842077 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:50.892863989 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:50.897702932 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:50.922944069 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:50.927778959 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:51.617468119 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:51.622301102 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:53.038449049 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:53.043365955 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:53.063126087 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:53.067951918 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:53.176290989 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:53.181092024 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:53.500220060 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:53.505055904 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:53.505117893 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:53.509963036 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:56.696003914 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:56.700823069 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:56.885883093 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:56.890788078 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:57.288104057 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:57.293005943 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:58.292489052 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:37:58.508342981 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:59.693778038 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:37:59.698679924 CET700049730172.190.167.107192.168.2.4
                        Jan 7, 2025 20:38:01.441663027 CET497307000192.168.2.4172.190.167.107
                        Jan 7, 2025 20:38:01.446578979 CET700049730172.190.167.107192.168.2.4

                        UDP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Jan 7, 2025 20:33:56.351464033 CET5012653192.168.2.41.1.1.1
                        Jan 7, 2025 20:33:56.358897924 CET53501261.1.1.1192.168.2.4
                        Jan 7, 2025 20:38:01.249968052 CET5443553192.168.2.41.1.1.1
                        Jan 7, 2025 20:38:01.282499075 CET53544351.1.1.1192.168.2.4

                        ICMP Packets

                        TimestampSource IPDest IPChecksumCodeType
                        Jan 7, 2025 20:33:56.393620968 CET192.168.2.4142.250.185.784d5aEcho
                        Jan 7, 2025 20:33:56.399779081 CET142.250.185.78192.168.2.4555aEcho Reply
                        Jan 7, 2025 20:33:58.976897955 CET192.168.2.4142.250.185.784d59Echo
                        Jan 7, 2025 20:33:58.983232975 CET142.250.185.78192.168.2.45559Echo Reply
                        Jan 7, 2025 20:34:02.437916994 CET192.168.2.4142.250.185.784d58Echo
                        Jan 7, 2025 20:34:02.444205999 CET142.250.185.78192.168.2.45558Echo Reply
                        Jan 7, 2025 20:34:10.075012922 CET192.168.2.4142.250.185.784d57Echo
                        Jan 7, 2025 20:34:10.081144094 CET142.250.185.78192.168.2.45557Echo Reply
                        Jan 7, 2025 20:34:18.261919022 CET192.168.2.4142.250.185.784d56Echo
                        Jan 7, 2025 20:34:18.268095016 CET142.250.185.78192.168.2.45556Echo Reply
                        Jan 7, 2025 20:34:26.427834988 CET192.168.2.4142.250.185.784d55Echo
                        Jan 7, 2025 20:34:26.434058905 CET142.250.185.78192.168.2.45555Echo Reply
                        Jan 7, 2025 20:35:01.444886923 CET192.168.2.4142.250.185.784d54Echo
                        Jan 7, 2025 20:35:01.451198101 CET142.250.185.78192.168.2.45554Echo Reply

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Jan 7, 2025 20:33:56.351464033 CET192.168.2.41.1.1.10xf738Standard query (0)appengine.google.comA (IP address)IN (0x0001)false
                        Jan 7, 2025 20:38:01.249968052 CET192.168.2.41.1.1.10x22daStandard query (0)appengine.google.comA (IP address)IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Jan 7, 2025 20:33:56.358897924 CET1.1.1.1192.168.2.40xf738No error (0)appengine.google.comwww3.l.google.comCNAME (Canonical name)IN (0x0001)false
                        Jan 7, 2025 20:33:56.358897924 CET1.1.1.1192.168.2.40xf738No error (0)www3.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                        Jan 7, 2025 20:38:01.282499075 CET1.1.1.1192.168.2.40x22daNo error (0)appengine.google.comwww3.l.google.comCNAME (Canonical name)IN (0x0001)false
                        Jan 7, 2025 20:38:01.282499075 CET1.1.1.1192.168.2.40x22daNo error (0)www3.l.google.com142.250.185.174A (IP address)IN (0x0001)false

                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:0
                        Start time:14:33:54
                        Start date:07/01/2025
                        Path:C:\Users\user\Desktop\NzL6O1Q.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Users\user\Desktop\NzL6O1Q.exe"
                        Imagebase:0x250000
                        File size:482'304 bytes
                        MD5 hash:D22612D2899FC888514C3CA553B49F79
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000000.1647097653.0000000000252000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000002.4097980583.00000000024D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:false

                        General

                        Target ID:1
                        Start time:14:33:56
                        Start date:07/01/2025
                        Path:C:\Windows\System32\schtasks.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "NzL6O1Q" /tr "C:\Users\user\AppData\Roaming\NzL6O1Q.exe"
                        Imagebase:0x7ff76f990000
                        File size:235'008 bytes
                        MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:2
                        Start time:14:33:57
                        Start date:07/01/2025
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff7699e0000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:3
                        Start time:14:33:57
                        Start date:07/01/2025
                        Path:C:\Users\user\AppData\Roaming\NzL6O1Q.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Users\user\AppData\Roaming\NzL6O1Q.exe
                        Imagebase:0x370000
                        File size:482'304 bytes
                        MD5 hash:D22612D2899FC888514C3CA553B49F79
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Antivirus matches:
                        • Detection: 53%, ReversingLabs
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:4
                        Start time:14:34:01
                        Start date:07/01/2025
                        Path:C:\Users\user\AppData\Roaming\NzL6O1Q.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Users\user\AppData\Roaming\NzL6O1Q.exe
                        Imagebase:0xca0000
                        File size:482'304 bytes
                        MD5 hash:D22612D2899FC888514C3CA553B49F79
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:5
                        Start time:14:34:09
                        Start date:07/01/2025
                        Path:C:\Users\user\AppData\Roaming\NzL6O1Q.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Users\user\AppData\Roaming\NzL6O1Q.exe"
                        Imagebase:0x510000
                        File size:482'304 bytes
                        MD5 hash:D22612D2899FC888514C3CA553B49F79
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:7
                        Start time:14:34:17
                        Start date:07/01/2025
                        Path:C:\Users\user\AppData\Roaming\NzL6O1Q.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Users\user\AppData\Roaming\NzL6O1Q.exe"
                        Imagebase:0x4d0000
                        File size:482'304 bytes
                        MD5 hash:D22612D2899FC888514C3CA553B49F79
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:10
                        Start time:14:34:25
                        Start date:07/01/2025
                        Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe"
                        Imagebase:0xe60000
                        File size:482'304 bytes
                        MD5 hash:D22612D2899FC888514C3CA553B49F79
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe, Author: Joe Security
                        • Rule: rat_win_xworm_v2, Description: Finds XWorm v2 samples based on characteristic strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe, Author: Sekoia.io
                        • Rule: rat_win_xworm_v2, Description: Finds XWorm v2 samples based on characteristic strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe, Author: Sekoia.io
                        • Rule: rat_win_xworm_v2, Description: Finds XWorm v2 samples based on characteristic strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NzL6O1Q.exe, Author: Sekoia.io
                        Antivirus matches:
                        • Detection: 100%, Avira
                        • Detection: 100%, Avira
                        • Detection: 100%, Joe Sandbox ML
                        • Detection: 100%, Joe Sandbox ML
                        • Detection: 53%, ReversingLabs
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:11
                        Start time:14:35:00
                        Start date:07/01/2025
                        Path:C:\Users\user\AppData\Roaming\NzL6O1Q.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Users\user\AppData\Roaming\NzL6O1Q.exe
                        Imagebase:0x960000
                        File size:482'304 bytes
                        MD5 hash:D22612D2899FC888514C3CA553B49F79
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:13
                        Start time:14:36:00
                        Start date:07/01/2025
                        Path:C:\Users\user\AppData\Roaming\NzL6O1Q.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Users\user\AppData\Roaming\NzL6O1Q.exe
                        Imagebase:0x7f0000
                        File size:482'304 bytes
                        MD5 hash:D22612D2899FC888514C3CA553B49F79
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:false

                        Disassembly

                        Reset < >

                          Executed Functions

                          Function 00007FFD9B886416 Relevance: .5, Instructions: 472COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e58c61d8fade30cb8180439009c0f8c3dfbe13c4854a2872e7262230a06123e7
                          • Instruction ID: ed39cbba6640346573ea9ba9b2b7856f027d054e6374aaba960d815f2b4c9847
                          • Opcode Fuzzy Hash: e58c61d8fade30cb8180439009c0f8c3dfbe13c4854a2872e7262230a06123e7
                          • Instruction Fuzzy Hash: 86F1C670A09E8D8FEBA8DF28D8557E937D1FF58310F04426EE85DC7295DB34A9418B82
                          Function 00007FFD9B8871C2 Relevance: .5, Instructions: 458COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 31c98e83c79979b7c6becf8d6534413abbc42272a8cdcf01c7ce709b86be107b
                          • Instruction ID: 9f591014c1cd6ff48c5f231cd11d1fb6ac744b59c6d2110f4bf2d6c2a71912cb
                          • Opcode Fuzzy Hash: 31c98e83c79979b7c6becf8d6534413abbc42272a8cdcf01c7ce709b86be107b
                          • Instruction Fuzzy Hash: 46E1D530A09E4E8FEBA8DF28C8557E977E1FF58310F14426EE85DC7295CB3499418B81
                          Function 00007FFD9B887B5D Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID: d
                          • API String ID: 0-2564639436
                          • Opcode ID: f6959ee98153c8ee6d5d6815bec26290a370a42bc56255f106c86fddce2b670c
                          • Instruction ID: 86a41121669d5cc858f810b2140d0fa9c38a070703cfef5e1bebce205960804f
                          • Opcode Fuzzy Hash: f6959ee98153c8ee6d5d6815bec26290a370a42bc56255f106c86fddce2b670c
                          • Instruction Fuzzy Hash: D2213432D0E65A4FEB11DBA8C8146F9BBF1EF49310F06017BC469D31A2CA3C59408791
                          Function 00007FFD9B887B90 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID: d
                          • API String ID: 0-2564639436
                          • Opcode ID: fcd9114aee541dcc780d232c51c52253761a57ff16f94e2af91bda08ab74698c
                          • Instruction ID: e2ef0766903470dbc4ef30baedf4ea09b43db725923cb0895118f2080056174a
                          • Opcode Fuzzy Hash: fcd9114aee541dcc780d232c51c52253761a57ff16f94e2af91bda08ab74698c
                          • Instruction Fuzzy Hash: D001B536E0892D4BEF64EBA888191FEB6B2EF5C314F06013AD96DE3290DB34565047D1
                          Function 00007FFD9B882120 Relevance: .4, Instructions: 391COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e3b73b62d7d9b504693849c3a5d02cd7308b145b9b46e67b948e4aacad34603d
                          • Instruction ID: 77ade17b2cebf4768d0a3a1b614990617897edb05f24ec540938885f0396d932
                          • Opcode Fuzzy Hash: e3b73b62d7d9b504693849c3a5d02cd7308b145b9b46e67b948e4aacad34603d
                          • Instruction Fuzzy Hash: 5AA14761F0DE4E4FE768AB78543967967D1EF98350B54007AE06DC32D7DE38AC028381
                          Function 00007FFD9B881690 Relevance: .4, Instructions: 361COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3dfd75d6520de9666f552bd34d8d203e77725f32fef89dd10130e26a5cfb4d20
                          • Instruction ID: 5793c4aaea30e39e13fcc217d8ab97c8ca1bf084a4e2c61a585cdd6dd14977ca
                          • Opcode Fuzzy Hash: 3dfd75d6520de9666f552bd34d8d203e77725f32fef89dd10130e26a5cfb4d20
                          • Instruction Fuzzy Hash: 5DC1E771B19D1D8FD768EB2884A4AA4B7D2FF5D354B4105B9E06DC32E6CE34BD028781
                          Function 00007FFD9B886DD6 Relevance: .3, Instructions: 331COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 63068980d2aee04d1b7dc1b49e243b25c1e0741ad4f803b9dfed01ee62b2c231
                          • Instruction ID: 3cd23e0f9f788a49c55e404dd0174911a69b034f14ae4a031a4521e1907927dc
                          • Opcode Fuzzy Hash: 63068980d2aee04d1b7dc1b49e243b25c1e0741ad4f803b9dfed01ee62b2c231
                          • Instruction Fuzzy Hash: BDB1E570609A4D4FEB68DF28D8557E93BE1FF59310F04426EE85DC7296CB34A941CB82
                          Function 00007FFD9B8825C1 Relevance: .3, Instructions: 312COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: df1f3eca6d1f84c794ae0cc7c1a2e34549bd95852ea04b69183adf317a0df831
                          • Instruction ID: bfdfcab2bd1ef336da94cd31c17a4d84c0df864fd2fae76f6b2b17ac3b13075d
                          • Opcode Fuzzy Hash: df1f3eca6d1f84c794ae0cc7c1a2e34549bd95852ea04b69183adf317a0df831
                          • Instruction Fuzzy Hash: 85A1B660718D498BE78DB7BC9865BB9B2D2FFA8300F5405B6E41DC33E7DD28A8428751
                          Function 00007FFD9B882AAA Relevance: .3, Instructions: 266COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3cc130a14125a901911935b4ea20516755b425e297ce17cec076236b385aaedc
                          • Instruction ID: 6f6d100fd884018efbeefdc9692d22843d10e747c5e9d665da834ec709a214a5
                          • Opcode Fuzzy Hash: 3cc130a14125a901911935b4ea20516755b425e297ce17cec076236b385aaedc
                          • Instruction Fuzzy Hash: 2D717A31B0DA4D4FE7A9EB6C882A6B97BD1EF89320F0441BFD44DC31A7DD2898428741
                          Function 00007FFD9B888201 Relevance: .2, Instructions: 232COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6a0fa12bc83a9a49f184287fd8824b56dc8421fb481671fce3f833a2e4e14711
                          • Instruction ID: 6c6e161a7867c0b0cadd061d296d79bb66582d8d76d6ed939bb72df4b9a7820c
                          • Opcode Fuzzy Hash: 6a0fa12bc83a9a49f184287fd8824b56dc8421fb481671fce3f833a2e4e14711
                          • Instruction Fuzzy Hash: D961CA31B19D4D4FDB98EB68C865AAD77E1EF59310F4501BAE01DD32A6CE34AC42C741
                          Function 00007FFD9B888230 Relevance: .2, Instructions: 226COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: aeeab863a85e00a1e166d567ab77c30d4128cdbf81cf059fa3f8ee09c63d35d3
                          • Instruction ID: f49a71657a9ebb70ebf0ff11a878cbe99b1bf7f8b6019ab567a5861a588b13bf
                          • Opcode Fuzzy Hash: aeeab863a85e00a1e166d567ab77c30d4128cdbf81cf059fa3f8ee09c63d35d3
                          • Instruction Fuzzy Hash: 5361B531B19D0D4FDB98EB68C469ABD77E1EF98310F45017AE41ED32A6CE34AC428741
                          Function 00007FFD9B8817C8 Relevance: .2, Instructions: 224COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8db53b58c569fd36bbe86a9338ec49d701778ee916de09bb4538f962b3919bd7
                          • Instruction ID: 4119f6dc966480dd58818e020bedac04cfb92cd58f6e812f59ad520aecba60ac
                          • Opcode Fuzzy Hash: 8db53b58c569fd36bbe86a9338ec49d701778ee916de09bb4538f962b3919bd7
                          • Instruction Fuzzy Hash: 28716352A0FBDA4FE767B36C68754A57F60DF4A654B0A00F7D0E8CF0B3DD28690A8251
                          Function 00007FFD9B880570 Relevance: .2, Instructions: 214COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5232a7f83b816b95995e87e697fdaa88e5344d1eea4d07f506d113b57d8df6de
                          • Instruction ID: 1d0dee73221d271d1a8a1bb763e074e5025e4c7aad49cbd9e0fec86702f1a659
                          • Opcode Fuzzy Hash: 5232a7f83b816b95995e87e697fdaa88e5344d1eea4d07f506d113b57d8df6de
                          • Instruction Fuzzy Hash: 2E514832B29E0E0FE758AB6898665B977A1EF89720F01017AD45AD32E7DD356C438780
                          Function 00007FFD9B884DA5 Relevance: .2, Instructions: 209COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6ecd093e44a2ca2e2551714377686404b427652f8bdd5cf2dc754ec5be499bfd
                          • Instruction ID: a476d7ec7c9c9309db53285b614c7c1f6f65efe0a8a6443befcd33abdb76394f
                          • Opcode Fuzzy Hash: 6ecd093e44a2ca2e2551714377686404b427652f8bdd5cf2dc754ec5be499bfd
                          • Instruction Fuzzy Hash: BD619531A08A0D8FDB58DF58C895BEDB7F1FF58310F10416ED45DD3296DA34A9468B81
                          Function 00007FFD9B887C49 Relevance: .2, Instructions: 205COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 973296372235de3a61f4d9bea12f53b5558ad876222aa2c91db7cd02e8b5852b
                          • Instruction ID: 03c17393f48f24cae4238f39e6183fc10190d60357d2c758ff252e623dd582d2
                          • Opcode Fuzzy Hash: 973296372235de3a61f4d9bea12f53b5558ad876222aa2c91db7cd02e8b5852b
                          • Instruction Fuzzy Hash: 3C517430A18A0C4FDB98DF58D855BEDB7F1FF59310F10426AD44DD3296DA34A9428B81
                          Function 00007FFD9B887E69 Relevance: .2, Instructions: 204COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c2641de207ca95ed3c3297cd4ec29bb8a77646606903311d5716f28a1c1ab1be
                          • Instruction ID: 6912486fc8def3c0d103a631e0fc98937d700cfd2f6c68a107c90a40ef53dd48
                          • Opcode Fuzzy Hash: c2641de207ca95ed3c3297cd4ec29bb8a77646606903311d5716f28a1c1ab1be
                          • Instruction Fuzzy Hash: 4361C730F19D4E8FEB99EB68D861AA877E1FF49314F450179D019C32E6DE38A8418741
                          Function 00007FFD9B888ED9 Relevance: .2, Instructions: 201COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ea21a4916d460f138ffc9c1e3ff8e6d3c5569c4a629cdba2e323d34d059a11c8
                          • Instruction ID: c81349976136e76beeeda778215ae766ed8268ef6c579fea22d085d7d7a7a621
                          • Opcode Fuzzy Hash: ea21a4916d460f138ffc9c1e3ff8e6d3c5569c4a629cdba2e323d34d059a11c8
                          • Instruction Fuzzy Hash: 0B61FC30B1D91E4FEBA8EB7888656B977E1FF59311F0105B9D41EC31D6DE38A9428B40
                          Function 00007FFD9B8838FC Relevance: .2, Instructions: 199COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4938f51fc377f154a173443540b371ae4f4b82d1f963608ee7182816eadd04b4
                          • Instruction ID: 5720531bed40909df36ceb3b727e5be4ebc31f246a94a052a2b417698a2f7b81
                          • Opcode Fuzzy Hash: 4938f51fc377f154a173443540b371ae4f4b82d1f963608ee7182816eadd04b4
                          • Instruction Fuzzy Hash: 14517331D08A1C8FDB58DB58D855BE9BBF1FF59310F0082ABD44DD3252DE34A9858B81
                          Function 00007FFD9B880D6D Relevance: .2, Instructions: 179COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3bbc911545efb4ebf95ca240e582fa389f58ad0e4bb58d3f53741e2f15a5c7b9
                          • Instruction ID: 065292d0370ec3a4fa1149198bbbc2994483cd278bfd16aaa30ddaa97f70bc0a
                          • Opcode Fuzzy Hash: 3bbc911545efb4ebf95ca240e582fa389f58ad0e4bb58d3f53741e2f15a5c7b9
                          • Instruction Fuzzy Hash: B3518F21B28D198FE799E76C9471BB873D2EF98700B5445B9D42EC32DADD28AC028781
                          Function 00007FFD9B881BA5 Relevance: .2, Instructions: 150COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3fe1d721a629ca4d5badc3eb7d2ee245c6edcb994e24d699648ef8c1a8b985cd
                          • Instruction ID: 488cb4b94b770de26a74f021dab3610d419f16a9ba01b0bf89e1ad6f641bcc10
                          • Opcode Fuzzy Hash: 3fe1d721a629ca4d5badc3eb7d2ee245c6edcb994e24d699648ef8c1a8b985cd
                          • Instruction Fuzzy Hash: B9418370A09A5C8FDBA8EF68D465BA97BF1FF69311F10016ED019C36A2CB75D841CB41
                          Function 00007FFD9B882941 Relevance: .1, Instructions: 132COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9d0340ae80ce7bf29478ba86f82306df1c1fafb07fde03065df0ba4eafef1706
                          • Instruction ID: af6aed2a36d89eaece7b2e54353594686a20c8106a9dd8cf8f1c28ceb25da211
                          • Opcode Fuzzy Hash: 9d0340ae80ce7bf29478ba86f82306df1c1fafb07fde03065df0ba4eafef1706
                          • Instruction Fuzzy Hash: D031B651B19D494FE754BBBC5C697BC76D1EF98651F0402BBE01DC32DBED2868024382
                          Function 00007FFD9B882960 Relevance: .1, Instructions: 116COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9be03858f81ba24e8623750615263c1fae4ece964f6dd3910f58e404665ba94e
                          • Instruction ID: 38eebf6b0fc2d08cd5d00e07ee53cec853fecf6fa0b12adebfbab6aa40ae8e32
                          • Opcode Fuzzy Hash: 9be03858f81ba24e8623750615263c1fae4ece964f6dd3910f58e404665ba94e
                          • Instruction Fuzzy Hash: 3C318751B18D1D4BEB98BBBC5C697BD72D2EF9C651F000177E41DC32DAED2868424392
                          Function 00007FFD9B880872 Relevance: .1, Instructions: 112COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 10b1e4984e74fd4285e01b57b85bdafa251453097677b4e0b03877a9f873f1aa
                          • Instruction ID: caca0b6af08cbbfbcda652473d1c53aceccadbafa4877292adbfe7b1748cc341
                          • Opcode Fuzzy Hash: 10b1e4984e74fd4285e01b57b85bdafa251453097677b4e0b03877a9f873f1aa
                          • Instruction Fuzzy Hash: A7419429B59E0E4FD35CE768A4758A9BF62FFA86407C044B4D419C33CBDD34A9028B92
                          Function 00007FFD9B881025 Relevance: .1, Instructions: 108COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 36cc02907447630a86b467742db6bafc46f2982146b57ade0019ea9513076628
                          • Instruction ID: 0f2733c57b99e01aea6b9cd4f40ca44274b1813321b5ad15463e798ace12908d
                          • Opcode Fuzzy Hash: 36cc02907447630a86b467742db6bafc46f2982146b57ade0019ea9513076628
                          • Instruction Fuzzy Hash: C5312B31A8E6D94FD726A7605C236F63B60DF4A310F1601B7D058C71D3C92D66878391
                          Function 00007FFD9B888D2D Relevance: .1, Instructions: 107COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 20af7784febf0111d4bae1aae29e47acceb483c97b09e2b5839d9427f551abc2
                          • Instruction ID: 92004154e8b01214c99bd3e670905bcd054531ea5956b7dbc189ede20438450a
                          • Opcode Fuzzy Hash: 20af7784febf0111d4bae1aae29e47acceb483c97b09e2b5839d9427f551abc2
                          • Instruction Fuzzy Hash: DB315F70A14A5E8FEB48EBA8D865AFDB7E1FF58300F410575E418D32D2DE34A941CB51
                          Function 00007FFD9B8880FD Relevance: .1, Instructions: 99COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 776f8a4a8a833a2d4fff895dfcbfae5053b95b9a5c3e6741ebd7839a69fb3cab
                          • Instruction ID: e515820dd95856c3ba8f082b9f1fb541062841045550e38293999448a109f196
                          • Opcode Fuzzy Hash: 776f8a4a8a833a2d4fff895dfcbfae5053b95b9a5c3e6741ebd7839a69fb3cab
                          • Instruction Fuzzy Hash: E2212835E8E99E0FDB52A7B45C224FA7BE4EF49311B0541F3E428C7092DE2C66438791
                          Function 00007FFD9B8818D3 Relevance: .1, Instructions: 98COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5f97fef52e252836c91a65240a05814f64429ce1bc04113c612efacda2f510f1
                          • Instruction ID: 5d12666b6a37c9e1961d26332a464cfa7bb7575a8087b47876d11185b6887f26
                          • Opcode Fuzzy Hash: 5f97fef52e252836c91a65240a05814f64429ce1bc04113c612efacda2f510f1
                          • Instruction Fuzzy Hash: 35318A12A0E7D54ED717B3BC68B54953FA09E4722870A01FBD4E9CF0B3ED18694983A6
                          Function 00007FFD9B888C75 Relevance: .1, Instructions: 70COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 38e034ac9e5611f36eb36e5758df6649460134d11b8c4ae95470df5967f38ebf
                          • Instruction ID: 8b5e144bbf465e29296f4f048c05954cbd6c37a362d5e659bad41b1d2fe4d863
                          • Opcode Fuzzy Hash: 38e034ac9e5611f36eb36e5758df6649460134d11b8c4ae95470df5967f38ebf
                          • Instruction Fuzzy Hash: 7711C16594FACE4FEBA257B408250A57FA1EF07254B4901FBD0A8C70E7D92D190B8342
                          Function 00007FFD9B880C39 Relevance: .1, Instructions: 66COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 67d4073e9db8c1aa466896a5820f95434ca1dcb8f9954723f45fad9b86cc88bf
                          • Instruction ID: 16378e8d8d8beb5afc36e4def81d58713669f5cd68994d539e431757e58bd7ad
                          • Opcode Fuzzy Hash: 67d4073e9db8c1aa466896a5820f95434ca1dcb8f9954723f45fad9b86cc88bf
                          • Instruction Fuzzy Hash: 3711E460F1DA490FF7A9AB6884727A83761FF59704F4100B6D41DC72D7CE28AD014342
                          Function 00007FFD9B887920 Relevance: .1, Instructions: 63COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1436e99da604fb6f97590ea694ae1d385385fd8afdcff3cf00c5c1043659a43b
                          • Instruction ID: 55d19952c7aa786ffb131074a9558a280bcfad478fac9ad57589c3ef7565b27b
                          • Opcode Fuzzy Hash: 1436e99da604fb6f97590ea694ae1d385385fd8afdcff3cf00c5c1043659a43b
                          • Instruction Fuzzy Hash: F8114825F09D5E4FEB62EB6C58252AC77A1FF59310F0402B2D41DC3196CE28684247C2
                          Function 00007FFD9B887AA1 Relevance: .1, Instructions: 58COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: da97e4c642d2e77564c1bc59cb772d692c372fc7a3887b7215d322565bc08347
                          • Instruction ID: e8f8d89ecce10ae08b87d82c9ff8e411b25223782ee68a9c36b8ee8f52ca1419
                          • Opcode Fuzzy Hash: da97e4c642d2e77564c1bc59cb772d692c372fc7a3887b7215d322565bc08347
                          • Instruction Fuzzy Hash: E3010472E0AA9C4FEB41EBA888265FD7BF0EF19211F4101B7D158C61D7DF2899408782
                          Function 00007FFD9B888C19 Relevance: .1, Instructions: 57COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 30a9b93c11a951dc8c5d73b3736a1cc8886630cde294820208e42219a894d32a
                          • Instruction ID: e437dfe1aa97695e14129c577c7cdeb8665aabc3c5bcb915b3c82d56e9757e30
                          • Opcode Fuzzy Hash: 30a9b93c11a951dc8c5d73b3736a1cc8886630cde294820208e42219a894d32a
                          • Instruction Fuzzy Hash: 9401F51594FACE4FEBA267B408250A6BF95DF07214B4905FBD0E8870E7DA2D1A1BC341
                          Function 00007FFD9B880CF7 Relevance: .0, Instructions: 45COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0c6b5b64d7ba8581a4fac834151b7fa0eaf385b44f0aeb9fe22fb67c988fbdf8
                          • Instruction ID: d51b615bc2c157c81f95efc2dc18a70d931991ddaea6715e68abf1c455652ab0
                          • Opcode Fuzzy Hash: 0c6b5b64d7ba8581a4fac834151b7fa0eaf385b44f0aeb9fe22fb67c988fbdf8
                          • Instruction Fuzzy Hash: E3F0AF35B19C1C4FEBD4EB1C986466873D2FFAC610B400135D81DD329ACE28AD028B80
                          Function 00007FFD9B881B29 Relevance: .0, Instructions: 44COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: abc9c818bdadbd811f35859b4f874352cc84a5b96ea707837a0f8ac8e5e103e4
                          • Instruction ID: 981aa00ee8c75a82f360da46e6591331bdaa75716e4c0968c5884532e6e1be8e
                          • Opcode Fuzzy Hash: abc9c818bdadbd811f35859b4f874352cc84a5b96ea707837a0f8ac8e5e103e4
                          • Instruction Fuzzy Hash: 0801D410F0EA894FFBA577B848716782A91EF89700F4601FAD059C61F7ED2C69418342
                          Function 00007FFD9B888741 Relevance: .0, Instructions: 36COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 956e24f8b046ba78c6cad954463577dac3ebc5be9d7527289e8e6d10e61a7a78
                          • Instruction ID: ced4033a6e321e84403b62553a075c2b116139dd5ed0c1f031e42b6e48f9f2d3
                          • Opcode Fuzzy Hash: 956e24f8b046ba78c6cad954463577dac3ebc5be9d7527289e8e6d10e61a7a78
                          • Instruction Fuzzy Hash: 0FF0EC7095EECD4FD7266BA848212E57F70FF46310F4507A7E178C60F3CA281A1A8341
                          Function 00007FFD9B880BF9 Relevance: .0, Instructions: 30COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 592834abda7c586506553b1203de19d5d047540d571615be8f2244b49b5582f8
                          • Instruction ID: f9ecde6481278089e409f67bd89657c746707f4901172450e47daca7d2bc7126
                          • Opcode Fuzzy Hash: 592834abda7c586506553b1203de19d5d047540d571615be8f2244b49b5582f8
                          • Instruction Fuzzy Hash: 62F0557280FBD44FD7648F188820561FFE0EF66210B0E02EBD088CB173CAA96A418301
                          Function 00007FFD9B8806D0 Relevance: .0, Instructions: 21COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a1510ddd262cfbd653c50f30db957f651acff9261f18cf0ea471ebdfc0118f09
                          • Instruction ID: be780bb715c2be21262106f289c8fd5a7193bf126fa2795bc1d73ac0d1115493
                          • Opcode Fuzzy Hash: a1510ddd262cfbd653c50f30db957f651acff9261f18cf0ea471ebdfc0118f09
                          • Instruction Fuzzy Hash: A2D0973282AC0D4FEBB8EE0C6404171F3D1EF68250B1A09BBE42CD2274C8F22D820280
                          Function 00007FFD9B8816C0 Relevance: .0, Instructions: 21COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8f7f60de9332eebf8ad81bb19eb29dbfd26a661e3b2d560c841ec559ffcadb8d
                          • Instruction ID: f30f5de094a5ce7e2bbee8dc4541d16f17d8d0f7b15a33e16ccd543138179687
                          • Opcode Fuzzy Hash: 8f7f60de9332eebf8ad81bb19eb29dbfd26a661e3b2d560c841ec559ffcadb8d
                          • Instruction Fuzzy Hash: CFE02630A69C4E8BE720BBE888113F677A0FB48314F410225F03C820F1CB343B108381
                          Function 00007FFD9B8816A0 Relevance: .0, Instructions: 14COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9f1188f2af3486ff16d7b449f0d544d76ceb488ed17982375fc0572315dd29ea
                          • Instruction ID: a5cd6ece157eb21123aa43f9224611caf62704548258e311610e5300b9167744
                          • Opcode Fuzzy Hash: 9f1188f2af3486ff16d7b449f0d544d76ceb488ed17982375fc0572315dd29ea
                          • Instruction Fuzzy Hash: 96C01235C55D4D9BDB60BB9058011FAB364FB08204F810556F52D82054DF3467284682
                          Function 00007FFD9B8816C5 Relevance: .0, Instructions: 10COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.4102375685.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5c1f9998745e3752d112bab054467135403599625a30525831dad81cc66153b3
                          • Instruction ID: 3c9de3728f6d055cc39ce2f872207215fb7f40546ac293ba4c5d264102804c87
                          • Opcode Fuzzy Hash: 5c1f9998745e3752d112bab054467135403599625a30525831dad81cc66153b3
                          • Instruction Fuzzy Hash: ABB09204E6F98B42E5297BF94C620A8BA609F8E248FCA04B1D498800A2D85E12DA0392

                          Executed Functions

                          Function 00007FFD9B8A135A Relevance: .8, Instructions: 810COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1689988285.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ffd9b8a0000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b29723a0ea0f56c543b1eda6aa366538faaf4cca48cfc9f6c64884b6851a8b00
                          • Instruction ID: 9f7861cf12fb6c829f366bc57436837da051f37dac66869730891eb546674ecb
                          • Opcode Fuzzy Hash: b29723a0ea0f56c543b1eda6aa366538faaf4cca48cfc9f6c64884b6851a8b00
                          • Instruction Fuzzy Hash: F3219C42A0FBC50FE712A77818B51657FA09F5B66074E04EBD4D8CB1E7E908AD49C3A3
                          Function 00007FFD9B8A0570 Relevance: .2, Instructions: 214COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1689988285.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ffd9b8a0000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 74e222398aa06d2d42be80d3b3b7c7c7d9f51c132881714202cc65fa78f2a53e
                          • Instruction ID: 3b092b33b120cfb75c8695f1f0a3071de9f5ef16409df87430ff47476071c8d8
                          • Opcode Fuzzy Hash: 74e222398aa06d2d42be80d3b3b7c7c7d9f51c132881714202cc65fa78f2a53e
                          • Instruction Fuzzy Hash: D3516A32F2AA4E0FE758AB689C625F977A1EF49720F01017AD44ED31E7DD2578438390
                          Function 00007FFD9B8A0872 Relevance: .1, Instructions: 112COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1689988285.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ffd9b8a0000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f88aad9073fbb319c365b15334b760c34d6342ec99640051adc6ea6822dd88e5
                          • Instruction ID: d1ba6afd6c76a1fd19daf596d30221833c09276f74d066ba5b99498854eb325c
                          • Opcode Fuzzy Hash: f88aad9073fbb319c365b15334b760c34d6342ec99640051adc6ea6822dd88e5
                          • Instruction Fuzzy Hash: F741C42175599B4FD34CFB68A4714ACBAA2FF982407F444B8E09DC3BCBDD34A9428752
                          Function 00007FFD9B8A1025 Relevance: .1, Instructions: 108COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1689988285.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ffd9b8a0000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4436d00a90bba21e755671074edbc7ac140cbd4a5484e0341793499f8aa3fd8d
                          • Instruction ID: 6da9bc6069f34f726c649f2bb10c1d7c9786bb0707a32eb79d71ae649823d1c3
                          • Opcode Fuzzy Hash: 4436d00a90bba21e755671074edbc7ac140cbd4a5484e0341793499f8aa3fd8d
                          • Instruction Fuzzy Hash: 2C31E931A8E5D94FE726A76058636F63BA4DF46310F0601F7D048D75D3C91D2A87C3A1
                          Function 00007FFD9B8A0C39 Relevance: .1, Instructions: 66COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1689988285.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ffd9b8a0000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: df160fc30447c03e4bface1b8e20298c057417c8acee6a003da3e02b39773ee6
                          • Instruction ID: 06143a8b9330d61e9542db11e15704da970162b765b2af1c4e1d3992eba899cc
                          • Opcode Fuzzy Hash: df160fc30447c03e4bface1b8e20298c057417c8acee6a003da3e02b39773ee6
                          • Instruction Fuzzy Hash: C711E160F1EA894FE7A4A76888727A837A1FF99704F4100BAE44DC72D7DE186C428352
                          Function 00007FFD9B8A0BF9 Relevance: .0, Instructions: 30COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1689988285.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ffd9b8a0000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7092b9cb3cddb79cbefa28acbe00f4868108b359c80d73c9c3c3ba61c1890177
                          • Instruction ID: ab71c7aede1edd5bc52caec6a2618be94c5898e1c370e4b2075990eaa243c084
                          • Opcode Fuzzy Hash: 7092b9cb3cddb79cbefa28acbe00f4868108b359c80d73c9c3c3ba61c1890177
                          • Instruction Fuzzy Hash: 75F0E57281F7954FD765CF189824561FFE0EF66210B0E46EBD08CCB663C6AD6A81C341
                          Function 00007FFD9B8A06D0 Relevance: .0, Instructions: 21COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.1689988285.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ffd9b8a0000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 522ca7fe6eec206eb6d05f2fa2b7d7fce8399235b4df5fa4d493655964163e85
                          • Instruction ID: be3474305f6bf21477ba97a1926c8f370a5131b55587f3042e459483c934b855
                          • Opcode Fuzzy Hash: 522ca7fe6eec206eb6d05f2fa2b7d7fce8399235b4df5fa4d493655964163e85
                          • Instruction Fuzzy Hash: 5DD02E3292A90D0FDBA8EA086004171F3D0EB68250B1509ABE40CD2260C8A629824280

                          Executed Functions

                          Function 00007FFD9B8A135A Relevance: .8, Instructions: 810COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.1729389203.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7ffd9b8a0000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6621055a078f969dfc5062413eed229f6360a1c58d8a14beace8e5e89f1f0ac3
                          • Instruction ID: e35fff2700f1f10aa94853fdf895e014aea7394def74795b60a13924c2ca264e
                          • Opcode Fuzzy Hash: 6621055a078f969dfc5062413eed229f6360a1c58d8a14beace8e5e89f1f0ac3
                          • Instruction Fuzzy Hash: 98219E02A0F7C50FE712A77818B51657FA09F5B65074E00EBD498CB1E7E908AD49C3A3
                          Function 00007FFD9B8A0570 Relevance: .2, Instructions: 214COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.1729389203.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7ffd9b8a0000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a3c8c6174683a778cad31c194a324eb2883af8af60652b660497a063463c3498
                          • Instruction ID: d3858f10e751427ea9c1e06d96d4db6490b177a5a2eb42fc06d7b37a839c92a8
                          • Opcode Fuzzy Hash: a3c8c6174683a778cad31c194a324eb2883af8af60652b660497a063463c3498
                          • Instruction Fuzzy Hash: 06514A31F2AA4E4FE758AB6898625F977E1EF49720F010179D44ED31E7DD2978038790
                          Function 00007FFD9B8A0872 Relevance: .1, Instructions: 112COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.1729389203.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7ffd9b8a0000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bdef894da13f78abc5cc3e6bfe898003a932b95f80afb010f2dc924f06f560d1
                          • Instruction ID: 3ed0305c91e16d21e89ccf37dbeed750c7a8dcb61f08046c051e06fb8409e458
                          • Opcode Fuzzy Hash: bdef894da13f78abc5cc3e6bfe898003a932b95f80afb010f2dc924f06f560d1
                          • Instruction Fuzzy Hash: D3416624B1694E8FE34DF76854756A9B7E2FF88244BD081F8E01AC33CBDD3968018752
                          Function 00007FFD9B8A1025 Relevance: .1, Instructions: 108COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.1729389203.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7ffd9b8a0000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 91daf6709a7eb674fc0549c36f58017bc81e57601eca5fa510c44f50b829279e
                          • Instruction ID: 5c0bb0d0f930cb768d7c5a2a80f45522288527650b4f12c1b223d06f24448c1a
                          • Opcode Fuzzy Hash: 91daf6709a7eb674fc0549c36f58017bc81e57601eca5fa510c44f50b829279e
                          • Instruction Fuzzy Hash: 12310931A8E1D94FDB26A76458236F63BA0DF46310F0601F7E048D75D3C91D2A83C3A1
                          Function 00007FFD9B8A0C39 Relevance: .1, Instructions: 66COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.1729389203.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7ffd9b8a0000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: da3c77b0b971f893e35a37d4759ba93629c40133995997a211a1f21b37dfa62a
                          • Instruction ID: e6dd34e2c2bd581ebf859c53a69f17ee038cd96d1d31163c2802ae051959fe90
                          • Opcode Fuzzy Hash: da3c77b0b971f893e35a37d4759ba93629c40133995997a211a1f21b37dfa62a
                          • Instruction Fuzzy Hash: 3111AF20F1EA494BF7A9A76888767A937A1FF89744F4100B6E40DC72D7DE1C6D068352
                          Function 00007FFD9B8A0BF9 Relevance: .0, Instructions: 30COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.1729389203.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7ffd9b8a0000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7092b9cb3cddb79cbefa28acbe00f4868108b359c80d73c9c3c3ba61c1890177
                          • Instruction ID: ab71c7aede1edd5bc52caec6a2618be94c5898e1c370e4b2075990eaa243c084
                          • Opcode Fuzzy Hash: 7092b9cb3cddb79cbefa28acbe00f4868108b359c80d73c9c3c3ba61c1890177
                          • Instruction Fuzzy Hash: 75F0E57281F7954FD765CF189824561FFE0EF66210B0E46EBD08CCB663C6AD6A81C341
                          Function 00007FFD9B8A06D0 Relevance: .0, Instructions: 21COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000004.00000002.1729389203.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_7ffd9b8a0000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 522ca7fe6eec206eb6d05f2fa2b7d7fce8399235b4df5fa4d493655964163e85
                          • Instruction ID: be3474305f6bf21477ba97a1926c8f370a5131b55587f3042e459483c934b855
                          • Opcode Fuzzy Hash: 522ca7fe6eec206eb6d05f2fa2b7d7fce8399235b4df5fa4d493655964163e85
                          • Instruction Fuzzy Hash: 5DD02E3292A90D0FDBA8EA086004171F3D0EB68250B1509ABE40CD2260C8A629824280

                          Executed Functions

                          Function 00007FFD9B88135A Relevance: .8, Instructions: 810COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1800417827.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b74273d6931c28039b1ec82f8ae6d6c5f0fd16926d5fa05627ac33fd0d4f8db3
                          • Instruction ID: b8103d9976ee4b245ffa2b7d265124bb86d49e9ad1dd5ea7d8c0265ea42d0b3c
                          • Opcode Fuzzy Hash: b74273d6931c28039b1ec82f8ae6d6c5f0fd16926d5fa05627ac33fd0d4f8db3
                          • Instruction Fuzzy Hash: 73218D42A0FBC50FE752677828B51657FA09F4B65070A04EBD4A8CB1E3DA18AD49C393
                          Function 00007FFD9B880570 Relevance: .2, Instructions: 214COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1800417827.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 26a0c1d033385cd187bc02d5284cc384bc899c9ed7d3cae55aebf06ff9d89b35
                          • Instruction ID: bd86275d99942c94ffe547d942054755d16ccd0a6cfd5ff118fc19da23ad9d0f
                          • Opcode Fuzzy Hash: 26a0c1d033385cd187bc02d5284cc384bc899c9ed7d3cae55aebf06ff9d89b35
                          • Instruction Fuzzy Hash: F7514B31E29E0E0FE758AB6898625F977A1EF89720F01017AD45AC31E7DD397C438780
                          Function 00007FFD9B880872 Relevance: .1, Instructions: 112COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1800417827.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8a579d1b2a80428f926d30a1d48e2fc5d7434b4d6e35f686e54d54eca7283ef2
                          • Instruction ID: 759a8deb44bf62422a887b4128f0fe483c73c2831b0a331925d56885c8d42286
                          • Opcode Fuzzy Hash: 8a579d1b2a80428f926d30a1d48e2fc5d7434b4d6e35f686e54d54eca7283ef2
                          • Instruction Fuzzy Hash: 3241B66975990A4FD35CE768A4B14A9BF72FF88240BC444F4E019C77CBDE38A9068762
                          Function 00007FFD9B881025 Relevance: .1, Instructions: 108COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1800417827.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 48eb37eeb1f9155b9f6eafc96b305fdc6864c9c2f4d179285faeb0327355f731
                          • Instruction ID: 95bd96c55c9195d69f9902f37f7a9804e88b32dd7edb2b1f5449b375d26bc9bd
                          • Opcode Fuzzy Hash: 48eb37eeb1f9155b9f6eafc96b305fdc6864c9c2f4d179285faeb0327355f731
                          • Instruction Fuzzy Hash: EB312B31A8E6D94FD722A7605C236F63BA0DF4A310F1601B7D058C71D3C92D26878391
                          Function 00007FFD9B880C39 Relevance: .1, Instructions: 66COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1800417827.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4b5f7068d69aab522ebfa96742e9ead78f7949d780dd8d32a081a7f76507aac0
                          • Instruction ID: b3a3c0ad0a4184c2367590efd2a898d3e317892c6473cfaeac930bf5ce8c7d05
                          • Opcode Fuzzy Hash: 4b5f7068d69aab522ebfa96742e9ead78f7949d780dd8d32a081a7f76507aac0
                          • Instruction Fuzzy Hash: F111B160F1DA494FF7A5AB6888727A837A2FF89704F4500B6E41DC72D7DE286D028352
                          Function 00007FFD9B880BF9 Relevance: .0, Instructions: 30COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1800417827.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 592834abda7c586506553b1203de19d5d047540d571615be8f2244b49b5582f8
                          • Instruction ID: f9ecde6481278089e409f67bd89657c746707f4901172450e47daca7d2bc7126
                          • Opcode Fuzzy Hash: 592834abda7c586506553b1203de19d5d047540d571615be8f2244b49b5582f8
                          • Instruction Fuzzy Hash: 62F0557280FBD44FD7648F188820561FFE0EF66210B0E02EBD088CB173CAA96A418301
                          Function 00007FFD9B8806D0 Relevance: .0, Instructions: 21COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.1800417827.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a1510ddd262cfbd653c50f30db957f651acff9261f18cf0ea471ebdfc0118f09
                          • Instruction ID: be780bb715c2be21262106f289c8fd5a7193bf126fa2795bc1d73ac0d1115493
                          • Opcode Fuzzy Hash: a1510ddd262cfbd653c50f30db957f651acff9261f18cf0ea471ebdfc0118f09
                          • Instruction Fuzzy Hash: A2D0973282AC0D4FEBB8EE0C6404171F3D1EF68250B1A09BBE42CD2274C8F22D820280

                          Executed Functions

                          Function 00007FFD9B88135A Relevance: .8, Instructions: 810COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.1882381525.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 275243e1c545b1c3a40435b782e730e7b07707242d3805fed1a3d45ecfbd2bcf
                          • Instruction ID: 736292cf07063bc3a7bed5e5df7d467fd63a0651c2983f6ed6fa19a31f65fdcc
                          • Opcode Fuzzy Hash: 275243e1c545b1c3a40435b782e730e7b07707242d3805fed1a3d45ecfbd2bcf
                          • Instruction Fuzzy Hash: 4C21CE42A0FBC10FE31363782CB51657FA09F1B65070A04EBD4A8CB1E7DA18AD49C393
                          Function 00007FFD9B880570 Relevance: .2, Instructions: 214COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.1882381525.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b1d65104376e911bb0a633c1c9e775067f0284dc827923a53c3c359b8a4d7f3e
                          • Instruction ID: e43cd78a87e36a7dbc4efdcdfae0fc72c31297bb21c673bef128b6dff79476bf
                          • Opcode Fuzzy Hash: b1d65104376e911bb0a633c1c9e775067f0284dc827923a53c3c359b8a4d7f3e
                          • Instruction Fuzzy Hash: 3C513931E29E0E0FE758AB6898A25B977A1EF89720F01017AD45AD32E7DD356C428780
                          Function 00007FFD9B880872 Relevance: .1, Instructions: 112COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.1882381525.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 522e9315deb11119f53eb6e38b604e99a906ddfd417d1d983b0c56c8ca70d73c
                          • Instruction ID: 755b24183b7df932642227f34391d123865947299b6c2aa4afd279933f529b9a
                          • Opcode Fuzzy Hash: 522e9315deb11119f53eb6e38b604e99a906ddfd417d1d983b0c56c8ca70d73c
                          • Instruction Fuzzy Hash: 5941922179990A4FD34DA76CA8718AABFA2FF9C2407E244B4D419C37DFDD34A9028752
                          Function 00007FFD9B881025 Relevance: .1, Instructions: 108COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.1882381525.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 09837f1e80efb3c0f9fa737601c1fee34d7d3e1320768e7ff71d4cd3a18c6208
                          • Instruction ID: ec9123567d65f9a796c0ea2b4b3be8bac9e8945f1c87ffdb30be2549317f0fc1
                          • Opcode Fuzzy Hash: 09837f1e80efb3c0f9fa737601c1fee34d7d3e1320768e7ff71d4cd3a18c6208
                          • Instruction Fuzzy Hash: 5E31FB31A8E6D94FD726A7646C636F63B60DF4A310F1601B7D058C75E3C92D26878391
                          Function 00007FFD9B880C39 Relevance: .1, Instructions: 66COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.1882381525.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8127334c9f5bd0e7de25cd96b47e28fb7a97616790f856fd5be8c5e4e5abcb7d
                          • Instruction ID: 9a90dc15845a900bb1a208bb5603f7e26e12dc2e32d73f7c9ffe59eef7930b48
                          • Opcode Fuzzy Hash: 8127334c9f5bd0e7de25cd96b47e28fb7a97616790f856fd5be8c5e4e5abcb7d
                          • Instruction Fuzzy Hash: 5D11E460F1DA490FF7A5AB6888727B93761FF49704F4100B6D41DC72D7DE286D014342
                          Function 00007FFD9B880BF9 Relevance: .0, Instructions: 30COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.1882381525.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 592834abda7c586506553b1203de19d5d047540d571615be8f2244b49b5582f8
                          • Instruction ID: f9ecde6481278089e409f67bd89657c746707f4901172450e47daca7d2bc7126
                          • Opcode Fuzzy Hash: 592834abda7c586506553b1203de19d5d047540d571615be8f2244b49b5582f8
                          • Instruction Fuzzy Hash: 62F0557280FBD44FD7648F188820561FFE0EF66210B0E02EBD088CB173CAA96A418301
                          Function 00007FFD9B8806D0 Relevance: .0, Instructions: 21COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000007.00000002.1882381525.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_7ffd9b880000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a1510ddd262cfbd653c50f30db957f651acff9261f18cf0ea471ebdfc0118f09
                          • Instruction ID: be780bb715c2be21262106f289c8fd5a7193bf126fa2795bc1d73ac0d1115493
                          • Opcode Fuzzy Hash: a1510ddd262cfbd653c50f30db957f651acff9261f18cf0ea471ebdfc0118f09
                          • Instruction Fuzzy Hash: A2D0973282AC0D4FEBB8EE0C6404171F3D1EF68250B1A09BBE42CD2274C8F22D820280

                          Executed Functions

                          Function 00007FFD9B8B135A Relevance: .8, Instructions: 810COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000A.00000002.1963748014.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_10_2_7ffd9b8b0000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 22ed3e1ec32fb51428fec801e7550c8dc2694fbb614377ac6f5c859b60415444
                          • Instruction ID: f06a29ad82e5294113f225f0e545fe0a099bf13e320e1b6c90d316e0e4199fcb
                          • Opcode Fuzzy Hash: 22ed3e1ec32fb51428fec801e7550c8dc2694fbb614377ac6f5c859b60415444
                          • Instruction Fuzzy Hash: B821BB02A0F7D50FE712A77818B51613FA09F1B65070A00EBD498CF1E7EA08A9498792
                          Function 00007FFD9B8B0570 Relevance: .2, Instructions: 212COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000A.00000002.1963748014.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_10_2_7ffd9b8b0000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fe314968f735abc3da88f5bb682cb5d431d637933fdf6797f11a7db01f57c125
                          • Instruction ID: ee8a77416590bf0eaf0ce96686f1b4f0abfc04966a51c1e0365b81b2b6b8c8cd
                          • Opcode Fuzzy Hash: fe314968f735abc3da88f5bb682cb5d431d637933fdf6797f11a7db01f57c125
                          • Instruction Fuzzy Hash: EF516931F29A1E0FE758AB7898625F977A1EF49720F010579D04AD31E7DD2878438BC0
                          Function 00007FFD9B8B0872 Relevance: .1, Instructions: 112COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000A.00000002.1963748014.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_10_2_7ffd9b8b0000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 38657b9c49c7bf3a7fa18e8a0689726cb2bc2630759e4d56825a3e2f2f03443e
                          • Instruction ID: edaad67ea6eb3ab2239843de98ee1be9594b97b39f9c4f6f8f73d6d7a1f44c03
                          • Opcode Fuzzy Hash: 38657b9c49c7bf3a7fa18e8a0689726cb2bc2630759e4d56825a3e2f2f03443e
                          • Instruction Fuzzy Hash: 7741A12471591E8FD38DBB6C94A18A8BB63FF882447D444F4E419933DFDD38A9028B66
                          Function 00007FFD9B8B1025 Relevance: .1, Instructions: 108COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000A.00000002.1963748014.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_10_2_7ffd9b8b0000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4cf060929ed493750e98dfe6dccd919d26e8f5c82f6fddc11a26ec0123aed64f
                          • Instruction ID: fc4ea4251c0f795fa2477c38d687bc189fa0a59612b89430e7272d62b72efd18
                          • Opcode Fuzzy Hash: 4cf060929ed493750e98dfe6dccd919d26e8f5c82f6fddc11a26ec0123aed64f
                          • Instruction Fuzzy Hash: B431C631A5E1E94FDB26A77058636F53B60DF46310F0601B7D048CB5E3CA1D6A8787D1
                          Function 00007FFD9B8B0C39 Relevance: .1, Instructions: 66COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000A.00000002.1963748014.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_10_2_7ffd9b8b0000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 829712959f29e78f74c7a4299ba62ba840dada0f125bbf839020d9131aa1ea1b
                          • Instruction ID: b5067ab8bec8f388d47ef5098425dda3056e4da96eb7617c92e8e2eaffaa74b7
                          • Opcode Fuzzy Hash: 829712959f29e78f74c7a4299ba62ba840dada0f125bbf839020d9131aa1ea1b
                          • Instruction Fuzzy Hash: 3611E420F1D6594FE7A9B77884717A83761FF59704F4100B6D409C72DBDE1C6D014792
                          Function 00007FFD9B8B0BF9 Relevance: .0, Instructions: 30COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000A.00000002.1963748014.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_10_2_7ffd9b8b0000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: aaf93b637afc167949d9709e3a2b0bfe1860d353f7c1c447655ab9a8cb4c9fb1
                          • Instruction ID: f0126bac483a145f9f8bf014cb32f1f4a3826b1c1780291f81742ae03c045376
                          • Opcode Fuzzy Hash: aaf93b637afc167949d9709e3a2b0bfe1860d353f7c1c447655ab9a8cb4c9fb1
                          • Instruction Fuzzy Hash: 65F05C7280E7980FC7508F188820561BFF0EF56210B0D02DBD088CB173C6595541C741
                          Function 00007FFD9B8B06D0 Relevance: .0, Instructions: 21COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000A.00000002.1963748014.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_10_2_7ffd9b8b0000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c5380f19610df38df78cf3027058a081f3e0a3f106e6ac8b6cec7335a09e2a57
                          • Instruction ID: 30df7216ddcf576e0490b26e6594b72f8ccfb6f88e98b1a05cd9126955b14bba
                          • Opcode Fuzzy Hash: c5380f19610df38df78cf3027058a081f3e0a3f106e6ac8b6cec7335a09e2a57
                          • Instruction Fuzzy Hash: 7DD02E3292982D0ED6A89A186026172F3E0EF68250B150AABE40CD2260C9A229824AC0

                          Executed Functions

                          Function 00007FFD9B8B135A Relevance: .8, Instructions: 810COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2314544784.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_7ffd9b8b0000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 45d3f21f394828a19ff65d52e44e81321721f60a3a6b9261ac170d3f9179930f
                          • Instruction ID: 9f06e9dbf94cded960194484b8ec1cae6497a55fe066c060c1e588520dd21f59
                          • Opcode Fuzzy Hash: 45d3f21f394828a19ff65d52e44e81321721f60a3a6b9261ac170d3f9179930f
                          • Instruction Fuzzy Hash: 6521BB42A0F7D50FE712A77818B51613FA09F1B65074A00EBD498CF1E7EA08A9498392
                          Function 00007FFD9B8B0570 Relevance: .2, Instructions: 212COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2314544784.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_7ffd9b8b0000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 91d8f1cbfabc89d99c4efba879308f8300be6af4c355ae287dea86e52052da81
                          • Instruction ID: 03e484db3ba74699d1142c3f7c0834e5d6f85e26c017b2d44cea21a6dc3757dd
                          • Opcode Fuzzy Hash: 91d8f1cbfabc89d99c4efba879308f8300be6af4c355ae287dea86e52052da81
                          • Instruction Fuzzy Hash: FE514831E2DA1E0FE758AB78DC625F977A1EF49760F010579D04AC32E7DD2578428B80
                          Function 00007FFD9B8B0872 Relevance: .1, Instructions: 112COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2314544784.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_7ffd9b8b0000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6f1002aead4e93b9dc4b005839f1db760b8cb1cb500542c964f12ba70280d9aa
                          • Instruction ID: 67773bdbd8a75f6f11d12298bbc966a6d423dd2e99188a68140916a9d8aa9a21
                          • Opcode Fuzzy Hash: 6f1002aead4e93b9dc4b005839f1db760b8cb1cb500542c964f12ba70280d9aa
                          • Instruction Fuzzy Hash: 7741B3207A595A4FD38DA76CE872AA8BB62FF982007C144B4D01DC33DFDD34B9028752
                          Function 00007FFD9B8B1025 Relevance: .1, Instructions: 108COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2314544784.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_7ffd9b8b0000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 842c2166fe2888e87d8f80d6f1b445534ed1430fa4fb945935e5035661807b92
                          • Instruction ID: a8f612eb0e252f12a56eaf06f63c80afd2d66645f50105774d576b3e609a6319
                          • Opcode Fuzzy Hash: 842c2166fe2888e87d8f80d6f1b445534ed1430fa4fb945935e5035661807b92
                          • Instruction Fuzzy Hash: 1A31D731A9E1E94FDB26A77058636F53B64DF46310F0601B7D048CB5E3CA1D6A8787D1
                          Function 00007FFD9B8B0C39 Relevance: .1, Instructions: 66COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2314544784.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_7ffd9b8b0000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f1595e81546ee358521edbb81321b36271bacd6f64901df62c65dde3a146eed3
                          • Instruction ID: 78d02e83baa56e3d23b22376dbcb4a4baff803bfdbb3648d779843a4105baf93
                          • Opcode Fuzzy Hash: f1595e81546ee358521edbb81321b36271bacd6f64901df62c65dde3a146eed3
                          • Instruction Fuzzy Hash: 3511E460F2D6590FE7A5A77888727B83761FF59704F4200B6D40DC72DBDE18AD054782
                          Function 00007FFD9B8B0BF9 Relevance: .0, Instructions: 30COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2314544784.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_7ffd9b8b0000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: aaf93b637afc167949d9709e3a2b0bfe1860d353f7c1c447655ab9a8cb4c9fb1
                          • Instruction ID: f0126bac483a145f9f8bf014cb32f1f4a3826b1c1780291f81742ae03c045376
                          • Opcode Fuzzy Hash: aaf93b637afc167949d9709e3a2b0bfe1860d353f7c1c447655ab9a8cb4c9fb1
                          • Instruction Fuzzy Hash: 65F05C7280E7980FC7508F188820561BFF0EF56210B0D02DBD088CB173C6595541C741
                          Function 00007FFD9B8B06D0 Relevance: .0, Instructions: 21COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000B.00000002.2314544784.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_11_2_7ffd9b8b0000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c5380f19610df38df78cf3027058a081f3e0a3f106e6ac8b6cec7335a09e2a57
                          • Instruction ID: 30df7216ddcf576e0490b26e6594b72f8ccfb6f88e98b1a05cd9126955b14bba
                          • Opcode Fuzzy Hash: c5380f19610df38df78cf3027058a081f3e0a3f106e6ac8b6cec7335a09e2a57
                          • Instruction Fuzzy Hash: 7DD02E3292982D0ED6A89A186026172F3E0EF68250B150AABE40CD2260C9A229824AC0

                          Executed Functions

                          Function 00007FFD9B870570 Relevance: .2, Instructions: 214COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000D.00000002.4098577147.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_13_2_7ffd9b870000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 62bd669f54e94e06ec824b7638373f057d8c4c06a7c331a9841cb539ca197171
                          • Instruction ID: ebdb1fb99ec8df82608059e085d9298fb20d791ea7992c979b56ba334f2a1ad2
                          • Opcode Fuzzy Hash: 62bd669f54e94e06ec824b7638373f057d8c4c06a7c331a9841cb539ca197171
                          • Instruction Fuzzy Hash: 54515C31F2DA0E4FEB58ABA8D8A65B977A1EF89764F010179D44AC31E7DD247D438380
                          Function 00007FFD9B87088C Relevance: .1, Instructions: 98COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000D.00000002.4098577147.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_13_2_7ffd9b870000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 72e392fb46a7d7b7152922d799595d1ee3ab3d68d6d64c977955742d2ccf8eb0
                          • Instruction ID: 9724f4d717843af41e7bd80e535141efe1a741354bb9e3a813d0b49ad866122b
                          • Opcode Fuzzy Hash: 72e392fb46a7d7b7152922d799595d1ee3ab3d68d6d64c977955742d2ccf8eb0
                          • Instruction Fuzzy Hash: 75316421F96D0F5BD34CE76CA4B14AABB62FF883417D044B4D159837CAEE34A902C742
                          Function 00007FFD9B870C39 Relevance: .1, Instructions: 66COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000D.00000002.4098577147.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_13_2_7ffd9b870000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a1126e229d8e7f72b0b46df67132cb325d160d5ff80ca0e9b19f4cebf5036d02
                          • Instruction ID: 61e3fa306dcb6239c6c19c7e616cedbbba56da57d7fb3f6d1e08b1504570ccde
                          • Opcode Fuzzy Hash: a1126e229d8e7f72b0b46df67132cb325d160d5ff80ca0e9b19f4cebf5036d02
                          • Instruction Fuzzy Hash: 3B11E460F1E64A4FEBA4A76884B67B83761FF89708F4100B6E40DC72D7DE18AC024342
                          Function 00007FFD9B87107C Relevance: .1, Instructions: 52COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000D.00000002.4098577147.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_13_2_7ffd9b870000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e8cee35365a6aa00ad6d162e2a9ed57af162570b09ed8c92a3e6d29ded34bf3b
                          • Instruction ID: 584f8ddd22a002ef172d1487b14a36e3bbca33fa3cdf616fac7ce9bf0da16778
                          • Opcode Fuzzy Hash: e8cee35365a6aa00ad6d162e2a9ed57af162570b09ed8c92a3e6d29ded34bf3b
                          • Instruction Fuzzy Hash: 89019671F1985E8FEF54FB9890A27F977A1EF98344F00047AE40CC32D1DA3569855B81
                          Function 00007FFD9B870BF9 Relevance: .0, Instructions: 30COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000D.00000002.4098577147.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_13_2_7ffd9b870000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: eda44f1a63ec16a3cd41fc20a5ce408d40953f7637110f5a66df37c2be13bc36
                          • Instruction ID: 784c3d2741e1f5b79ed56653f7d7b0d7c14bdd0f5a46bc52598f395de076317d
                          • Opcode Fuzzy Hash: eda44f1a63ec16a3cd41fc20a5ce408d40953f7637110f5a66df37c2be13bc36
                          • Instruction Fuzzy Hash: 96F0557280EBC44FCB558B188864561FFE0EFA6250B0E02DBD088CB162C6AA6A818302
                          Function 00007FFD9B8706D0 Relevance: .0, Instructions: 21COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 0000000D.00000002.4098577147.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_13_2_7ffd9b870000_NzL6O1Q.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: cf5e4842313c0ccea73130ded29fc154bd44b36b086462436d98782050873145
                          • Instruction ID: f25ffd15d7a97d45532c4b80ac3c2aeec391bc8a28c9e94338792bab902fffc2
                          • Opcode Fuzzy Hash: cf5e4842313c0ccea73130ded29fc154bd44b36b086462436d98782050873145
                          • Instruction Fuzzy Hash: 0BD09571835C0D0FDB78DB0C5048171F3D0DF98294B1509ABF80CD3274C8D31D810241