Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
XClient.exe

Overview

General Information

Sample name:XClient.exe
Analysis ID:1587413
MD5:f814bc67769270c774b0fc4dba88ca5b
SHA1:2667e6356b19d31bdb9788f2f2348d621b5f1f75
SHA256:a0b434483513e60b70b966107408e4e707fd9c9605108204d53d5c3cbed9b00c
Tags:exeuser-zhuzhu0009
Infos:

Detection

XWorm
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected XWorm
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Check if machine is in data center or colocation facility
Connects to a pastebin service (likely for C&C)
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Machine Learning detection for dropped file
Machine Learning detection for sample
Protects its processes via BreakOnTermination flag
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Startup Folder File Write
Stores files to the Windows start menu directory
Stores large binary data to the registry
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • XClient.exe (PID: 3672 cmdline: "C:\Users\user\Desktop\XClient.exe" MD5: F814BC67769270C774B0FC4DBA88CA5B)
    • cmd.exe (PID: 3148 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmp4450.tmp.bat"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3724 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • timeout.exe (PID: 5216 cmdline: timeout 3 MD5: 100065E21CFBBDE57CBA2838921F84D6)
  • Update.exe (PID: 2976 cmdline: "C:\Users\user\AppData\Roaming\Update.exe" MD5: F814BC67769270C774B0FC4DBA88CA5B)
  • Update.exe (PID: 4640 cmdline: "C:\Users\user\AppData\Roaming\Update.exe" MD5: F814BC67769270C774B0FC4DBA88CA5B)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: Xworm

{"C2 url": ["https://pastebin.com/raw/76WgDu7L"], "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
XClient.exeJoeSecurity_XWormYara detected XWormJoe Security
    XClient.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      XClient.exerat_win_xworm_v3Finds XWorm (version XClient, v3) samples based on characteristic stringsSekoia.io
      • 0xc8d4:$str01: $VB$Local_Port
      • 0xc901:$str02: $VB$Local_Host
      • 0xaaaa:$str03: get_Jpeg
      • 0xb198:$str04: get_ServicePack
      • 0xe4f5:$str05: Select * from AntivirusProduct
      • 0xedab:$str06: PCRestart
      • 0xedbf:$str07: shutdown.exe /f /r /t 0
      • 0xee71:$str08: StopReport
      • 0xee47:$str09: StopDDos
      • 0xef3d:$str10: sendPlugin
      • 0xefbd:$str11: OfflineKeylogger Not Enabled
      • 0xf115:$str12: -ExecutionPolicy Bypass -File "
      • 0xf892:$str13: Content-length: 5235
      XClient.exeMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
      • 0xdef1:$s6: VirtualBox
      • 0xde4f:$s8: Win32_ComputerSystem
      • 0xfe66:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0xff03:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0x10018:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0xf7ad:$cnc4: POST / HTTP/1.1

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Users\user\AppData\Roaming\Update.exeJoeSecurity_XWormYara detected XWormJoe Security
        C:\Users\user\AppData\Roaming\Update.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
          C:\Users\user\AppData\Roaming\Update.exerat_win_xworm_v3Finds XWorm (version XClient, v3) samples based on characteristic stringsSekoia.io
          • 0xc8d4:$str01: $VB$Local_Port
          • 0xc901:$str02: $VB$Local_Host
          • 0xaaaa:$str03: get_Jpeg
          • 0xb198:$str04: get_ServicePack
          • 0xe4f5:$str05: Select * from AntivirusProduct
          • 0xedab:$str06: PCRestart
          • 0xedbf:$str07: shutdown.exe /f /r /t 0
          • 0xee71:$str08: StopReport
          • 0xee47:$str09: StopDDos
          • 0xef3d:$str10: sendPlugin
          • 0xefbd:$str11: OfflineKeylogger Not Enabled
          • 0xf115:$str12: -ExecutionPolicy Bypass -File "
          • 0xf892:$str13: Content-length: 5235
          C:\Users\user\AppData\Roaming\Update.exeMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
          • 0xdef1:$s6: VirtualBox
          • 0xde4f:$s8: Win32_ComputerSystem
          • 0xfe66:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
          • 0xff03:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
          • 0x10018:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
          • 0xf7ad:$cnc4: POST / HTTP/1.1

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          00000000.00000000.1401314764.0000000000332000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_XWormYara detected XWormJoe Security
            00000000.00000000.1401314764.0000000000332000.00000002.00000001.01000000.00000003.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
            • 0xdcf1:$s6: VirtualBox
            • 0xdc4f:$s8: Win32_ComputerSystem
            • 0xfc66:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
            • 0xfd03:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
            • 0xfe18:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
            • 0xf5ad:$cnc4: POST / HTTP/1.1
            00000000.00000002.1787449810.00000000025C8000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
              00000000.00000002.1787449810.0000000002571000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
                Process Memory Space: XClient.exe PID: 3672JoeSecurity_XWormYara detected XWormJoe Security

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  0.0.XClient.exe.330000.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
                    0.0.XClient.exe.330000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                      0.0.XClient.exe.330000.0.unpackrat_win_xworm_v3Finds XWorm (version XClient, v3) samples based on characteristic stringsSekoia.io
                      • 0xc8d4:$str01: $VB$Local_Port
                      • 0xc901:$str02: $VB$Local_Host
                      • 0xaaaa:$str03: get_Jpeg
                      • 0xb198:$str04: get_ServicePack
                      • 0xe4f5:$str05: Select * from AntivirusProduct
                      • 0xedab:$str06: PCRestart
                      • 0xedbf:$str07: shutdown.exe /f /r /t 0
                      • 0xee71:$str08: StopReport
                      • 0xee47:$str09: StopDDos
                      • 0xef3d:$str10: sendPlugin
                      • 0xefbd:$str11: OfflineKeylogger Not Enabled
                      • 0xf115:$str12: -ExecutionPolicy Bypass -File "
                      • 0xf892:$str13: Content-length: 5235
                      0.0.XClient.exe.330000.0.unpackMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
                      • 0xdef1:$s6: VirtualBox
                      • 0xde4f:$s8: Win32_ComputerSystem
                      • 0xfe66:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
                      • 0xff03:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
                      • 0x10018:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
                      • 0xf7ad:$cnc4: POST / HTTP/1.1

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: CurrentVersion Autorun Keys Modification
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Update.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\XClient.exe, ProcessId: 3672, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Update
                      Sigma detected: Startup Folder File Write
                      Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\XClient.exe, ProcessId: 3672, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.lnk

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-01-10T11:03:27.768054+010028528701Malware Command and Control Activity Detected147.185.221.256073192.168.2.849708TCP
                      2025-01-10T11:03:40.182050+010028528701Malware Command and Control Activity Detected147.185.221.256073192.168.2.849708TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-01-10T11:03:19.051930+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:19.166030+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:19.287767+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:19.418933+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:19.549327+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:19.686041+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:19.815492+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:20.191369+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:20.375366+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:20.489244+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:20.598872+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:20.710451+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:20.817205+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:20.926890+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:21.049332+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:21.160958+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:21.270418+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:21.381559+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:21.491571+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:21.599869+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:21.707856+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:21.817480+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:21.926659+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:22.036485+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:22.145593+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:22.254602+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:22.364708+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:22.473396+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:22.582729+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:22.711401+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:22.819688+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:23.005778+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:23.158284+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:23.270571+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:23.379770+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:23.489659+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:23.613949+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:23.723525+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:23.832979+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:23.942135+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:24.051564+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:24.160881+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:24.270229+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:24.379737+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:24.489206+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:24.598957+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:24.708452+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:24.817363+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:24.926592+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:25.037232+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:25.146333+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:25.258906+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:25.364743+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:25.473540+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:25.582883+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:25.692152+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:25.801483+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:25.915262+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:26.020234+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:26.129668+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:26.239153+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:26.348730+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:26.458032+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:26.567380+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:26.676803+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:26.786800+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:26.899264+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:27.005415+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:27.114488+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:27.225350+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:27.333093+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:27.442458+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:27.552514+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:27.661190+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:27.769763+010028529231Malware Command and Control Activity Detected192.168.2.849708147.185.221.256073TCP
                      2025-01-10T11:03:27.770485+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:27.880405+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:27.989057+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:28.098527+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:28.207843+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:28.317305+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:28.426621+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:28.535890+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:28.645657+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:28.754995+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:28.864545+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:28.973671+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:29.082966+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:29.192939+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:29.346343+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:29.457744+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:29.567576+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:29.686372+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:29.832351+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:30.071363+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:30.187451+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:30.301496+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:30.411019+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:30.520372+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:30.629633+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:30.739186+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:30.848334+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:30.957740+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:31.067099+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:31.176504+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:31.285913+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:31.405243+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:31.520257+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:31.629918+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:31.739168+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:31.848449+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:31.961585+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:32.069586+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:32.176605+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:32.286076+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:32.398453+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:32.521101+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:32.654793+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:32.815802+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:32.926630+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:33.051713+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:33.160981+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:33.272007+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:33.387491+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:33.489089+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:33.598501+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:33.707990+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:33.817486+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:33.926423+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:34.036203+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:34.146958+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:34.254842+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:34.364119+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:34.484146+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:34.598428+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:34.707865+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:34.817264+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:34.926611+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:35.036542+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:35.146760+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:35.255416+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:35.364293+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:35.630063+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:35.741569+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:35.935390+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:36.054959+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:36.163476+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:36.293378+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:36.396291+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:36.504955+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:36.618355+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:36.723429+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:36.832962+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:36.942370+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:37.051528+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:37.160951+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:37.270880+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:37.379704+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:37.489143+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:37.598468+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:37.707833+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:37.817183+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:37.926557+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:38.036044+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:38.145351+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:38.267938+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:38.448245+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:38.606936+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:38.756241+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:38.864023+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:38.973382+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:39.082748+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:39.192207+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:39.301558+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:39.411056+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:39.520237+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:39.630563+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:39.739229+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:39.855845+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:39.958405+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:40.067364+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:40.176633+010028529231Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-01-10T11:03:19.051930+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:19.166030+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:19.287767+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:19.418933+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:19.549327+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:19.686041+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:19.815492+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:20.191369+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:20.375366+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:20.489244+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:20.598872+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:20.710451+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:20.817205+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:20.926890+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:21.049332+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:21.160958+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:21.270418+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:21.381559+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:21.491571+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:21.599869+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:21.707856+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:21.817480+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:21.926659+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:22.036485+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:22.145593+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:22.254602+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:22.364708+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:22.473396+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:22.582729+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:22.711401+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:22.819688+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:23.005778+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:23.158284+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:23.270571+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:23.379770+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:23.489659+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:23.613949+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:23.723525+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:23.832979+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:23.942135+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:24.051564+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:24.160881+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:24.270229+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:24.379737+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:24.489206+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:24.598957+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:24.708452+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:24.817363+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:24.926592+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:25.037232+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:25.146333+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:25.258906+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:25.364743+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:25.473540+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:25.582883+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:25.692152+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:25.801483+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:25.915262+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:26.020234+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:26.129668+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:26.239153+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:26.348730+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:26.458032+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:26.567380+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:26.676803+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:26.786800+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:26.899264+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:27.005415+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:27.114488+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:27.225350+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:27.333093+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:27.442458+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:27.552514+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:27.661190+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:27.770485+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:27.880405+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:27.989057+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:28.098527+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:28.207843+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:28.317305+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:28.426621+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:28.535890+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:28.645657+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:28.754995+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:28.864545+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:28.973671+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:29.082966+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:29.192939+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:29.346343+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:29.457744+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:29.567576+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:29.686372+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:29.832351+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:30.071363+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:30.187451+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:30.301496+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:30.411019+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:30.520372+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:30.629633+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:30.739186+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:30.848334+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:30.957740+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:31.067099+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:31.176504+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:31.285913+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:31.405243+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:31.520257+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:31.629918+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:31.739168+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:31.848449+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:31.961585+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:32.069586+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:32.176605+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:32.286076+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:32.398453+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:32.521101+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:32.654793+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:32.815802+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:32.926630+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:33.051713+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:33.160981+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:33.272007+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:33.387491+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:33.489089+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:33.598501+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:33.707990+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:33.817486+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:33.926423+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:34.036203+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:34.146958+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:34.254842+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:34.364119+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:34.484146+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:34.598428+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:34.707865+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:34.817264+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:34.926611+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:35.036542+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:35.146760+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:35.255416+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:35.364293+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:35.630063+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:35.741569+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:35.935390+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:36.054959+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:36.163476+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:36.293378+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:36.396291+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:36.504955+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:36.618355+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:36.723429+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:36.832962+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:36.942370+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:37.051528+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:37.160951+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:37.270880+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:37.379704+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:37.489143+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:37.598468+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:37.707833+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:37.817183+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:37.926557+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:38.036044+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:38.145351+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:38.267938+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:38.448245+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:38.606936+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:38.756241+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:38.864023+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:38.973382+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:39.082748+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:39.192207+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:39.301558+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:39.411056+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:39.520237+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:39.630563+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:39.739229+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:39.855845+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:39.958405+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:40.067364+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      2025-01-10T11:03:40.176633+010028528731Malware Command and Control Activity Detected192.168.2.849711147.185.221.256073TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-01-10T11:03:27.400659+010028559241Malware Command and Control Activity Detected192.168.2.849708147.185.221.256073TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-01-10T11:03:18.831758+010028531911Malware Command and Control Activity Detected147.185.221.256073192.168.2.849708TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-01-10T11:03:18.370793+010028531921Malware Command and Control Activity Detected192.168.2.849708147.185.221.256073TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus / Scanner detection for submitted sample
                      Source: XClient.exeAvira: detected
                      Antivirus detection for dropped file
                      Source: C:\Users\user\AppData\Roaming\Update.exeAvira: detection malicious, Label: HEUR/AGEN.1305769
                      Found malware configuration
                      Source: XClient.exeMalware Configuration Extractor: Xworm {"C2 url": ["https://pastebin.com/raw/76WgDu7L"], "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}
                      Multi AV Scanner detection for dropped file
                      Source: C:\Users\user\AppData\Roaming\Update.exeReversingLabs: Detection: 73%
                      Source: C:\Users\user\AppData\Roaming\Update.exeVirustotal: Detection: 68%Perma Link
                      Multi AV Scanner detection for submitted file
                      Source: XClient.exeVirustotal: Detection: 68%Perma Link
                      Source: XClient.exeReversingLabs: Detection: 73%
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Machine Learning detection for dropped file
                      Source: C:\Users\user\AppData\Roaming\Update.exeJoe Sandbox ML: detected
                      Machine Learning detection for sample
                      Source: XClient.exeJoe Sandbox ML: detected
                      Sample uses string decryption to hide its real strings
                      Source: XClient.exeString decryptor: https://pastebin.com/raw/76WgDu7L
                      Source: XClient.exeString decryptor: <123456789>
                      Source: XClient.exeString decryptor: <Xwormmm>
                      Source: XClient.exeString decryptor: XWorm V5.6
                      Source: XClient.exeString decryptor: USB.exe
                      Source: XClient.exeString decryptor: %AppData%
                      Source: XClient.exeString decryptor: Update.exe
                      Source: XClient.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: unknownHTTPS traffic detected: 104.20.4.235:443 -> 192.168.2.8:49707 version: TLS 1.2
                      Source: XClient.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: C:\Users\user\Desktop\XClient.exeCode function: 4x nop then jmp 00007FFB4B040134h0_2_00007FFB4B03FAB9
                      Source: C:\Users\user\Desktop\XClient.exeCode function: 4x nop then jmp 00007FFB4B040145h0_2_00007FFB4B03FAB9
                      Source: C:\Users\user\Desktop\XClient.exeCode function: 4x nop then jmp 00007FFB4B03EF62h0_2_00007FFB4B03EDB5
                      Source: C:\Users\user\Desktop\XClient.exeCode function: 4x nop then jmp 00007FFB4B040D04h0_2_00007FFB4B03C0B0

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.8:49711 -> 147.185.221.25:6073
                      Source: Network trafficSuricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.8:49711 -> 147.185.221.25:6073
                      Source: Network trafficSuricata IDS: 2853192 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound : 192.168.2.8:49708 -> 147.185.221.25:6073
                      Source: Network trafficSuricata IDS: 2853191 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound : 147.185.221.25:6073 -> 192.168.2.8:49708
                      Source: Network trafficSuricata IDS: 2855924 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.8:49708 -> 147.185.221.25:6073
                      Source: Network trafficSuricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 147.185.221.25:6073 -> 192.168.2.8:49708
                      Source: Network trafficSuricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.8:49708 -> 147.185.221.25:6073
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: https://pastebin.com/raw/76WgDu7L
                      Connects to a pastebin service (likely for C&C)
                      Source: unknownDNS query: name: pastebin.com
                      Yara detected Generic Downloader
                      Source: Yara matchFile source: XClient.exe, type: SAMPLE
                      Source: Yara matchFile source: 0.0.XClient.exe.330000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Update.exe, type: DROPPED
                      Source: global trafficTCP traffic: 192.168.2.8:49708 -> 147.185.221.25:6073
                      Source: global trafficHTTP traffic detected: GET /raw/76WgDu7L HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                      Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                      Source: Joe Sandbox ViewIP Address: 104.20.4.235 104.20.4.235
                      Source: Joe Sandbox ViewIP Address: 104.20.4.235 104.20.4.235
                      Source: Joe Sandbox ViewASN Name: SALSGIVERUS SALSGIVERUS
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: unknownDNS query: name: ip-api.com
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: unknownTCP traffic detected without corresponding DNS query: 147.185.221.25
                      Source: global trafficHTTP traffic detected: GET /raw/76WgDu7L HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                      Source: global trafficDNS traffic detected: DNS query: ip-api.com
                      Source: global trafficDNS traffic detected: DNS query: pastebin.com
                      Source: XClient.exe, 00000000.00000002.1787449810.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com
                      Source: XClient.exe, Update.exe.0.drString found in binary or memory: http://ip-api.com/line/?fields=hosting
                      Source: XClient.exe, 00000000.00000002.1787449810.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: XClient.exe, 00000000.00000002.1787449810.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com
                      Source: Update.exe, 00000006.00000002.1690611640.0000000002881000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/76WgDu7L
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                      Source: unknownHTTPS traffic detected: 104.20.4.235:443 -> 192.168.2.8:49707 version: TLS 1.2

                      Operating System Destruction

                      barindex
                      Protects its processes via BreakOnTermination flag
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: 01 00 00 00 Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: 00 00 00 00 Jump to behavior

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: XClient.exe, type: SAMPLEMatched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
                      Source: XClient.exe, type: SAMPLEMatched rule: Detects AsyncRAT Author: ditekSHen
                      Source: 0.0.XClient.exe.330000.0.unpack, type: UNPACKEDPEMatched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
                      Source: 0.0.XClient.exe.330000.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
                      Source: 00000000.00000000.1401314764.0000000000332000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
                      Source: C:\Users\user\AppData\Roaming\Update.exe, type: DROPPEDMatched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
                      Source: C:\Users\user\AppData\Roaming\Update.exe, type: DROPPEDMatched rule: Detects AsyncRAT Author: ditekSHen
                      Source: C:\Users\user\Desktop\XClient.exeCode function: 0_2_00007FFB4B036C720_2_00007FFB4B036C72
                      Source: C:\Users\user\Desktop\XClient.exeCode function: 0_2_00007FFB4B03DADA0_2_00007FFB4B03DADA
                      Source: C:\Users\user\Desktop\XClient.exeCode function: 0_2_00007FFB4B035EC60_2_00007FFB4B035EC6
                      Source: C:\Users\user\Desktop\XClient.exeCode function: 0_2_00007FFB4B0316C90_2_00007FFB4B0316C9
                      Source: C:\Users\user\Desktop\XClient.exeCode function: 0_2_00007FFB4B03C2480_2_00007FFB4B03C248
                      Source: C:\Users\user\Desktop\XClient.exeCode function: 0_2_00007FFB4B031F0D0_2_00007FFB4B031F0D
                      Source: C:\Users\user\AppData\Roaming\Update.exeCode function: 5_2_00007FFB4B0516C95_2_00007FFB4B0516C9
                      Source: C:\Users\user\AppData\Roaming\Update.exeCode function: 5_2_00007FFB4B050FE85_2_00007FFB4B050FE8
                      Source: C:\Users\user\AppData\Roaming\Update.exeCode function: 5_2_00007FFB4B051F0D5_2_00007FFB4B051F0D
                      Source: C:\Users\user\AppData\Roaming\Update.exeCode function: 6_2_00007FFB4B0416C96_2_00007FFB4B0416C9
                      Source: C:\Users\user\AppData\Roaming\Update.exeCode function: 6_2_00007FFB4B040FE86_2_00007FFB4B040FE8
                      Source: C:\Users\user\AppData\Roaming\Update.exeCode function: 6_2_00007FFB4B041F0D6_2_00007FFB4B041F0D
                      Source: XClient.exe, 00000000.00000002.1789188962.000000001C840000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRemoteDesktop.dll< vs XClient.exe
                      Source: XClient.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: XClient.exe, type: SAMPLEMatched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
                      Source: XClient.exe, type: SAMPLEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                      Source: 0.0.XClient.exe.330000.0.unpack, type: UNPACKEDPEMatched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
                      Source: 0.0.XClient.exe.330000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                      Source: 00000000.00000000.1401314764.0000000000332000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                      Source: C:\Users\user\AppData\Roaming\Update.exe, type: DROPPEDMatched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
                      Source: C:\Users\user\AppData\Roaming\Update.exe, type: DROPPEDMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                      Source: classification engineClassification label: mal100.troj.evad.winEXE@9/6@2/3
                      Source: C:\Users\user\Desktop\XClient.exeFile created: C:\Users\user\AppData\Roaming\Update.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeMutant created: NULL
                      Source: C:\Users\user\Desktop\XClient.exeMutant created: \Sessions\1\BaseNamedObjects\lOn6sgKFvEzVrOP0
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3724:120:WilError_03
                      Source: C:\Users\user\Desktop\XClient.exeFile created: C:\Users\user\AppData\Local\Temp\tmp4450.tmpJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmp4450.tmp.bat""
                      Source: XClient.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: XClient.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                      Source: C:\Users\user\Desktop\XClient.exeFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: XClient.exeVirustotal: Detection: 68%
                      Source: XClient.exeReversingLabs: Detection: 73%
                      Source: C:\Users\user\Desktop\XClient.exeFile read: C:\Users\user\Desktop\XClient.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\XClient.exe "C:\Users\user\Desktop\XClient.exe"
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\Update.exe "C:\Users\user\AppData\Roaming\Update.exe"
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\Update.exe "C:\Users\user\AppData\Roaming\Update.exe"
                      Source: C:\Users\user\Desktop\XClient.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmp4450.tmp.bat""
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 3
                      Source: C:\Users\user\Desktop\XClient.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmp4450.tmp.bat""Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 3Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: sxs.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: scrrun.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: linkinfo.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: ntshrui.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: cscapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: avicap32.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: msvfw32.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                      Source: C:\Windows\System32\timeout.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                      Source: Update.lnk.0.drLNK file: ..\..\..\..\..\Update.exe
                      Source: XClient.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: XClient.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: C:\Users\user\Desktop\XClient.exeCode function: 0_2_00007FFB4B03754C pushad ; ret 0_2_00007FFB4B03755A
                      Source: C:\Users\user\AppData\Roaming\Update.exeCode function: 6_2_00007FFB4B0406D9 push edi; ret 6_2_00007FFB4B0406DA
                      Source: C:\Users\user\Desktop\XClient.exeFile created: C:\Users\user\AppData\Roaming\Update.exeJump to dropped file
                      Source: C:\Users\user\Desktop\XClient.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.lnkJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.lnkJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UpdateJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UpdateJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\EF317FDFBD80D532EB57 CC52384910CEE944DDBCC575A8E0177BFA6B16E3032438B207797164D5C94B34Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Check if machine is in data center or colocation facility
                      Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                      Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                      Source: C:\Users\user\Desktop\XClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: XClient.exe, Update.exe.0.drBinary or memory string: SBIEDLL.DLL
                      Source: C:\Users\user\Desktop\XClient.exeMemory allocated: 970000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeMemory allocated: 1A570000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeMemory allocated: D80000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeMemory allocated: 1A8E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeMemory allocated: B40000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeMemory allocated: 1A870000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 600000Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 599875Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 599766Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 599657Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 599532Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 599407Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 599297Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 599188Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 599063Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 598938Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 598813Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 598688Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 598576Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 598467Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 598360Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 598247Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 598141Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 597969Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 597817Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 597622Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 597439Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 597313Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 597203Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 597094Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 596985Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 596860Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 596735Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 596610Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 596485Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 596360Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 596235Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 596110Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 595985Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 595860Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 595735Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 595610Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 595485Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 595360Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 595235Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 595039Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 594811Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 594656Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 594547Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 594438Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 594313Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeWindow / User API: threadDelayed 2972Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeWindow / User API: threadDelayed 6836Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -33204139332677172s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -600000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -599875s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -599766s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -599657s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -599532s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -599407s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -599297s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -599188s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -599063s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -598938s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -598813s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -598688s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -598576s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -598467s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -598360s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -598247s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -598141s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -597969s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -597817s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -597622s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -597439s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -597313s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -597203s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -597094s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -596985s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -596860s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -596735s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -596610s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -596485s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -596360s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -596235s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -596110s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -595985s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -595860s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -595735s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -595610s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -595485s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -595360s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -595235s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -595039s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -594811s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -594656s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -594547s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -594438s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exe TID: 1196Thread sleep time: -594313s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exe TID: 3032Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exe TID: 4260Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                      Source: C:\Users\user\Desktop\XClient.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 600000Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 599875Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 599766Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 599657Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 599532Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 599407Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 599297Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 599188Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 599063Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 598938Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 598813Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 598688Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 598576Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 598467Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 598360Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 598247Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 598141Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 597969Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 597817Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 597622Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 597439Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 597313Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 597203Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 597094Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 596985Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 596860Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 596735Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 596610Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 596485Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 596360Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 596235Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 596110Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 595985Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 595860Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 595735Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 595610Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 595485Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 595360Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 595235Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 595039Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 594811Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 594656Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 594547Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 594438Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 594313Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: Update.exe.0.drBinary or memory string: vmware
                      Source: XClient.exe, Update.exe.0.drBinary or memory string: dZPaqkVDyB0fixb09lStaaGzXDGEzlvzoreQ1fymJOAbEG8M6efKakukqEmUJ9M
                      Source: XClient.exe, 00000000.00000002.1788462449.000000001B3CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

                      Anti Debugging

                      barindex
                      Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                      Source: C:\Users\user\Desktop\XClient.exeCode function: 0_2_00007FFB4B037881 CheckRemoteDebuggerPresent,0_2_00007FFB4B037881
                      Source: C:\Users\user\Desktop\XClient.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeMemory allocated: page read and write | page guardJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmp4450.tmp.bat""Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 3Jump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeQueries volume information: C:\Users\user\Desktop\XClient.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeQueries volume information: C:\Users\user\AppData\Roaming\Update.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Update.exeQueries volume information: C:\Users\user\AppData\Roaming\Update.exe VolumeInformationJump to behavior
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\XClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: XClient.exe, 00000000.00000002.1788529914.000000001B411000.00000004.00000020.00020000.00000000.sdmp, XClient.exe, 00000000.00000002.1788839700.000000001B4BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                      Source: C:\Users\user\Desktop\XClient.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                      Stealing of Sensitive Information

                      barindex
                      Yara detected XWorm
                      Source: Yara matchFile source: XClient.exe, type: SAMPLE
                      Source: Yara matchFile source: 0.0.XClient.exe.330000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000000.1401314764.0000000000332000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1787449810.00000000025C8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1787449810.0000000002571000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: XClient.exe PID: 3672, type: MEMORYSTR
                      Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Update.exe, type: DROPPED

                      Remote Access Functionality

                      barindex
                      Yara detected XWorm
                      Source: Yara matchFile source: XClient.exe, type: SAMPLE
                      Source: Yara matchFile source: 0.0.XClient.exe.330000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000000.1401314764.0000000000332000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1787449810.00000000025C8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1787449810.0000000002571000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: XClient.exe PID: 3672, type: MEMORYSTR
                      Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Update.exe, type: DROPPED

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity Information1
                      Scripting                      		Valid Accounts12
                      Windows Management Instrumentation                      		1
                      Scripting                      		11
                      Process Injection                      		1
                      Masquerading                      		OS Credential Dumping541
                      Security Software Discovery                      		Remote Services1
                      Archive Collected Data                      		1
                      Web Service                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/Job21
                      Registry Run Keys / Startup Folder                      		21
                      Registry Run Keys / Startup Folder                      		1
                      Modify Registry                      		LSASS Memory151
                      Virtualization/Sandbox Evasion                      		Remote Desktop ProtocolData from Removable Media11
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAt1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		1
                      Disable or Modify Tools                      		Security Account Manager1
                      Application Window Discovery                      		SMB/Windows Admin SharesData from Network Shared Drive1
                      Non-Standard Port                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook151
                      Virtualization/Sandbox Evasion                      		NTDS1
                      System Network Configuration Discovery                      		Distributed Component Object ModelInput Capture1
                      Ingress Tool Transfer                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                      Process Injection                      		LSA Secrets1
                      File and Directory Discovery                      		SSHKeylogging2
                      Non-Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                      Obfuscated Files or Information                      		Cached Domain Credentials23
                      System Information Discovery                      		VNCGUI Input Capture13
                      Application Layer Protocol                      		Data Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                      DLL Side-Loading                      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1587413 Sample: XClient.exe Startdate: 10/01/2025 Architecture: WINDOWS Score: 100 27 pastebin.com 2->27 29 ip-api.com 2->29 37 Suricata IDS alerts for network traffic 2->37 39 Found malware configuration 2->39 41 Malicious sample detected (through community Yara rule) 2->41 45 10 other signatures 2->45 8 XClient.exe 16 8 2->8         started        13 Update.exe 1 2->13         started        15 Update.exe 2->15         started        signatures3 43 Connects to a pastebin service (likely for C&C) 27->43 process4 dnsIp5 31 147.185.221.25, 49708, 49711, 6073 SALSGIVERUS United States 8->31 33 ip-api.com 208.95.112.1, 49706, 80 TUT-ASUS United States 8->33 35 pastebin.com 104.20.4.235, 443, 49707 CLOUDFLARENETUS United States 8->35 23 C:\Users\user\AppData\Roaming\Update.exe, PE32 8->23 dropped 25 C:\Users\user\AppData\...\XClient.exe.log, CSV 8->25 dropped 47 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 8->47 49 Protects its processes via BreakOnTermination flag 8->49 51 Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent) 8->51 17 cmd.exe 1 8->17         started        53 Antivirus detection for dropped file 13->53 55 Multi AV Scanner detection for dropped file 13->55 57 Machine Learning detection for dropped file 13->57 file6 signatures7 process8 process9 19 conhost.exe 17->19         started        21 timeout.exe 1 17->21         started       

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      XClient.exe68%VirustotalBrowse
                      XClient.exe74%ReversingLabsWin32.Exploit.Xworm
                      XClient.exe100%AviraHEUR/AGEN.1305769
                      XClient.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\Update.exe100%AviraHEUR/AGEN.1305769
                      C:\Users\user\AppData\Roaming\Update.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\Update.exe74%ReversingLabsWin32.Exploit.Xworm
                      C:\Users\user\AppData\Roaming\Update.exe68%VirustotalBrowse

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      No Antivirus matches

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      ip-api.com
                      		208.95.112.1
                      		truefalse
                        		high
                        pastebin.com
                        		104.20.4.235
                        		truefalse
                          		high

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://pastebin.com/raw/76WgDu7Lfalse
                            		high
                            http://ip-api.com/line/?fields=hostingfalse
                              		high

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameXClient.exe, 00000000.00000002.1787449810.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://pastebin.comXClient.exe, 00000000.00000002.1787449810.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://ip-api.comXClient.exe, 00000000.00000002.1787449810.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    208.95.112.1
                                    		ip-api.comUnited States
                                    		53334TUT-ASUSfalse
                                    104.20.4.235
                                    		pastebin.comUnited States
                                    		13335CLOUDFLARENETUSfalse
                                    147.185.221.25
                                    		unknownUnited States
                                    		12087SALSGIVERUStrue

                                    General Information

                                    Joe Sandbox version:42.0.0 Malachite
                                    Analysis ID:1587413
                                    Start date and time:2025-01-10 11:02:06 +01:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 4m 58s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:13
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:XClient.exe
                                    Detection:MAL
                                    Classification:mal100.troj.evad.winEXE@9/6@2/3
                                    EGA Information:
                                    • Successful, ratio: 33.3%
                                    HCA Information:
                                    • Successful, ratio: 100%
                                    • Number of executed functions: 39
                                    • Number of non-executed functions: 0
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe

                                    Warnings

                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                    • Excluded IPs from analysis (whitelisted): 52.149.20.212
                                    • Excluded domains from analysis (whitelisted): www.bing.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                    • Execution Graph export aborted for target Update.exe, PID 2976 because it is empty
                                    • Execution Graph export aborted for target Update.exe, PID 4640 because it is empty
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                    • Report size getting too big, too many NtReadVirtualMemory calls found.

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    05:03:05API Interceptor236x Sleep call for process: XClient.exe modified
                                    11:03:09AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Update C:\Users\user\AppData\Roaming\Update.exe
                                    11:03:17AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Update C:\Users\user\AppData\Roaming\Update.exe
                                    11:03:26AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.lnk

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    208.95.112.1Comprobante.de.pago.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                    • ip-api.com/line/?fields=hosting
                                    p.exeGet hashmaliciousUnknownBrowse
                                    • ip-api.com/csv/?fields=query
                                    rNuevaorden_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                    • ip-api.com/line/?fields=hosting
                                    I334hDwRjj.exeGet hashmaliciousBlank Grabber, NjratBrowse
                                    • ip-api.com/json/?fields=225545
                                    startup_str_466.batGet hashmaliciousXWormBrowse
                                    • ip-api.com/line/?fields=hosting
                                    7dtpow.ps1Get hashmaliciousAgentTeslaBrowse
                                    • ip-api.com/line/?fields=hosting
                                    x.exeGet hashmaliciousAgentTeslaBrowse
                                    • ip-api.com/line/?fields=hosting
                                    TR98760H.exeGet hashmaliciousAgentTeslaBrowse
                                    • ip-api.com/line/?fields=hosting
                                    47SXvEQ.exeGet hashmaliciousBlank Grabber, XmrigBrowse
                                    • ip-api.com/json/?fields=225545
                                    test.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                    • ip-api.com/json/
                                    104.20.4.235gabe.ps1Get hashmaliciousUnknownBrowse
                                    • pastebin.com/raw/sA04Mwk2
                                    cr_asm_crypter.ps1Get hashmaliciousUnknownBrowse
                                    • pastebin.com/raw/sA04Mwk2
                                    vF20HtY4a4.exeGet hashmaliciousUnknownBrowse
                                    • pastebin.com/raw/sA04Mwk2
                                    OSLdZanXNc.exeGet hashmaliciousUnknownBrowse
                                    • pastebin.com/raw/sA04Mwk2
                                    gaber.ps1Get hashmaliciousUnknownBrowse
                                    • pastebin.com/raw/sA04Mwk2
                                    cr_asm_crypter.ps1Get hashmaliciousUnknownBrowse
                                    • pastebin.com/raw/sA04Mwk2
                                    sostener.vbsGet hashmaliciousNjratBrowse
                                    • pastebin.com/raw/V9y5Q5vv
                                    sostener.vbsGet hashmaliciousXWormBrowse
                                    • pastebin.com/raw/V9y5Q5vv
                                    envifa.vbsGet hashmaliciousRemcosBrowse
                                    • pastebin.com/raw/V9y5Q5vv
                                    New Voicemail Invoice 64746w .jsGet hashmaliciousWSHRATBrowse
                                    • pastebin.com/raw/NsQ5qTHr

                                    Domains

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    pastebin.com18e568eb4ca89f8a3e4f04b1eb15472b55b4548f4d153.exeGet hashmaliciousDCRatBrowse
                                    • 104.20.3.235
                                    Solara_v3.exeGet hashmaliciousUnknownBrowse
                                    • 104.20.4.235
                                    Solara_v3.exeGet hashmaliciousUnknownBrowse
                                    • 104.20.3.235
                                    Drivespan.dllGet hashmaliciousUnknownBrowse
                                    • 104.20.3.235
                                    XClient.exeGet hashmaliciousXWormBrowse
                                    • 172.67.19.24
                                    ogVinh0jhq.exeGet hashmaliciousDCRatBrowse
                                    • 104.20.4.235
                                    hiwA7Blv7C.exeGet hashmaliciousXmrigBrowse
                                    • 172.67.19.24
                                    CRf9KBk4ra.exeGet hashmaliciousDCRatBrowse
                                    • 172.67.19.24
                                    dF66DKQP7u.exeGet hashmaliciousXWormBrowse
                                    • 104.20.3.235
                                    2QaN4hOyJs.exeGet hashmaliciousXWormBrowse
                                    • 104.20.3.235
                                    ip-api.comComprobante.de.pago.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                    • 208.95.112.1
                                    p.exeGet hashmaliciousUnknownBrowse
                                    • 208.95.112.1
                                    rNuevaorden_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                    • 208.95.112.1
                                    I334hDwRjj.exeGet hashmaliciousBlank Grabber, NjratBrowse
                                    • 208.95.112.1
                                    startup_str_466.batGet hashmaliciousXWormBrowse
                                    • 208.95.112.1
                                    7dtpow.ps1Get hashmaliciousAgentTeslaBrowse
                                    • 208.95.112.1
                                    x.exeGet hashmaliciousAgentTeslaBrowse
                                    • 208.95.112.1
                                    TR98760H.exeGet hashmaliciousAgentTeslaBrowse
                                    • 208.95.112.1
                                    47SXvEQ.exeGet hashmaliciousBlank Grabber, XmrigBrowse
                                    • 208.95.112.1
                                    test.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                    • 208.95.112.1

                                    ASNs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    TUT-ASUSComprobante.de.pago.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                    • 208.95.112.1
                                    p.exeGet hashmaliciousUnknownBrowse
                                    • 208.95.112.1
                                    rNuevaorden_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                    • 208.95.112.1
                                    I334hDwRjj.exeGet hashmaliciousBlank Grabber, NjratBrowse
                                    • 208.95.112.1
                                    startup_str_466.batGet hashmaliciousXWormBrowse
                                    • 208.95.112.1
                                    7dtpow.ps1Get hashmaliciousAgentTeslaBrowse
                                    • 208.95.112.1
                                    x.exeGet hashmaliciousAgentTeslaBrowse
                                    • 208.95.112.1
                                    TR98760H.exeGet hashmaliciousAgentTeslaBrowse
                                    • 208.95.112.1
                                    47SXvEQ.exeGet hashmaliciousBlank Grabber, XmrigBrowse
                                    • 208.95.112.1
                                    test.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                    • 208.95.112.1
                                    CLOUDFLARENETUShttp://www.efnhdh.blogspot.mk/Get hashmaliciousGRQ ScamBrowse
                                    • 172.67.12.83
                                    gem1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                    • 104.26.12.205
                                    http://pdfdrive.com.coGet hashmaliciousUnknownBrowse
                                    • 104.21.11.245
                                    RFQ SHEETS PX2 MULE25 SHENZHEN LUCKY.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                                    • 104.21.80.1
                                    https://ctrk.klclick3.com/l/01JGXREPA9AKCFABSME4GFWDDZ_0#YWxhaW5femllZ2xlckB6aWVnbGVyZ3JvdXAuY29tGet hashmaliciousUnknownBrowse
                                    • 172.66.43.95
                                    http://www.singhs.lvGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                    • 104.18.11.207
                                    http://18ofcontents.shopGet hashmaliciousUnknownBrowse
                                    • 104.21.96.1
                                    https://www.dcamarketintelligence.com/tdtGet hashmaliciousUnknownBrowse
                                    • 104.26.15.92
                                    1162-201.exeGet hashmaliciousFormBookBrowse
                                    • 104.21.64.1
                                    https://cdn.btmessage.com/Get hashmaliciousHTMLPhisherBrowse
                                    • 172.67.74.232
                                    SALSGIVERUSDkvES47bkt.exeGet hashmaliciousUnknownBrowse
                                    • 147.185.221.24
                                    startup_str_466.batGet hashmaliciousXWormBrowse
                                    • 147.185.221.24
                                    Fixer.exeGet hashmaliciousRedLine, SheetRatBrowse
                                    • 147.185.221.24
                                    Fixer.exeGet hashmaliciousRedLineBrowse
                                    • 147.185.221.24
                                    spreadmalware.exeGet hashmaliciousXWormBrowse
                                    • 147.185.221.24
                                    7fqul5Zr8Y.exeGet hashmaliciousUnknownBrowse
                                    • 147.185.221.24
                                    miori.arm.elfGet hashmaliciousUnknownBrowse
                                    • 147.168.252.34
                                    miori.m68k.elfGet hashmaliciousUnknownBrowse
                                    • 147.184.86.253
                                    loader.exeGet hashmaliciousUnknownBrowse
                                    • 147.185.221.24
                                    loader.exeGet hashmaliciousUnknownBrowse
                                    • 147.185.221.24

                                    JA3 Fingerprints

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    3b5074b1b5d032e5620f69f9f700ff0eRFQ SHEETS PX2 MULE25 SHENZHEN LUCKY.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                                    • 104.20.4.235
                                    1736491685cd440ba02224486139c45779065ac91a3edb422c48d3d3c6920c4d30fc9d2bfc582.dat-decoded.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                    • 104.20.4.235
                                    https://aqctslc.com/Get hashmaliciousUnknownBrowse
                                    • 104.20.4.235
                                    https://sacredartscommunications.com/Get hashmaliciousHTMLPhisherBrowse
                                    • 104.20.4.235
                                    http://stonecoldstalley.com/Get hashmaliciousUnknownBrowse
                                    • 104.20.4.235
                                    RFQ-12202430_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                    • 104.20.4.235
                                    PaymentAdvice.htmlGet hashmaliciousKnowBe4Browse
                                    • 104.20.4.235
                                    dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                    • 104.20.4.235
                                    #U0130LC#U0130 HOLD#U0130NG a.s fiyati_teklif 017867Sipari#U015fi jpeg doc .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                    • 104.20.4.235
                                    PO-12202432_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                    • 104.20.4.235

                                    Dropped Files

                                    No context

                                    Created / dropped Files

                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Update.exe.log

                                    Download File
                                    Process:C:\Users\user\AppData\Roaming\Update.exe
                                    File Type:CSV text
                                    Category:dropped
                                    Size (bytes):654
                                    Entropy (8bit):5.380476433908377
                                    Encrypted:false
                                    SSDEEP:12:Q3La/KDLI4MWuPXcp1OKbbDLI4MWuPOKfSSI6Khap+92n4MNQp3/VXM5gXu9tv:ML9E4KQwKDE4KGKZI6Kh6+84xp3/VclT
                                    MD5:30E4BDFC34907D0E4D11152CAEBE27FA
                                    SHA1:825402D6B151041BA01C5117387228EC9B7168BF
                                    SHA-256:A7B8F7FFB4822570DB1423D61ED74D7F4B538CE73521CC8745BC6B131C18BE63
                                    SHA-512:89FBCBCDB0BE5AD7A95685CF9AA4330D5B0250440E67DC40C6642260E024F52A402E9381F534A9824D2541B98B02094178A15BF2320148432EDB0D09B5F972BA
                                    Malicious:false
                                    Reputation:moderate, very likely benign file
                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\04de61553901f06e2f763b6f03a6f65a\Microsoft.VisualBasic.ni.dll",0..

                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\XClient.exe.log

                                    Download File
                                    Process:C:\Users\user\Desktop\XClient.exe
                                    File Type:CSV text
                                    Category:dropped
                                    Size (bytes):1727
                                    Entropy (8bit):5.3718223239563105
                                    Encrypted:false
                                    SSDEEP:48:MxHKQwYHKGSI6o6+vxp3/elZHNpOtHTHhAHKKkt1qHGIs0HKD:iqbYqGSI6o9Zp/elZtpOtzHeqKktwmjB
                                    MD5:9714380A7DC1A8945C07B6C9DC8312B0
                                    SHA1:E6DF51F4C72B17485883378FDBF28D6BB5CFFDF3
                                    SHA-256:1DD30FC94BA3D3F97B5F250110A2639430AEB51FAE7A252F886AE2401EC31D4B
                                    SHA-512:876FB2C042F5FC60F6ACE9D143BA1A3AC9E200124EA3CB12476D10D24D82B4F2394F045E56FEB8906872D01B00BF9E646DEECC384144E21AEB6D6C10A365FB10
                                    Malicious:true
                                    Reputation:low
                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\04de61553901f06e2f763b6f03a6f65a\Microsoft.VisualBasic.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\8af759007c012da690062882e06694f1\System.Management.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.

                                    C:\Users\user\AppData\Local\Temp\tmp4450.tmp.bat

                                    Download File
                                    Process:C:\Users\user\Desktop\XClient.exe
                                    File Type:DOS batch file, ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):150
                                    Entropy (8bit):5.005722938982854
                                    Encrypted:false
                                    SSDEEP:3:mKDDCMNqTtv3DCHyOWORHvhs99m9NQDwU1hGDCHyg4E2J5xAInTRI7yloL1ZPy:hWKqTtLCH7O9mNQDNeCHhJ23fTDwk
                                    MD5:9F0D1F9F2A188FB55300BB0E6CA47CEB
                                    SHA1:7AB7771083C470CD690FEAF9277E61357CB010CF
                                    SHA-256:BA220081FA99B593728E45D85D33F14DA16CB3FC7A26A1BB03FE5C2759777A42
                                    SHA-512:075AC25DDDE403E7480B5C35FA13762D06A7FEEA8B16001820CFA40EA3357EE50926CD6E573E4EF82692E6DE5325CDF53421039E5352640189156D216BDB67F0
                                    Malicious:false
                                    Reputation:low
                                    Preview:@echo off..timeout 3 > NUL..CD C:\Users\user\Desktop..DEL "XClient.exe" /f /q..CD C:\Users\user\AppData\Local\Temp\..DEL "tmp4450.tmp.bat" /f /q..

                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.lnk

                                    Download File
                                    Process:C:\Users\user\Desktop\XClient.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Jan 10 09:03:05 2025, mtime=Fri Jan 10 09:03:05 2025, atime=Fri Jan 10 09:03:05 2025, length=74240, window=hide
                                    Category:dropped
                                    Size (bytes):760
                                    Entropy (8bit):5.064836891739229
                                    Encrypted:false
                                    SSDEEP:12:8klvg4qkChlY//6/LWEHKq8kCjAsGUH17SF7SF9mV:8klpPN0Bqq8bAsDSF7SF9m
                                    MD5:F086459AAD4B02F33D571B427373B119
                                    SHA1:F4DA96A2DAFC888BE49C1A31D71019DF949F4A6F
                                    SHA-256:B64C6E5AA472B7EABD427335716AB83143BFC5DEA7AAD2DE48F9AD776ED4485C
                                    SHA-512:AA0BF464930166ACE5DF9C96958B2C603EB62B74BBA997590AAE06D9EDD324DA4CF1E844E1F8B6B6BA7CECFD4CE7B519913037A45738A97F59D40B0523786E1F
                                    Malicious:false
                                    Preview:L..................F.... ......Fc.....Fc.....Fc..."......................t.:..DG..Yr?.D..U..k0.&...&.......y.Yd.......Fc.....Fc......t...CFSF..1.....EW)B..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW)B*Z]P..........................d...A.p.p.D.a.t.a...B.V.1.....*Z[P..Roaming.@......EW)B*Z[P...........................F3.R.o.a.m.i.n.g.....`.2.."..*ZcP .Update.exe..F......*ZcP*ZcP....S#.....................A.U.p.d.a.t.e...e.x.e.......Y...............-.......X.............ju.....C:\Users\user\AppData\Roaming\Update.exe........\.....\.....\.....\.....\.U.p.d.a.t.e...e.x.e.`.......X.......841618...........hT..CrF.f4... ..H..Yc...,...E...hT..CrF.f4... ..H..Yc...,...E..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                    C:\Users\user\AppData\Roaming\Update.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\XClient.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):74240
                                    Entropy (8bit):6.00077116064688
                                    Encrypted:false
                                    SSDEEP:1536:R0VnpAIVqo23E0/SCbrDPGGAEZ5XRO51ny:MLt0/ZbfPbZ5XRO51ny
                                    MD5:F814BC67769270C774B0FC4DBA88CA5B
                                    SHA1:2667E6356B19D31BDB9788F2F2348D621B5F1F75
                                    SHA-256:A0B434483513E60B70B966107408E4E707FD9C9605108204D53D5C3CBED9B00C
                                    SHA-512:2204B8798FFBE6EF592630CC81FAF76C780C5B87C9A14FB898F3E965851ED6A0818D97D95A2080127528C8593D3317D6FE10F0AB584B7053D88855387962C941
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Roaming\Update.exe, Author: Joe Security
                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\Update.exe, Author: Joe Security
                                    • Rule: rat_win_xworm_v3, Description: Finds XWorm (version XClient, v3) samples based on characteristic strings, Source: C:\Users\user\AppData\Roaming\Update.exe, Author: Sekoia.io
                                    • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Users\user\AppData\Roaming\Update.exe, Author: ditekSHen
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 74%
                                    • Antivirus: Virustotal, Detection: 68%, Browse
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....g.............................7... ...@....@.. ....................................@..................................7..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................7......H.......tZ..(.......&.....................................................(....*.r...p*. ...*..(....*.r/..p*. .x!.*.s.........s.........s.........s.........*.r...p*. w...*.r...p*. .(T.*.r...p*. .g..*.rK..p*.r...p*. ..'.*..((...*.r...p*. ....*.rq..p*.(+...-.(,...,.+.(-...,.+.(*...,.+.()...,..(S...*&(....&+.*.+5sb... .... .'..oc...(*...~....-.(\...(N...~....od...&.-.*.rj..p*. ..e.*.r1..p*. ..<.*.r...p*. o...*.rJ..p*. F.*.*.r...p*.r...p*. U...*.r@..p*. ~.H.*.r...p*. E/..*.r...p

                                    \Device\Null

                                    Download File
                                    Process:C:\Windows\System32\timeout.exe
                                    File Type:ASCII text, with CRLF line terminators, with overstriking
                                    Category:dropped
                                    Size (bytes):60
                                    Entropy (8bit):4.41440934524794
                                    Encrypted:false
                                    SSDEEP:3:hYFqdLGAR+mQRKVxLZXt0sn:hYFqGaNZKsn
                                    MD5:3DD7DD37C304E70A7316FE43B69F421F
                                    SHA1:A3754CFC33E9CA729444A95E95BCB53384CB51E4
                                    SHA-256:4FA27CE1D904EA973430ADC99062DCF4BAB386A19AB0F8D9A4185FA99067F3AA
                                    SHA-512:713533E973CF0FD359AC7DB22B1399392C86D9FD1E715248F5724AAFBBF0EEB5EAC0289A0E892167EB559BE976C2AD0A0A0D8EFC407FFAF5B3C3A32AA9A0AAA4
                                    Malicious:false
                                    Preview:..Waiting for 3 seconds, press a key to continue ....2.1.0..

                                    Static File Info

                                    General

                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Entropy (8bit):6.00077116064688
                                    TrID:
                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                    • Win32 Executable (generic) a (10002005/4) 49.75%
                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                    • Windows Screen Saver (13104/52) 0.07%
                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                    File name:XClient.exe
                                    File size:74'240 bytes
                                    MD5:f814bc67769270c774b0fc4dba88ca5b
                                    SHA1:2667e6356b19d31bdb9788f2f2348d621b5f1f75
                                    SHA256:a0b434483513e60b70b966107408e4e707fd9c9605108204d53d5c3cbed9b00c
                                    SHA512:2204b8798ffbe6ef592630cc81faf76c780c5b87c9a14fb898f3e965851ed6a0818d97d95a2080127528c8593d3317d6fe10f0ab584b7053d88855387962c941
                                    SSDEEP:1536:R0VnpAIVqo23E0/SCbrDPGGAEZ5XRO51ny:MLt0/ZbfPbZ5XRO51ny
                                    TLSH:67737D283BE60129F1FFEFB55DF13162CA35F2236607AA6F24C901861623A85CD51BF5
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g.............................7... ...@....@.. ....................................@................................

                                    File Icon

                                    Icon Hash:00928e8e8686b000

                                    Static PE Info

                                    General

                                    Entrypoint:0x4137ee
                                    Entrypoint Section:.text
                                    Digitally signed:false
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                    Time Stamp:0x6780E31C [Fri Jan 10 09:06:36 2025 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:
                                    OS Version Major:4
                                    OS Version Minor:0
                                    File Version Major:4
                                    File Version Minor:0
                                    Subsystem Version Major:4
                                    Subsystem Version Minor:0
                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                    Entrypoint Preview

                                    Instruction
                                    jmp dword ptr [00402000h]
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al

                                    Data Directories

                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x1379c0x4f.text
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x140000x4ce.rsrc
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x160000xc.reloc
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                    Sections

                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x20000x117f40x11800b454e47460d290c93a9ac78db1cb7c64False0.61806640625data6.072710445723449IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    .rsrc0x140000x4ce0x600f9052177c59fad11b6e11866b69a673fFalse0.375data3.726864092899557IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .reloc0x160000xc0x2005c12ca2d24911b3272554ad952b35c5bFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                    Resources

                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                    RT_VERSION0x140a00x244data0.4724137931034483
                                    RT_MANIFEST0x142e40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041

                                    Imports

                                    DLLImport
                                    mscoree.dll_CorExeMain

                                    Network Behavior

                                    Suricata IDS Alerts

                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                    2025-01-10T11:03:18.370793+01002853192ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound1192.168.2.849708147.185.221.256073TCP
                                    2025-01-10T11:03:18.831758+01002853191ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound1147.185.221.256073192.168.2.849708TCP
                                    2025-01-10T11:03:19.051930+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:19.051930+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:19.166030+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:19.166030+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:19.287767+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:19.287767+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:19.418933+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:19.418933+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:19.549327+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:19.549327+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:19.686041+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:19.686041+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:19.815492+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:19.815492+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:20.191369+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:20.191369+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:20.375366+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:20.375366+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:20.489244+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:20.489244+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:20.598872+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:20.598872+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:20.710451+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:20.710451+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:20.817205+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:20.817205+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:20.926890+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:20.926890+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:21.049332+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:21.049332+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:21.160958+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:21.160958+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:21.270418+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:21.270418+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:21.381559+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:21.381559+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:21.491571+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:21.491571+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:21.599869+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:21.599869+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:21.707856+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:21.707856+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:21.817480+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:21.817480+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:21.926659+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:21.926659+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:22.036485+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:22.036485+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:22.145593+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:22.145593+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:22.254602+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:22.254602+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:22.364708+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:22.364708+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:22.473396+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:22.473396+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:22.582729+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:22.582729+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:22.711401+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:22.711401+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:22.819688+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:22.819688+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:23.005778+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:23.005778+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:23.158284+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:23.158284+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:23.270571+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:23.270571+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:23.379770+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:23.379770+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:23.489659+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:23.489659+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:23.613949+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:23.613949+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:23.723525+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:23.723525+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:23.832979+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:23.832979+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:23.942135+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:23.942135+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:24.051564+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:24.051564+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:24.160881+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:24.160881+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:24.270229+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:24.270229+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:24.379737+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:24.379737+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:24.489206+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:24.489206+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:24.598957+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:24.598957+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:24.708452+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:24.708452+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:24.817363+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:24.817363+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:24.926592+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:24.926592+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:25.037232+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:25.037232+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:25.146333+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:25.146333+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:25.258906+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:25.258906+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:25.364743+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:25.364743+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:25.473540+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:25.473540+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:25.582883+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:25.582883+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:25.692152+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:25.692152+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:25.801483+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:25.801483+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:25.915262+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:25.915262+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:26.020234+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:26.020234+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:26.129668+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:26.129668+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:26.239153+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:26.239153+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:26.348730+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:26.348730+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:26.458032+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:26.458032+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:26.567380+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:26.567380+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:26.676803+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:26.676803+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:26.786800+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:26.786800+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:26.899264+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:26.899264+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:27.005415+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:27.005415+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:27.114488+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:27.114488+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:27.225350+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:27.225350+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:27.333093+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:27.333093+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:27.400659+01002855924ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.849708147.185.221.256073TCP
                                    2025-01-10T11:03:27.442458+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:27.442458+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:27.552514+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:27.552514+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:27.661190+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:27.661190+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:27.768054+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.256073192.168.2.849708TCP
                                    2025-01-10T11:03:27.769763+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849708147.185.221.256073TCP
                                    2025-01-10T11:03:27.770485+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:27.770485+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:27.880405+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:27.880405+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:27.989057+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:27.989057+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:28.098527+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:28.098527+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:28.207843+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:28.207843+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:28.317305+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:28.317305+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:28.426621+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:28.426621+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:28.535890+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:28.535890+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:28.645657+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:28.645657+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:28.754995+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:28.754995+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:28.864545+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:28.864545+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:28.973671+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:28.973671+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:29.082966+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:29.082966+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:29.192939+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:29.192939+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:29.346343+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:29.346343+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:29.457744+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:29.457744+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:29.567576+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:29.567576+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:29.686372+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:29.686372+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:29.832351+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:29.832351+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:30.071363+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:30.071363+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:30.187451+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:30.187451+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:30.301496+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:30.301496+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:30.411019+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:30.411019+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:30.520372+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:30.520372+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:30.629633+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:30.629633+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:30.739186+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:30.739186+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:30.848334+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:30.848334+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:30.957740+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:30.957740+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:31.067099+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:31.067099+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:31.176504+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:31.176504+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:31.285913+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:31.285913+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:31.405243+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:31.405243+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:31.520257+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:31.520257+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:31.629918+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:31.629918+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:31.739168+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:31.739168+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:31.848449+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:31.848449+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:31.961585+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:31.961585+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:32.069586+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:32.069586+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:32.176605+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:32.176605+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:32.286076+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:32.286076+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:32.398453+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:32.398453+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:32.521101+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:32.521101+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:32.654793+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:32.654793+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:32.815802+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:32.815802+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:32.926630+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:32.926630+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:33.051713+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:33.051713+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:33.160981+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:33.160981+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:33.272007+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:33.272007+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:33.387491+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:33.387491+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:33.489089+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:33.489089+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:33.598501+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:33.598501+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:33.707990+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:33.707990+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:33.817486+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:33.817486+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:33.926423+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:33.926423+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:34.036203+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:34.036203+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:34.146958+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:34.146958+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:34.254842+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:34.254842+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:34.364119+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:34.364119+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:34.484146+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:34.484146+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:34.598428+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:34.598428+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:34.707865+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:34.707865+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:34.817264+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:34.817264+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:34.926611+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:34.926611+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:35.036542+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:35.036542+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:35.146760+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:35.146760+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:35.255416+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:35.255416+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:35.364293+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:35.364293+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:35.630063+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:35.630063+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:35.741569+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:35.741569+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:35.935390+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:35.935390+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:36.054959+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:36.054959+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:36.163476+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:36.163476+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:36.293378+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:36.293378+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:36.396291+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:36.396291+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:36.504955+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:36.504955+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:36.618355+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:36.618355+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:36.723429+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:36.723429+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:36.832962+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:36.832962+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:36.942370+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:36.942370+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:37.051528+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:37.051528+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:37.160951+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:37.160951+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:37.270880+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:37.270880+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:37.379704+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:37.379704+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:37.489143+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:37.489143+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:37.598468+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:37.598468+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:37.707833+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:37.707833+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:37.817183+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:37.817183+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:37.926557+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:37.926557+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:38.036044+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:38.036044+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:38.145351+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:38.145351+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:38.267938+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:38.267938+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:38.448245+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:38.448245+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:38.606936+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:38.606936+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:38.756241+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:38.756241+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:38.864023+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:38.864023+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:38.973382+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:38.973382+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:39.082748+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:39.082748+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:39.192207+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:39.192207+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:39.301558+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:39.301558+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:39.411056+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:39.411056+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:39.520237+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:39.520237+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:39.630563+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:39.630563+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:39.739229+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:39.739229+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:39.855845+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:39.855845+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:39.958405+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:39.958405+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:40.067364+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:40.067364+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:40.176633+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:40.176633+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.849711147.185.221.256073TCP
                                    2025-01-10T11:03:40.182050+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.256073192.168.2.849708TCP

                                    Network Port Distribution

                                    TCP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Jan 10, 2025 11:03:05.424772978 CET4970680192.168.2.8208.95.112.1
                                    Jan 10, 2025 11:03:05.430085897 CET8049706208.95.112.1192.168.2.8
                                    Jan 10, 2025 11:03:05.430156946 CET4970680192.168.2.8208.95.112.1
                                    Jan 10, 2025 11:03:05.430852890 CET4970680192.168.2.8208.95.112.1
                                    Jan 10, 2025 11:03:05.436332941 CET8049706208.95.112.1192.168.2.8
                                    Jan 10, 2025 11:03:05.886295080 CET8049706208.95.112.1192.168.2.8
                                    Jan 10, 2025 11:03:05.941900969 CET4970680192.168.2.8208.95.112.1
                                    Jan 10, 2025 11:03:07.040683985 CET49707443192.168.2.8104.20.4.235
                                    Jan 10, 2025 11:03:07.040718079 CET44349707104.20.4.235192.168.2.8
                                    Jan 10, 2025 11:03:07.040770054 CET49707443192.168.2.8104.20.4.235
                                    Jan 10, 2025 11:03:07.055841923 CET49707443192.168.2.8104.20.4.235
                                    Jan 10, 2025 11:03:07.055859089 CET44349707104.20.4.235192.168.2.8
                                    Jan 10, 2025 11:03:07.528302908 CET44349707104.20.4.235192.168.2.8
                                    Jan 10, 2025 11:03:07.528422117 CET49707443192.168.2.8104.20.4.235
                                    Jan 10, 2025 11:03:07.531070948 CET49707443192.168.2.8104.20.4.235
                                    Jan 10, 2025 11:03:07.531100035 CET44349707104.20.4.235192.168.2.8
                                    Jan 10, 2025 11:03:07.531474113 CET44349707104.20.4.235192.168.2.8
                                    Jan 10, 2025 11:03:07.578171015 CET49707443192.168.2.8104.20.4.235
                                    Jan 10, 2025 11:03:07.623322010 CET44349707104.20.4.235192.168.2.8
                                    Jan 10, 2025 11:03:07.821177006 CET44349707104.20.4.235192.168.2.8
                                    Jan 10, 2025 11:03:07.821419954 CET44349707104.20.4.235192.168.2.8
                                    Jan 10, 2025 11:03:07.821708918 CET49707443192.168.2.8104.20.4.235
                                    Jan 10, 2025 11:03:07.835700035 CET49707443192.168.2.8104.20.4.235
                                    Jan 10, 2025 11:03:12.692662001 CET497086073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:12.697530031 CET607349708147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:12.697609901 CET497086073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:12.760267019 CET497086073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:12.765083075 CET607349708147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:18.302982092 CET607349708147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:18.348249912 CET497086073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:18.370793104 CET497086073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:18.375813007 CET607349708147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:18.831758022 CET607349708147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:18.831773996 CET607349708147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:18.831856012 CET497086073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:18.843662977 CET607349708147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:18.843683958 CET607349708147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:18.843712091 CET607349708147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:18.843730927 CET497086073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:18.854583025 CET607349708147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:18.854594946 CET607349708147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:18.854607105 CET607349708147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:18.854639053 CET497086073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:18.854660988 CET497086073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:18.861680031 CET607349708147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:18.861690998 CET607349708147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:18.861759901 CET497086073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:18.873349905 CET607349708147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:18.873362064 CET607349708147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:18.873373032 CET607349708147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:18.873431921 CET497086073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:18.883853912 CET607349708147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:18.883909941 CET607349708147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:18.883939028 CET497086073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:18.926309109 CET497086073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:18.952306986 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:18.957108021 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:18.957181931 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:18.970269918 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:18.975080013 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:19.051929951 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:19.056726933 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:19.166029930 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:19.171488047 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:19.287766933 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:19.292711973 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:19.418932915 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:19.423778057 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:19.549326897 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:19.554236889 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:19.686041117 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:19.690897942 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:19.815491915 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:19.820404053 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:20.191369057 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:20.196285009 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:20.375365973 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:20.380228043 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:20.489243984 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:20.494107008 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:20.598871946 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:20.603781939 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:20.614662886 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:20.660695076 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:20.705430031 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:20.710388899 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:20.710413933 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:20.710448027 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:20.710450888 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:20.710551023 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:20.710628986 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:20.755283117 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:20.817204952 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:20.822016954 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:20.926889896 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:20.931730986 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:21.049331903 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:21.054347038 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:21.160958052 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:21.165821075 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:21.270417929 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:21.275302887 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:21.381558895 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:21.386451006 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:21.491570950 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:21.496499062 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:21.599869013 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:21.604881048 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:21.707855940 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:21.712757111 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:21.817480087 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:21.822369099 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:21.926659107 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:21.931627989 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:21.949665070 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:21.980988979 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:21.986973047 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:21.987356901 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:21.987365961 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:22.036484957 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:22.087250948 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:22.145592928 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:22.150535107 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:22.254601955 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:22.259854078 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:22.364707947 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:22.369792938 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:22.473396063 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:22.478620052 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:22.582729101 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:22.587718964 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:22.621470928 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:22.664577007 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:22.669543982 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:22.669670105 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:22.669735909 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:22.669820070 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:22.711277008 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:22.711400986 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:22.716337919 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:22.819688082 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:22.824681997 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.005778074 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:23.010838985 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.158283949 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:23.163333893 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.244894028 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.270570993 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:23.275417089 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:23.276542902 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.280328989 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.280354977 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.280438900 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.280481100 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.379770041 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:23.384732962 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.489659071 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:23.494878054 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.613949060 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:23.619193077 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.663028955 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.707571983 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:23.723525047 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:23.728598118 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.775985956 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:23.781022072 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.781274080 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.781289101 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.781297922 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.781306982 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.781316996 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.781344891 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.781352997 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.781397104 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.781405926 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.781481028 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.781490088 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.781569958 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.781575918 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.781625986 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.781701088 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.781711102 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.781718016 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.785696983 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.785717010 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.785726070 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.785737991 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.785832882 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.785845995 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.785867929 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.785880089 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.785944939 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.785955906 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.786010027 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.786020994 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.786032915 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.786045074 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.786067963 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.786079884 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.786091089 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.786140919 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.786153078 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.786191940 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.786205053 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.786230087 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.832978964 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:23.838067055 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:23.942135096 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:23.949526072 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.051563978 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:24.056452990 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.160881042 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:24.165755033 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.270229101 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:24.275146961 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.379736900 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:24.384735107 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.489206076 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:24.494107008 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.598957062 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:24.603975058 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.708451986 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:24.713326931 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.774283886 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.817362070 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:24.817363024 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:24.822581053 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.888822079 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:24.894000053 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.894038916 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.894067049 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.894117117 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.894144058 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.894212961 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.894239902 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.894306898 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.894332886 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.894448996 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.894475937 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.894594908 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.894622087 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.894648075 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.894675016 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.894717932 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.894766092 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.894793987 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.894819021 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.894865990 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.894891977 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.894917965 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.894943953 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.894990921 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.895018101 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.895045042 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.895070076 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.895096064 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.895121098 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.895169020 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.895195007 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.895221949 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.895247936 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.895272970 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.895298004 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.895343065 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.895391941 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.895417929 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.895442963 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.895468950 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.895493984 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.895519018 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.895544052 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.895570040 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.895616055 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.895642042 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.895668030 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:24.926592112 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:24.931524038 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.037231922 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:25.042289019 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.146332979 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:25.151654005 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.258905888 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:25.268294096 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.364742994 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:25.369766951 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.473540068 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:25.478441954 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.563513994 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.582882881 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:25.588469028 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.681507111 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:25.686707973 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.686729908 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.686933041 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.686944008 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.686986923 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687005043 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687115908 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687124968 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687170982 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687180042 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687220097 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687237024 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687297106 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687305927 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687362909 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687371969 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687422991 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687432051 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687500000 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687509060 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687608004 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687617064 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687625885 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687633991 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687644958 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687660933 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687702894 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687747955 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687778950 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687809944 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687886953 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687896013 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687938929 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.687947989 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.688045979 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.688055038 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.688112974 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.688122034 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.688138008 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.688152075 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.688191891 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.688200951 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.688240051 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.688256979 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.688311100 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.688321114 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.688329935 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.692152023 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:25.696954966 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.801482916 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:25.914993048 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:25.915261984 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:25.920114040 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.020234108 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:26.025063992 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.129667997 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:26.134641886 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.239152908 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:26.244014025 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.348730087 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:26.353605032 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.371814013 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.426415920 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:26.458031893 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:26.498668909 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:26.503245115 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.503668070 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.503731012 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.503774881 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.503784895 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.503887892 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.503896952 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.503952980 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.503993988 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504054070 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504062891 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504074097 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504144907 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504154921 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504163027 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504208088 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504216909 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504234076 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504242897 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504280090 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504288912 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504301071 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504314899 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504326105 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504340887 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504410028 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504417896 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504462957 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504471064 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504487991 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504496098 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504508018 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504515886 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504578114 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504586935 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504602909 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504611015 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504656076 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504673004 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504683018 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504698992 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504817009 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504826069 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504867077 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504875898 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504924059 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504931927 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.504940033 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.567379951 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:26.572321892 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.676803112 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:26.681663036 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.786799908 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:26.791773081 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:26.899264097 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:26.904175997 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.005414963 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:27.010265112 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.114487886 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:27.119488001 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.155915022 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.207765102 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:27.225349903 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:27.275281906 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.293898106 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:27.299031973 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.299047947 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.299160957 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.299186945 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.299320936 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.299330950 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.299401999 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.299412012 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.299447060 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.299531937 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.299540997 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.299550056 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.299639940 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.299648046 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.299720049 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.299729109 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.299799919 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.299808979 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.299858093 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.299866915 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.299917936 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.299926043 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.299981117 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.299989939 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.300035954 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.300045013 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.300081968 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.300164938 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.300173998 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.300182104 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.300262928 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.300271988 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.300312042 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.300319910 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.300357103 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.300371885 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.300519943 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.300529003 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.300537109 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.300544977 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.300559998 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.300568104 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.300658941 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.300667048 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.300698996 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.300806046 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.300813913 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.300822020 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.300859928 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.300868988 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.333092928 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:27.338012934 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.400659084 CET497086073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:27.405534029 CET607349708147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.442457914 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:27.447303057 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.552514076 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:27.557933092 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.661190033 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:27.666150093 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.744055033 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.768054008 CET607349708147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.769762993 CET497086073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:27.770484924 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:27.774662971 CET607349708147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.775352955 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.872014999 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:27.877079010 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.877093077 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.877173901 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.877212048 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.877346992 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.877355099 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.877434015 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.877450943 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.877557039 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.877564907 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.877614975 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.877623081 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.877656937 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.877665997 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.877710104 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.877724886 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.877830029 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.877839088 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.877877951 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.877887011 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.877928972 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.877945900 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.878031969 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.878041029 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.878082991 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.878091097 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.878226995 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.878241062 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.878249884 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.878257990 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.878273964 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.878282070 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.878343105 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.878350973 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.878405094 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.878412962 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.878462076 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.878469944 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.878547907 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.878551960 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.878606081 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.878616095 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.878673077 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.878680944 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.878746033 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.878753901 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.878807068 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.878814936 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.880404949 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:27.885224104 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:27.989057064 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:27.994108915 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.098526955 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:28.103303909 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.207843065 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:28.212682962 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.317305088 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:28.322221041 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.426620960 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:28.431632042 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.525460958 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.535890102 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:28.540760994 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.645657063 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:28.650609016 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.651865005 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:28.656900883 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.656910896 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.656992912 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.657011032 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.657026052 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.657033920 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.657094955 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.657103062 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.657177925 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.657185078 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.657290936 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.657299042 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.657367945 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.657376051 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.657435894 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.657444000 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.657558918 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.657567024 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.657604933 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.657650948 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.657699108 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.657706976 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.657767057 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.657774925 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.657825947 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.657833099 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.657938004 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.657946110 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.658010960 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.658018112 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.658082008 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.658088923 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.658139944 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.658148050 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.658200979 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.658209085 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.658257961 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.658265114 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.658329964 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.658337116 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.658397913 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.658405066 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.658462048 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.658468008 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.658531904 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.658539057 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.658587933 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.658646107 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.754995108 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:28.760066986 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.864545107 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:28.871437073 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:28.973670959 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:28.979398012 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.082966089 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:29.088124037 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.102691889 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.145075083 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:29.192939043 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:29.241169930 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:29.343319893 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.343868971 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.343879938 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.343997955 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.344089031 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.344098091 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.344130039 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.344139099 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.344185114 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.344253063 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.344261885 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.344293118 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.344398022 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.344405890 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.344446898 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.344455004 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.344504118 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.344512939 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.344547987 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.344590902 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.344681978 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.344691992 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.344747066 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.344754934 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.344827890 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.344835997 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.344870090 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.344877958 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.344893932 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.344902992 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.344963074 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.345012903 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.345068932 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.345077991 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.345124006 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.345170975 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.345268965 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.345277071 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.345407963 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.345417023 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.345463991 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.345472097 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.345515013 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.345524073 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.345556021 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.345597029 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.345654964 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.345664024 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.345671892 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.346343040 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:29.351355076 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.457743883 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:29.462686062 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.567575932 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:29.572720051 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.686372042 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:29.691409111 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.832350969 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:29.837222099 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.844387054 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:29.895214081 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:30.071362972 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:30.120855093 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.129511118 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:30.134586096 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.134596109 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.134680986 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.134689093 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.134810925 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.134835958 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.134918928 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.134960890 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135000944 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135082006 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135133028 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135211945 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135243893 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135328054 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135337114 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135401011 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135409117 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135510921 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135519981 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135566950 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135575056 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135669947 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135678053 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135721922 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135730028 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135771036 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135778904 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135795116 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135798931 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135816097 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135863066 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135870934 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135880947 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135919094 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135927916 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135977983 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.135986090 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.136049986 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.136059046 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.136075020 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.136082888 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.136092901 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.136100054 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.136143923 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.136152983 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.136223078 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.136230946 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.136241913 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.187450886 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:30.192223072 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.301496029 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:30.306360006 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.411019087 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:30.415868998 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.520371914 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:30.525234938 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.623560905 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.629632950 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:30.635221958 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.739186049 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:30.744117975 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.752986908 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:30.757997990 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758018017 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758148909 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758240938 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758369923 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758378983 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758388996 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758424997 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758461952 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758471012 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758512974 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758521080 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758563042 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758569956 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758611917 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758619070 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758666992 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758673906 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758709908 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758717060 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758764982 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758771896 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758800030 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758806944 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758843899 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758894920 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758902073 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758908987 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758940935 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758949041 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758963108 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.758970022 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.759016991 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.759025097 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.759051085 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.759057999 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.759120941 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.759128094 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.759160042 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.759166956 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.759202003 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.759247065 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.759253979 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.759295940 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.848334074 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:30.853740931 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:30.957740068 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:30.962579966 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.067099094 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:31.071922064 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.176503897 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:31.181358099 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.269606113 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.285912991 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:31.290884018 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.375349998 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:31.380302906 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.380333900 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.380353928 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.380459070 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.380466938 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.380507946 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.380549908 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.380558968 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.380655050 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.380707026 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.380714893 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.380778074 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.380785942 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.380835056 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.380841970 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.380867958 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.380903959 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.380956888 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.380964994 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.380985975 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.381035089 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.381071091 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.381179094 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.405242920 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:31.410089970 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.520256996 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:31.525914907 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.629918098 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:31.634777069 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.739167929 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:31.744023085 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.848448992 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:31.942298889 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.951699018 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:31.961585045 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:31.966552019 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.059348106 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:32.064408064 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.064455986 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.064507008 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.064636946 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.064644098 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.064681053 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.064764023 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.064774036 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.064841986 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.064964056 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.065042019 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.065078974 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.065135002 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.065232992 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.065241098 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.065269947 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.065332890 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.065340996 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.065382004 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.065413952 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.065448999 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.065514088 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.065521002 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.065530062 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.069586039 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:32.074433088 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.176604986 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:32.181556940 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.286076069 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:32.290915012 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.398452997 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:32.414383888 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.486675978 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.521100998 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:32.526029110 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.654793024 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:32.659720898 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.806963921 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:32.812063932 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.812074900 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.812083960 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.812098980 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.812105894 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.812148094 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.812197924 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.812216997 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.812237978 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.812313080 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.812357903 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.812366962 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.812438011 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.812446117 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.812489986 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.812565088 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.812619925 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.812639952 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.812654972 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.812706947 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.812721968 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.813235044 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.815802097 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:32.820579052 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:32.926630020 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:32.931615114 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.051712990 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:33.056719065 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.160980940 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:33.165923119 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.241667032 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.272006989 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:33.277787924 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.387490988 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:33.392425060 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:33.392476082 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.397502899 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.397586107 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.397712946 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.397780895 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.397816896 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.397862911 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.397907972 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.397988081 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.397995949 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.398029089 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.398121119 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.398128986 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.398137093 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.398194075 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.398256063 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.398327112 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.398382902 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.398432016 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.398500919 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.398545980 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.398602009 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.398663998 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.398711920 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.398745060 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.398811102 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.489089012 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:33.494111061 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.598500967 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:33.603460073 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.707989931 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:33.713243008 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.810106039 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.817486048 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:33.822443962 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.911228895 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:33.916503906 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.916517019 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.916595936 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.916613102 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.916649103 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.916683912 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.916728020 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.916795969 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.916882992 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.916891098 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.916919947 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.916944981 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.916981936 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.917016029 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.917037010 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.917083979 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.917102098 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.917151928 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.917169094 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.917202950 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.917242050 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.917305946 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.917356014 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.917363882 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:33.926423073 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:33.931258917 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.036202908 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:34.041249037 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.146958113 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:34.152009010 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.254842043 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:34.260188103 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.351911068 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.364119053 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:34.369086981 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.476489067 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:34.482687950 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.482701063 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.482758999 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.482907057 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.482914925 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.483038902 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.483047009 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.483055115 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.483190060 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.483197927 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.483206987 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.483359098 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.483366966 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.483376026 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.483525991 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.483656883 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.483665943 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.483673096 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.483680964 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.483807087 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.483814955 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.483823061 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.483975887 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.483984947 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.484146118 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:34.491133928 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.598428011 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:34.604275942 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.707865000 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:34.712924957 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.817264080 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:34.822285891 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.895565033 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:34.926610947 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:34.931514025 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.036541939 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:35.041621923 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.050568104 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:35.055507898 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.055551052 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.055624008 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.055635929 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.055697918 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.055772066 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.055856943 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.055933952 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.055982113 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.056037903 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.056081057 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.056135893 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.056149960 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.056247950 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.056260109 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.056273937 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.056391001 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.056404114 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.056425095 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.056437016 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.056451082 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.056509018 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.056548119 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.056560993 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.146759987 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:35.151755095 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.255415916 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:35.260318041 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.364293098 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:35.369702101 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.630063057 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:35.635020971 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.704296112 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.741569042 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:35.746550083 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:35.935389996 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:35.990183115 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:36.003133059 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.003150940 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.003161907 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.003176928 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.003187895 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.003199100 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.003223896 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.003242970 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.003254890 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.003268003 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.003326893 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.003340960 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.003349066 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.003380060 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.003439903 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.003451109 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.003489971 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.003547907 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.003608942 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.003624916 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.003639936 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.003751040 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.003762007 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.003772974 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.003794909 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.003815889 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.003854990 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.003909111 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.003989935 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.004038095 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.004106998 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.004120111 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.054959059 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:36.059886932 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.163475990 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:36.168626070 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.293378115 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:36.298438072 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.396291018 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:36.401242018 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.504955053 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:36.509932995 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.580738068 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.618355036 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:36.623333931 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.678246975 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:36.683341026 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.683361053 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.683409929 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.683589935 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.683717966 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.683727026 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.723428965 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:36.728387117 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.832962036 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:36.837995052 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:36.942369938 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:36.952553988 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:37.051527977 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:37.056500912 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:37.160950899 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:37.164644003 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:37.166335106 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:37.201457977 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:37.206461906 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:37.206481934 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:37.206517935 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:37.206679106 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:37.206762075 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:37.206770897 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:37.270879984 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:37.275774956 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:37.379703999 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:37.384584904 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:37.489142895 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:37.494206905 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:37.584395885 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:37.598468065 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:37.603301048 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:37.649342060 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:37.654468060 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:37.654506922 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:37.654566050 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:37.654633999 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:37.654709101 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:37.654762030 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:37.707833052 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:37.712862968 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:37.817183018 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:37.822185993 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:37.926557064 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:37.932482958 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:38.036043882 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:38.041297913 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:38.077734947 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:38.104856968 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:38.109857082 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:38.109888077 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:38.109901905 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:38.110160112 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:38.110263109 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:38.110276937 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:38.145350933 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:38.191277027 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:38.267937899 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:38.272845984 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:38.448245049 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:38.453319073 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:38.606935978 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:38.607569933 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:38.611876011 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:38.660706043 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:38.681654930 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:38.686718941 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:38.686752081 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:38.686773062 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:38.686885118 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:38.686989069 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:38.687001944 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:38.756241083 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:38.761249065 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:38.864022970 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:38.869172096 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:38.973381996 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:38.978332996 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:39.082747936 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:39.087680101 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:39.192207098 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:39.197174072 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:39.222201109 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:39.263796091 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:39.268732071 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:39.268759966 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:39.268771887 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:39.268944025 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:39.269006968 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:39.269020081 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:39.301558018 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:39.355284929 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:39.411056042 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:39.416017056 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:39.520236969 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:39.525206089 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:39.630563021 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:39.635581970 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:39.642270088 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:39.684724092 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:39.689815998 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:39.689846039 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:39.689899921 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:39.690119028 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:39.690170050 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:39.690200090 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:39.739228964 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:39.791340113 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:39.855844975 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:39.860845089 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:39.958405018 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:39.963462114 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:40.061522961 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:40.067363977 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:40.072309971 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:40.116306067 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:40.121416092 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:40.121450901 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:40.121489048 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:40.121599913 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:40.121644020 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:40.121665955 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:40.176632881 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:40.181634903 CET607349711147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:40.182049990 CET607349708147.185.221.25192.168.2.8
                                    Jan 10, 2025 11:03:40.211983919 CET4970680192.168.2.8208.95.112.1
                                    Jan 10, 2025 11:03:40.212012053 CET497116073192.168.2.8147.185.221.25
                                    Jan 10, 2025 11:03:40.212027073 CET497086073192.168.2.8147.185.221.25

                                    UDP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Jan 10, 2025 11:03:05.409245968 CET5899153192.168.2.81.1.1.1
                                    Jan 10, 2025 11:03:05.417390108 CET53589911.1.1.1192.168.2.8
                                    Jan 10, 2025 11:03:07.033301115 CET5368053192.168.2.81.1.1.1
                                    Jan 10, 2025 11:03:07.040185928 CET53536801.1.1.1192.168.2.8

                                    DNS Queries

                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                    Jan 10, 2025 11:03:05.409245968 CET192.168.2.81.1.1.10xe7f0Standard query (0)ip-api.comA (IP address)IN (0x0001)false
                                    Jan 10, 2025 11:03:07.033301115 CET192.168.2.81.1.1.10x1facStandard query (0)pastebin.comA (IP address)IN (0x0001)false

                                    DNS Answers

                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                    Jan 10, 2025 11:03:05.417390108 CET1.1.1.1192.168.2.80xe7f0No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                    Jan 10, 2025 11:03:07.040185928 CET1.1.1.1192.168.2.80x1facNo error (0)pastebin.com104.20.4.235A (IP address)IN (0x0001)false
                                    Jan 10, 2025 11:03:07.040185928 CET1.1.1.1192.168.2.80x1facNo error (0)pastebin.com104.20.3.235A (IP address)IN (0x0001)false
                                    Jan 10, 2025 11:03:07.040185928 CET1.1.1.1192.168.2.80x1facNo error (0)pastebin.com172.67.19.24A (IP address)IN (0x0001)false

                                    HTTP Request Dependency Graph

                                    • pastebin.com
                                    • ip-api.com

                                    HTTP Packets

                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    0192.168.2.849706208.95.112.1803672C:\Users\user\Desktop\XClient.exe
                                    TimestampBytes transferredDirectionData
                                    Jan 10, 2025 11:03:05.430852890 CET80OUTGET /line/?fields=hosting HTTP/1.1
                                    Host: ip-api.com
                                    Connection: Keep-Alive
                                    Jan 10, 2025 11:03:05.886295080 CET175INHTTP/1.1 200 OK
                                    Date: Fri, 10 Jan 2025 10:03:05 GMT
                                    Content-Type: text/plain; charset=utf-8
                                    Content-Length: 6
                                    Access-Control-Allow-Origin: *
                                    X-Ttl: 60
                                    X-Rl: 44
                                    Data Raw: 66 61 6c 73 65 0a
                                    Data Ascii: false


                                    HTTPS Proxied Packets

                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    0192.168.2.849707104.20.4.2354433672C:\Users\user\Desktop\XClient.exe
                                    TimestampBytes transferredDirectionData
                                    2025-01-10 10:03:07 UTC74OUTGET /raw/76WgDu7L HTTP/1.1
                                    Host: pastebin.com
                                    Connection: Keep-Alive
                                    2025-01-10 10:03:07 UTC388INHTTP/1.1 200 OK
                                    Date: Fri, 10 Jan 2025 10:03:07 GMT
                                    Content-Type: text/plain; charset=utf-8
                                    Transfer-Encoding: chunked
                                    Connection: close
                                    x-frame-options: DENY
                                    x-content-type-options: nosniff
                                    x-xss-protection: 1;mode=block
                                    cache-control: public, max-age=1801
                                    CF-Cache-Status: MISS
                                    Last-Modified: Fri, 10 Jan 2025 10:03:07 GMT
                                    Server: cloudflare
                                    CF-RAY: 8ffbd5dcba8d8c4d-EWR
                                    2025-01-10 10:03:07 UTC25INData Raw: 31 33 0d 0a 31 34 37 2e 31 38 35 2e 32 32 31 2e 32 35 3a 36 30 37 33 0d 0a
                                    Data Ascii: 13147.185.221.25:6073
                                    2025-01-10 10:03:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Statistics

                                    CPU Usage

                                    Click to jump to process

                                    Memory Usage

                                    Click to jump to process

                                    High Level Behavior Distribution

                                    Click to dive into process behavior distribution

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    General

                                    Target ID:0
                                    Start time:05:03:00
                                    Start date:10/01/2025
                                    Path:C:\Users\user\Desktop\XClient.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Users\user\Desktop\XClient.exe"
                                    Imagebase:0x330000
                                    File size:74'240 bytes
                                    MD5 hash:F814BC67769270C774B0FC4DBA88CA5B
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000000.1401314764.0000000000332000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                    • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000000.1401314764.0000000000332000.00000002.00000001.01000000.00000003.sdmp, Author: ditekSHen
                                    • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000002.1787449810.00000000025C8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000002.1787449810.0000000002571000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    Reputation:low
                                    Has exited:true

                                    General

                                    Target ID:5
                                    Start time:05:03:17
                                    Start date:10/01/2025
                                    Path:C:\Users\user\AppData\Roaming\Update.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Users\user\AppData\Roaming\Update.exe"
                                    Imagebase:0x630000
                                    File size:74'240 bytes
                                    MD5 hash:F814BC67769270C774B0FC4DBA88CA5B
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Roaming\Update.exe, Author: Joe Security
                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\Update.exe, Author: Joe Security
                                    • Rule: rat_win_xworm_v3, Description: Finds XWorm (version XClient, v3) samples based on characteristic strings, Source: C:\Users\user\AppData\Roaming\Update.exe, Author: Sekoia.io
                                    • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Users\user\AppData\Roaming\Update.exe, Author: ditekSHen
                                    Antivirus matches:
                                    • Detection: 100%, Avira
                                    • Detection: 100%, Joe Sandbox ML
                                    • Detection: 74%, ReversingLabs
                                    • Detection: 68%, Virustotal, Browse
                                    Reputation:low
                                    Has exited:true

                                    General

                                    Target ID:6
                                    Start time:05:03:26
                                    Start date:10/01/2025
                                    Path:C:\Users\user\AppData\Roaming\Update.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Users\user\AppData\Roaming\Update.exe"
                                    Imagebase:0x5f0000
                                    File size:74'240 bytes
                                    MD5 hash:F814BC67769270C774B0FC4DBA88CA5B
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Reputation:low
                                    Has exited:true

                                    General

                                    Target ID:7
                                    Start time:05:03:38
                                    Start date:10/01/2025
                                    Path:C:\Windows\System32\cmd.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmp4450.tmp.bat""
                                    Imagebase:0x7ff7bb210000
                                    File size:289'792 bytes
                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:8
                                    Start time:05:03:38
                                    Start date:10/01/2025
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff6ee680000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:9
                                    Start time:05:03:38
                                    Start date:10/01/2025
                                    Path:C:\Windows\System32\timeout.exe
                                    Wow64 process (32bit):false
                                    Commandline:timeout 3
                                    Imagebase:0x7ff61d470000
                                    File size:32'768 bytes
                                    MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:moderate
                                    Has exited:true

                                    Disassembly

                                    Reset < >

                                      Execution Graph

                                      Execution Coverage:24.4%
                                      Dynamic/Decrypted Code Coverage:100%
                                      Signature Coverage:50%
                                      Total number of Nodes:6
                                      Total number of Limit Nodes:0

                                      Executed Functions

                                      Function 00007FFB4B03C248 Relevance: 2.4, Strings: 1, Instructions: 1153COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 40 7ffb4b03c248-7ffb4b03c2a3 48 7ffb4b03c2a5-7ffb4b03c2b0 call 7ffb4b0309f0 40->48 50 7ffb4b03c2b5-7ffb4b03c2f5 48->50 54 7ffb4b03c36b 50->54 55 7ffb4b03c2f7-7ffb4b03c314 50->55 57 7ffb4b03c370-7ffb4b03c385 54->57 55->57 58 7ffb4b03c316-7ffb4b03c366 call 7ffb4b03b390 55->58 61 7ffb4b03c3a3-7ffb4b03c3b8 57->61 62 7ffb4b03c387-7ffb4b03c39e call 7ffb4b0311d8 call 7ffb4b030a00 57->62 80 7ffb4b03cf1f-7ffb4b03cf2d 58->80 67 7ffb4b03c3ef-7ffb4b03c404 61->67 68 7ffb4b03c3ba-7ffb4b03c3ea call 7ffb4b0311d8 61->68 62->80 77 7ffb4b03c406-7ffb4b03c40d call 7ffb4b03be90 67->77 78 7ffb4b03c417-7ffb4b03c42c 67->78 68->80 84 7ffb4b03c412 77->84 86 7ffb4b03c42e-7ffb4b03c431 78->86 87 7ffb4b03c472-7ffb4b03c487 78->87 84->80 86->54 89 7ffb4b03c437-7ffb4b03c442 86->89 93 7ffb4b03c489-7ffb4b03c48c 87->93 94 7ffb4b03c4c8-7ffb4b03c4dd 87->94 89->54 91 7ffb4b03c448-7ffb4b03c46d call 7ffb4b0309d8 call 7ffb4b03be90 89->91 91->80 93->54 95 7ffb4b03c492-7ffb4b03c49d 93->95 100 7ffb4b03c4df-7ffb4b03c4e2 94->100 101 7ffb4b03c50a-7ffb4b03c51f 94->101 95->54 98 7ffb4b03c4a3-7ffb4b03c4c3 call 7ffb4b0309d8 call 7ffb4b038e58 95->98 98->80 100->54 104 7ffb4b03c4e8-7ffb4b03c505 call 7ffb4b0309d8 call 7ffb4b038e60 100->104 111 7ffb4b03c525-7ffb4b03c571 call 7ffb4b030960 101->111 112 7ffb4b03c5f7-7ffb4b03c60c 101->112 104->80 111->54 145 7ffb4b03c577-7ffb4b03c59b 111->145 119 7ffb4b03c60e-7ffb4b03c611 112->119 120 7ffb4b03c62b-7ffb4b03c640 112->120 119->54 123 7ffb4b03c617-7ffb4b03c626 call 7ffb4b038e38 119->123 129 7ffb4b03c662-7ffb4b03c677 120->129 130 7ffb4b03c642-7ffb4b03c645 120->130 123->80 135 7ffb4b03c679-7ffb4b03c692 129->135 136 7ffb4b03c697-7ffb4b03c6ac 129->136 130->54 131 7ffb4b03c64b-7ffb4b03c65d call 7ffb4b038e38 130->131 131->80 135->80 142 7ffb4b03c6ae-7ffb4b03c6c7 136->142 143 7ffb4b03c6cc-7ffb4b03c6e1 136->143 142->80 149 7ffb4b03c701-7ffb4b03c716 143->149 150 7ffb4b03c6e3-7ffb4b03c6fc 143->150 145->112 154 7ffb4b03c73f-7ffb4b03c754 149->154 155 7ffb4b03c718-7ffb4b03c71b 149->155 150->80 160 7ffb4b03c7f4-7ffb4b03c809 154->160 161 7ffb4b03c75a-7ffb4b03c7d2 154->161 155->54 157 7ffb4b03c721-7ffb4b03c73a 155->157 157->80 164 7ffb4b03c80b-7ffb4b03c81c 160->164 165 7ffb4b03c821-7ffb4b03c836 160->165 161->54 184 7ffb4b03c7d8-7ffb4b03c7ef 161->184 164->80 170 7ffb4b03c83c-7ffb4b03c8b4 165->170 171 7ffb4b03c8d6-7ffb4b03c8eb 165->171 170->54 203 7ffb4b03c8ba-7ffb4b03c8d1 170->203 177 7ffb4b03c8ed-7ffb4b03c8fe 171->177 178 7ffb4b03c903-7ffb4b03c918 171->178 177->80 186 7ffb4b03c94a-7ffb4b03c95f 178->186 187 7ffb4b03c91a-7ffb4b03c945 call 7ffb4b030cf0 call 7ffb4b03b390 178->187 184->80 193 7ffb4b03ca3c-7ffb4b03ca51 186->193 194 7ffb4b03c965-7ffb4b03ca37 call 7ffb4b030cf0 call 7ffb4b03b390 186->194 187->80 201 7ffb4b03cb18-7ffb4b03cb2d 193->201 202 7ffb4b03ca57-7ffb4b03ca5a 193->202 194->80 212 7ffb4b03cb41-7ffb4b03cb56 201->212 213 7ffb4b03cb2f-7ffb4b03cb3c call 7ffb4b03b390 201->213 205 7ffb4b03cb0d-7ffb4b03cb12 202->205 206 7ffb4b03ca60-7ffb4b03ca6b 202->206 203->80 218 7ffb4b03cb13 205->218 206->205 209 7ffb4b03ca71-7ffb4b03cb0b call 7ffb4b030cf0 call 7ffb4b03b390 206->209 209->218 222 7ffb4b03cbcd-7ffb4b03cbe2 212->222 223 7ffb4b03cb58-7ffb4b03cb69 212->223 213->80 218->80 231 7ffb4b03cc22-7ffb4b03cc37 222->231 232 7ffb4b03cbe4-7ffb4b03cbe7 222->232 223->54 229 7ffb4b03cb6f-7ffb4b03cb77 call 7ffb4b0309d0 223->229 238 7ffb4b03cb7c-7ffb4b03cb7f 229->238 243 7ffb4b03cc7d-7ffb4b03cc92 231->243 244 7ffb4b03cc39-7ffb4b03cc78 call 7ffb4b038a40 call 7ffb4b039158 call 7ffb4b038e18 231->244 232->54 236 7ffb4b03cbed-7ffb4b03cbf2 232->236 241 7ffb4b03cbfa-7ffb4b03cc18 call 7ffb4b0309c8 call 7ffb4b0309d8 call 7ffb4b038e10 236->241 245 7ffb4b03cbab-7ffb4b03cbc8 call 7ffb4b0309d0 call 7ffb4b0309d8 call 7ffb4b038e10 238->245 246 7ffb4b03cb81-7ffb4b03cba6 call 7ffb4b03b390 238->246 276 7ffb4b03cc1d 241->276 260 7ffb4b03cca6-7ffb4b03ccbb 243->260 261 7ffb4b03cc94-7ffb4b03cca1 call 7ffb4b038e20 243->261 244->80 245->80 246->80 260->80 279 7ffb4b03ccc1-7ffb4b03ccc8 260->279 261->80 276->80 282 7ffb4b03ccdb-7ffb4b03cdf5 call 7ffb4b03bed0 call 7ffb4b03bee0 call 7ffb4b03bef0 call 7ffb4b03bf00 call 7ffb4b0390d8 call 7ffb4b03bf10 call 7ffb4b03bee0 call 7ffb4b03bef0 279->282 283 7ffb4b03ccca-7ffb4b03ccd4 call 7ffb4b03bec0 279->283 318 7ffb4b03ce66-7ffb4b03ce75 282->318 319 7ffb4b03cdf7-7ffb4b03cdfb 282->319 283->282 321 7ffb4b03ce7c-7ffb4b03cf1e call 7ffb4b030cf0 call 7ffb4b0309e0 call 7ffb4b03b390 318->321 320 7ffb4b03cdfd-7ffb4b03ce5c call 7ffb4b03bf20 call 7ffb4b03bf30 319->320 319->321 320->318 321->80
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1789684360.00007FFB4B030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B030000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffb4b030000_XClient.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID: 0-3916222277
                                      • Opcode ID: 762d6b2eb46dd86bc8378b9335d591a8c284e5aa698681256329f60a00c99c81
                                      • Instruction ID: a482bc2147d6a2d2d9b37459d255535bf4503100bc9b3969d40a354ad83cb4c5
                                      • Opcode Fuzzy Hash: 762d6b2eb46dd86bc8378b9335d591a8c284e5aa698681256329f60a00c99c81
                                      • Instruction Fuzzy Hash: 3682A2B1A1CA0A8FE694FF38C49A67973D2EF89311F549579D50EC32D3DE28AC028745
                                      Function 00007FFB4B0316C9 Relevance: 1.9, Strings: 1, Instructions: 632COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1789684360.00007FFB4B030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B030000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffb4b030000_XClient.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: SAN_^
                                      • API String ID: 0-3629432999
                                      • Opcode ID: cefea022863868ee88dccfc105799cce077a9bbaba326b8d425b1c5e84e78d70
                                      • Instruction ID: 701ee73e28b7bca47217abe49c648117ce0a0e7228995233f9aacc8737fecdea
                                      • Opcode Fuzzy Hash: cefea022863868ee88dccfc105799cce077a9bbaba326b8d425b1c5e84e78d70
                                      • Instruction Fuzzy Hash: FC12D4B1B2DA494FE799FF38C4A927976D2FF88301F4445B9E44EC3392DE28A8418745
                                      Function 00007FFB4B037881 Relevance: 1.6, APIs: 1, Instructions: 124COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 501 7ffb4b037881-7ffb4b03793d CheckRemoteDebuggerPresent 505 7ffb4b03793f 501->505 506 7ffb4b037945-7ffb4b037988 501->506 505->506
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1789684360.00007FFB4B030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B030000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffb4b030000_XClient.jbxd
                                      Similarity
                                      • API ID: CheckDebuggerPresentRemote
                                      • String ID:
                                      • API String ID: 3662101638-0
                                      • Opcode ID: 6cf37376d831ba70b293578b19149da0797bf94f49144c7e2d53e6085db8e1db
                                      • Instruction ID: e849b6ad4fb8a5572632693f14927ef864c290dca5f30c6c1b0814b6cd9a2d01
                                      • Opcode Fuzzy Hash: 6cf37376d831ba70b293578b19149da0797bf94f49144c7e2d53e6085db8e1db
                                      • Instruction Fuzzy Hash: 8D31247190C75C8FCB59DF68C84ABE97BE0EF65321F04426BD489D7252DB34A806CB91
                                      Function 00007FFB4B03DADA Relevance: 1.1, Instructions: 1065COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 804 7ffb4b03dada-7ffb4b03db56 808 7ffb4b03db5c-7ffb4b03db65 804->808 809 7ffb4b03e5dd-7ffb4b03e5eb 808->809 810 7ffb4b03db6b-7ffb4b03db95 808->810 813 7ffb4b03db9b-7ffb4b03dbb6 810->813 814 7ffb4b03de97-7ffb4b03de9a 810->814 813->814 820 7ffb4b03dbbc-7ffb4b03dc15 813->820 815 7ffb4b03dea0-7ffb4b03dea3 814->815 816 7ffb4b03e5d7-7ffb4b03e5dc 814->816 815->810 818 7ffb4b03dea9 815->818 816->809 818->809 824 7ffb4b03deae-7ffb4b03df87 call 7ffb4b030cf0 820->824 825 7ffb4b03dc1b-7ffb4b03dc6c 820->825 824->809 832 7ffb4b03df8c-7ffb4b03dfd3 call 7ffb4b030cf0 825->832 833 7ffb4b03dc72-7ffb4b03dcc3 825->833 852 7ffb4b03dde6 832->852 853 7ffb4b03dfd9-7ffb4b03dfe0 832->853 845 7ffb4b03e135-7ffb4b03e175 833->845 846 7ffb4b03dcc9-7ffb4b03dd1a 833->846 845->852 869 7ffb4b03e17b-7ffb4b03e1df 845->869 866 7ffb4b03e1fb-7ffb4b03e207 846->866 867 7ffb4b03dd20-7ffb4b03dd71 846->867 860 7ffb4b03ddeb-7ffb4b03ddf1 852->860 857 7ffb4b03dfe2-7ffb4b03dfe4 853->857 858 7ffb4b03dfe6-7ffb4b03e00d 853->858 861 7ffb4b03e00f-7ffb4b03e080 857->861 858->861 873 7ffb4b03ddf4-7ffb4b03ddf7 860->873 861->852 932 7ffb4b03e086-7ffb4b03e08d 861->932 866->852 871 7ffb4b03e20d-7ffb4b03e21d 866->871 893 7ffb4b03e2ee-7ffb4b03e32e 867->893 894 7ffb4b03dd77-7ffb4b03ddc8 867->894 920 7ffb4b03e1ee-7ffb4b03e1f6 call 7ffb4b038e18 869->920 921 7ffb4b03e1e1-7ffb4b03e1e9 call 7ffb4b038e20 869->921 871->809 884 7ffb4b03e223-7ffb4b03e263 871->884 878 7ffb4b03ddfd-7ffb4b03e3df 873->878 879 7ffb4b03de83-7ffb4b03de87 873->879 878->809 891 7ffb4b03e3e5-7ffb4b03e441 call 7ffb4b030cf0 878->891 879->816 882 7ffb4b03de8d-7ffb4b03de91 879->882 882->814 882->820 884->852 914 7ffb4b03e269-7ffb4b03e283 884->914 891->852 944 7ffb4b03e447-7ffb4b03e474 call 7ffb4b03d720 891->944 893->852 924 7ffb4b03e334-7ffb4b03e33b 893->924 918 7ffb4b03de02-7ffb4b03de53 894->918 919 7ffb4b03ddca-7ffb4b03ddd6 894->919 914->852 930 7ffb4b03e289-7ffb4b03e2e9 call 7ffb4b03d720 914->930 918->879 955 7ffb4b03de55-7ffb4b03de61 918->955 919->852 927 7ffb4b03ddd8-7ffb4b03dddf 919->927 920->809 921->809 933 7ffb4b03e33d-7ffb4b03e340 924->933 934 7ffb4b03e342-7ffb4b03e36a 924->934 927->860 935 7ffb4b03dde1-7ffb4b03dde4 927->935 930->809 937 7ffb4b03e08f-7ffb4b03e092 932->937 938 7ffb4b03e094-7ffb4b03e0bc 932->938 939 7ffb4b03e36c-7ffb4b03e3d3 call 7ffb4b038e20 933->939 934->939 935->873 943 7ffb4b03e0be-7ffb4b03e130 call 7ffb4b03b390 937->943 938->943 939->809 943->809 944->852 977 7ffb4b03e47a-7ffb4b03e497 944->977 955->852 958 7ffb4b03de63-7ffb4b03de6a 955->958 964 7ffb4b03de6c-7ffb4b03de6f 958->964 965 7ffb4b03de71-7ffb4b03de77 958->965 968 7ffb4b03de7a-7ffb4b03de7d 964->968 965->968 968->879 970 7ffb4b03e527-7ffb4b03e52e 968->970 970->809 978 7ffb4b03e534-7ffb4b03e5d5 call 7ffb4b030cf0 call 7ffb4b038e18 970->978 977->852 987 7ffb4b03e49d-7ffb4b03e4ba 977->987 978->809 987->852 992 7ffb4b03e4c0-7ffb4b03e522 call 7ffb4b038e18 987->992 992->809
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1789684360.00007FFB4B030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B030000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffb4b030000_XClient.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 70a7436bf676729eb7a231c6d83798e00d28636bdf62dcc0c6c12ec6da5f6143
                                      • Instruction ID: 87a29d54146c41f7201c05dc9754169d3a8f2d586fab09bc048620e1b847fac5
                                      • Opcode Fuzzy Hash: 70a7436bf676729eb7a231c6d83798e00d28636bdf62dcc0c6c12ec6da5f6143
                                      • Instruction Fuzzy Hash: A36207B1B1CA058BE744FF38C49A279B7D2FF99301F5446BAD80DC7392DE28A8418756
                                      Function 00007FFB4B03FAB9 Relevance: .6, Instructions: 565COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1009 7ffb4b03fab9-7ffb4b03fad5 1010 7ffb4b03fad8-7ffb4b03fb2a 1009->1010 1011 7ffb4b03fad7 1009->1011 1013 7ffb4b03fb2c 1010->1013 1014 7ffb4b03fb31-7ffb4b03fb48 1010->1014 1011->1010 1013->1014 1015 7ffb4b03fb50-7ffb4b03fb7f 1014->1015 1016 7ffb4b03fb4a-7ffb4b03fb4f call 7ffb4b03c090 1014->1016 1020 7ffb4b03fb85-7ffb4b03fba1 1015->1020 1021 7ffb4b040138-7ffb4b040140 call 7ffb4b03c090 1015->1021 1016->1015 1022 7ffb4b03fe22-7ffb4b03fe9d 1020->1022 1023 7ffb4b03fba7-7ffb4b03fbb5 1020->1023 1031 7ffb4b0401e5-7ffb4b0401ed 1021->1031 1032 7ffb4b040145-7ffb4b040197 1021->1032 1041 7ffb4b040093-7ffb4b0400d2 1022->1041 1042 7ffb4b03fea3-7ffb4b03fec0 1022->1042 1025 7ffb4b03fbbc-7ffb4b03fbd3 1023->1025 1026 7ffb4b03fbb7 1023->1026 1028 7ffb4b03fdd4-7ffb4b03fde3 1025->1028 1029 7ffb4b03fbd9-7ffb4b03fca9 call 7ffb4b03c180 call 7ffb4b0390d8 1025->1029 1026->1025 1034 7ffb4b03fde5 1028->1034 1035 7ffb4b03fdea-7ffb4b03fe1a 1028->1035 1082 7ffb4b03fcaf-7ffb4b03fd0e 1029->1082 1083 7ffb4b03fd69-7ffb4b03fd7c 1029->1083 1044 7ffb4b0401a1-7ffb4b0401d2 1032->1044 1034->1035 1045 7ffb4b03fe1b-7ffb4b03fe1d 1035->1045 1052 7ffb4b0400d4 1041->1052 1053 7ffb4b0400d9-7ffb4b0400e4 1041->1053 1054 7ffb4b03fec2-7ffb4b03fee5 1042->1054 1055 7ffb4b03feea-7ffb4b03ff36 1042->1055 1051 7ffb4b0401d9-7ffb4b0401e4 1044->1051 1047 7ffb4b040134-7ffb4b040136 1045->1047 1047->1032 1051->1031 1052->1053 1057 7ffb4b0400eb-7ffb4b0400f2 1053->1057 1058 7ffb4b0400e6 1053->1058 1072 7ffb4b03ff73-7ffb4b03ffd3 1054->1072 1055->1072 1062 7ffb4b0400f4 1057->1062 1063 7ffb4b0400f9-7ffb4b040100 1057->1063 1058->1057 1062->1063 1064 7ffb4b040102 1063->1064 1065 7ffb4b040107-7ffb4b04010a 1063->1065 1064->1065 1069 7ffb4b04010c 1065->1069 1070 7ffb4b040111-7ffb4b040133 1065->1070 1069->1070 1070->1047 1087 7ffb4b03ffd9-7ffb4b03ffee 1072->1087 1082->1083 1084 7ffb4b03fd7e 1083->1084 1085 7ffb4b03fd83-7ffb4b03fd8a 1083->1085 1084->1085 1089 7ffb4b03fd8c 1085->1089 1090 7ffb4b03fd91-7ffb4b03fd98 1085->1090 1093 7ffb4b03fff5-7ffb4b040039 1087->1093 1089->1090 1091 7ffb4b03fd9f-7ffb4b03fda2 1090->1091 1092 7ffb4b03fd9a 1090->1092 1094 7ffb4b03fda4 1091->1094 1095 7ffb4b03fda9-7ffb4b03fdd2 1091->1095 1092->1091 1094->1095 1095->1045
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1789684360.00007FFB4B030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B030000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffb4b030000_XClient.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 79c68b35a819fc90da415d385d8255389d3b18961a167524088a4c7b443236ae
                                      • Instruction ID: 454d6e7834ea7680df2bfdeb54f71986834af754423e51bc67e73e3acd9266fc
                                      • Opcode Fuzzy Hash: 79c68b35a819fc90da415d385d8255389d3b18961a167524088a4c7b443236ae
                                      • Instruction Fuzzy Hash: EC1282B190991D8FDB98EF68C898BA877F1FF59311F4041B9D04DD32A2DE34A985CB50
                                      Function 00007FFB4B035EC6 Relevance: .5, Instructions: 473COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1100 7ffb4b035ec6-7ffb4b035ed3 1101 7ffb4b035ede-7ffb4b035fa7 1100->1101 1102 7ffb4b035ed5-7ffb4b035edd 1100->1102 1106 7ffb4b036013 1101->1106 1107 7ffb4b035fa9-7ffb4b035fb2 1101->1107 1102->1101 1109 7ffb4b036015-7ffb4b03603a 1106->1109 1107->1106 1108 7ffb4b035fb4-7ffb4b035fc0 1107->1108 1110 7ffb4b035fc2-7ffb4b035fd4 1108->1110 1111 7ffb4b035ff9-7ffb4b036011 1108->1111 1116 7ffb4b03603c-7ffb4b036045 1109->1116 1117 7ffb4b0360a6 1109->1117 1112 7ffb4b035fd6 1110->1112 1113 7ffb4b035fd8-7ffb4b035feb 1110->1113 1111->1109 1112->1113 1113->1113 1115 7ffb4b035fed-7ffb4b035ff5 1113->1115 1115->1111 1116->1117 1119 7ffb4b036047-7ffb4b036053 1116->1119 1118 7ffb4b0360a8-7ffb4b036150 1117->1118 1130 7ffb4b0361be 1118->1130 1131 7ffb4b036152-7ffb4b03615c 1118->1131 1120 7ffb4b03608c-7ffb4b0360a4 1119->1120 1121 7ffb4b036055-7ffb4b036067 1119->1121 1120->1118 1122 7ffb4b03606b-7ffb4b03607e 1121->1122 1123 7ffb4b036069 1121->1123 1122->1122 1125 7ffb4b036080-7ffb4b036088 1122->1125 1123->1122 1125->1120 1132 7ffb4b0361c0-7ffb4b0361e9 1130->1132 1131->1130 1133 7ffb4b03615e-7ffb4b03616b 1131->1133 1140 7ffb4b0361eb-7ffb4b0361f6 1132->1140 1141 7ffb4b036253 1132->1141 1134 7ffb4b03616d-7ffb4b03617f 1133->1134 1135 7ffb4b0361a4-7ffb4b0361bc 1133->1135 1136 7ffb4b036181 1134->1136 1137 7ffb4b036183-7ffb4b036196 1134->1137 1135->1132 1136->1137 1137->1137 1139 7ffb4b036198-7ffb4b0361a0 1137->1139 1139->1135 1140->1141 1143 7ffb4b0361f8-7ffb4b036206 1140->1143 1142 7ffb4b036255-7ffb4b0362e6 1141->1142 1151 7ffb4b0362ec-7ffb4b0362fb 1142->1151 1144 7ffb4b03623f-7ffb4b036251 1143->1144 1145 7ffb4b036208-7ffb4b03621a 1143->1145 1144->1142 1147 7ffb4b03621e-7ffb4b036231 1145->1147 1148 7ffb4b03621c 1145->1148 1147->1147 1149 7ffb4b036233-7ffb4b03623b 1147->1149 1148->1147 1149->1144 1152 7ffb4b0362fd 1151->1152 1153 7ffb4b036303-7ffb4b036368 call 7ffb4b036384 1151->1153 1152->1153 1160 7ffb4b03636f-7ffb4b036383 1153->1160 1161 7ffb4b03636a 1153->1161 1161->1160
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1789684360.00007FFB4B030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B030000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffb4b030000_XClient.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b3dbffe2e8d512274a7b0c3620b60db140cf224a29a70b9b400901250eafb544
                                      • Instruction ID: 4a06d4db30ac5eb2275f17c642ea25749aa3a272249cbb7894e4b48f0b9e06be
                                      • Opcode Fuzzy Hash: b3dbffe2e8d512274a7b0c3620b60db140cf224a29a70b9b400901250eafb544
                                      • Instruction Fuzzy Hash: ABF1B57190CA8D8FEBA9EF28C8557E977E1FF54311F04826EE84DC7291DB34A8458B81
                                      Function 00007FFB4B036C72 Relevance: .5, Instructions: 460COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1789684360.00007FFB4B030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B030000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffb4b030000_XClient.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 214c8476d2af0f5443d9b75dce0e249f3a68807adb8ef1dc76e7f7bef2788ac0
                                      • Instruction ID: 2d61e699e1e44637bb0244d766aa68defb30a36cda5d93820bc15b10d3e150d7
                                      • Opcode Fuzzy Hash: 214c8476d2af0f5443d9b75dce0e249f3a68807adb8ef1dc76e7f7bef2788ac0
                                      • Instruction Fuzzy Hash: 50E1C37190CA4D8FEBA9EF28C8597E977E1EF54311F04826ED84DC7291CE74A8458B81
                                      Function 00007FFB4B031F0D Relevance: .2, Instructions: 191COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1789684360.00007FFB4B030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B030000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffb4b030000_XClient.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9d7bbfdadfd5e5004b9cc5c5087c2dc88825bacb11b99ca8774d3b6488e56828
                                      • Instruction ID: 62117ffdcb416e94d641fc79e464fc291f10b0b21a4785a2828e3a2cb9692d43
                                      • Opcode Fuzzy Hash: 9d7bbfdadfd5e5004b9cc5c5087c2dc88825bacb11b99ca8774d3b6488e56828
                                      • Instruction Fuzzy Hash: CF51D191A1E6C54FD786AB7888692757FD5DF8B216B0800FFE0C9C72E3DE18580AC346
                                      Function 00007FFB4B03EDB5 Relevance: .2, Instructions: 183COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1789684360.00007FFB4B030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B030000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffb4b030000_XClient.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2464dd2a0f35331fbeb84c69f4915f2794b1dd753877e938f8a6b1c0a8e2ccb9
                                      • Instruction ID: 11d9f80170bc4dcf046ac1397b73b3e5d623b94c5f4630b2e0359b1c7a67f7d6
                                      • Opcode Fuzzy Hash: 2464dd2a0f35331fbeb84c69f4915f2794b1dd753877e938f8a6b1c0a8e2ccb9
                                      • Instruction Fuzzy Hash: B651E7B0D18A0D8FDB98EF68C495AACB7F1FF59301F105569D00EE72A2CB75A881CB44
                                      Function 00007FFB4B03C0B0 Relevance: .2, Instructions: 155COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1789684360.00007FFB4B030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B030000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffb4b030000_XClient.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 84e662184506cdfa09d0d00b55a3f535fbf6273a946c62aaa786118b3a9865ee
                                      • Instruction ID: 62a42be6db02e129742b29caedd20f644fb960d2da9a591e818793752b348989
                                      • Opcode Fuzzy Hash: 84e662184506cdfa09d0d00b55a3f535fbf6273a946c62aaa786118b3a9865ee
                                      • Instruction Fuzzy Hash: A7512770D0862D8EEBA9EF78C5546FDB3B1EF49301F108579D10EE32A2DA386954CB44
                                      Function 00007FFB4B03974D Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 494 7ffb4b03974d-7ffb4b039830 RtlSetProcessIsCritical 498 7ffb4b039832 494->498 499 7ffb4b039838-7ffb4b03986d 494->499 498->499
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1789684360.00007FFB4B030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B030000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_7ffb4b030000_XClient.jbxd
                                      Similarity
                                      • API ID: CriticalProcess
                                      • String ID:
                                      • API String ID: 2695349919-0
                                      • Opcode ID: 4c7c49977afcb5878d805ffdc045a15c95705642dddae59db757f7f213e1cfcc
                                      • Instruction ID: 8629daab1a00ad7ac3c69b7962ff61aba91e3cd7142516e35c29c7ef0b7abd6b
                                      • Opcode Fuzzy Hash: 4c7c49977afcb5878d805ffdc045a15c95705642dddae59db757f7f213e1cfcc
                                      • Instruction Fuzzy Hash: 6141D47190C6588FD719DFA8D849AE9BBF0FF56311F04416FD08AC3692CB746846CB91

                                      Executed Functions

                                      Function 00007FFB4B050FE8 Relevance: .7, Instructions: 726COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.1608314719.00007FFB4B050000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B050000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_7ffb4b050000_Update.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4386b8ad0dd6ca215c42c9b14bb53d649638436746cde50100e19532a1778f19
                                      • Instruction ID: b6782f4602ede9ffd88ee4b20d6425afef0a75686392bf40be1e0e0362bf0e9c
                                      • Opcode Fuzzy Hash: 4386b8ad0dd6ca215c42c9b14bb53d649638436746cde50100e19532a1778f19
                                      • Instruction Fuzzy Hash: E5A1D4E3A0E6664AE302BBBCF4614F97F64DF43335B0845B7D58D8A1A3DD18204786E9
                                      Function 00007FFB4B0516C9 Relevance: .6, Instructions: 632COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.1608314719.00007FFB4B050000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B050000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_7ffb4b050000_Update.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d2dfa0f5df507bcdc663c255dd0d5eb63e82e39a492c29df7c112bc80936e7c6
                                      • Instruction ID: 4663c0cde29afe17f1a3a1dd95e68bbcae4c8f5c1aeb67c9fd2483200b623ef6
                                      • Opcode Fuzzy Hash: d2dfa0f5df507bcdc663c255dd0d5eb63e82e39a492c29df7c112bc80936e7c6
                                      • Instruction Fuzzy Hash: 2312D3B0B1CA098FE799FF38C4696B976D2EF89301F4445B9E44EC37D2DE28A8418751
                                      Function 00007FFB4B051F0D Relevance: .2, Instructions: 191COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.1608314719.00007FFB4B050000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B050000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_7ffb4b050000_Update.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4600fbc23ee49a0713a9e8e6914867853ae1fac4c872384b7f7d9aad7a439b1d
                                      • Instruction ID: 3b07f3f25a866e08b3bf1d2abfda55aedefe7c3ebd51e3a3eb33ae38d0bd2aff
                                      • Opcode Fuzzy Hash: 4600fbc23ee49a0713a9e8e6914867853ae1fac4c872384b7f7d9aad7a439b1d
                                      • Instruction Fuzzy Hash: 4151DE90A1E6C94FD786AB7888256757FD5DF8721AB0804FAE0C9C72A3DE18580AC352
                                      Function 00007FFB4B0509FA Relevance: 1.6, Strings: 1, Instructions: 323COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.1608314719.00007FFB4B050000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B050000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_7ffb4b050000_Update.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: :L_^
                                      • API String ID: 0-1990364693
                                      • Opcode ID: d5aa3dda4a19d7db36b45e1063a0b7359380952fc1d92476c08efb40886d6a4e
                                      • Instruction ID: e54e8350746a2f02042f9e52dde2f043f129071c43dbba339f093afd20581993
                                      • Opcode Fuzzy Hash: d5aa3dda4a19d7db36b45e1063a0b7359380952fc1d92476c08efb40886d6a4e
                                      • Instruction Fuzzy Hash: 19A138E6B0D6168AE702BFBCE4515FC3BA0EF86322B0445B7C549C62A3DD286046C3E5
                                      Function 00007FFB4B0509F8 Relevance: 1.5, Strings: 1, Instructions: 283COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.1608314719.00007FFB4B050000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B050000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_7ffb4b050000_Update.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: :L_^
                                      • API String ID: 0-1990364693
                                      • Opcode ID: 5adf9c03997c231862234833230f76144a169a7cba764e7cb3a0c821f35bd4d6
                                      • Instruction ID: 0aec67bdb4eece94725f742c7dfa64e22b3da44d8e8eba70fa3d40adf5d4fde3
                                      • Opcode Fuzzy Hash: 5adf9c03997c231862234833230f76144a169a7cba764e7cb3a0c821f35bd4d6
                                      • Instruction Fuzzy Hash: D78126E6B0DA168AE702BFBCE4615FC3BA0EF86321B0445B7D549C62D3DD286446C3E4
                                      Function 00007FFB4B0510E2 Relevance: .6, Instructions: 640COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.1608314719.00007FFB4B050000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B050000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_7ffb4b050000_Update.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f2d4de51caf291b4ae6fef0fd46f1768ef0ebfa7db2f45b3a7466aa117a3a5fa
                                      • Instruction ID: 37ab4e1a44787cde4e85d2e8777b96b33bda4e5157b627246eb44838ff3ac1db
                                      • Opcode Fuzzy Hash: f2d4de51caf291b4ae6fef0fd46f1768ef0ebfa7db2f45b3a7466aa117a3a5fa
                                      • Instruction Fuzzy Hash: EB7129E3A0D6564AD702FBBCE4A14F97F74EF43325B0445B7D14D891B3DD18244686E8
                                      Function 00007FFB4B0510D3 Relevance: .6, Instructions: 626COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.1608314719.00007FFB4B050000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B050000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_7ffb4b050000_Update.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 75937e858562b10fbf300bdca21d16c1f0e9c9312a18842b6177ad525e8b2a70
                                      • Instruction ID: 81b83a70913d1799cf701a8df1b3d642d7616e1c332a39f08952f84789924781
                                      • Opcode Fuzzy Hash: 75937e858562b10fbf300bdca21d16c1f0e9c9312a18842b6177ad525e8b2a70
                                      • Instruction Fuzzy Hash: A06108E3E0D6564AE702FBBCE4A14F97F70EF43325B0445B7D6898A1B3DD18244686D8
                                      Function 00007FFB4B0511E2 Relevance: .5, Instructions: 536COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.1608314719.00007FFB4B050000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B050000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_7ffb4b050000_Update.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 26c55cc239fcac064a18796e8c57957a0c9e6b30d5f7c30a14c5af89977e104b
                                      • Instruction ID: ec7d73144d8a4f9d006347624c23731e632f9b6053f1b5a05421b5d767ff5caf
                                      • Opcode Fuzzy Hash: 26c55cc239fcac064a18796e8c57957a0c9e6b30d5f7c30a14c5af89977e104b
                                      • Instruction Fuzzy Hash: 924107E2D0E7964BD702FBBCD4B14F97FB0EF03224B4845F7D1898A1A3DD1864468698
                                      Function 00007FFB4B0511D7 Relevance: .5, Instructions: 527COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.1608314719.00007FFB4B050000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B050000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_7ffb4b050000_Update.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8c24ce4b15400444be1cb7d65e38267be089096ab0659d6156317a5c828db2d8
                                      • Instruction ID: c906b19f36ac97b0d35f380130ad5c642f53e2a0d54168f799deb5a864c22c53
                                      • Opcode Fuzzy Hash: 8c24ce4b15400444be1cb7d65e38267be089096ab0659d6156317a5c828db2d8
                                      • Instruction Fuzzy Hash: BA4114E2D0DA5A4FD702FBBCD8A24FA7FB0EF52225B4444B6C189C62A3DD1864468694
                                      Function 00007FFB4B050AD3 Relevance: .2, Instructions: 209COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.1608314719.00007FFB4B050000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B050000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_7ffb4b050000_Update.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3326412b3c8c796cd9898154259c998f16c603b51b656ac9de7cc02df0d272d5
                                      • Instruction ID: 01cedc7cf4288d7fffef66871e36e818d5e18de73706a6db94a1d9dc050743af
                                      • Opcode Fuzzy Hash: 3326412b3c8c796cd9898154259c998f16c603b51b656ac9de7cc02df0d272d5
                                      • Instruction Fuzzy Hash: B05139B5B19A1A8EE702FB7CE4516FC3BA1EF86311B4445BBC408C7293DD286446C7E0
                                      Function 00007FFB4B050E3E Relevance: .2, Instructions: 199COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.1608314719.00007FFB4B050000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B050000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_7ffb4b050000_Update.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 967907e8c690c6f9212e246dd07351eb5bb1607b6a68081401ecce44aed56ed0
                                      • Instruction ID: 46525fc205dc87e15369a63b0da25459113fef1df6fe335a34053509f16e2b1a
                                      • Opcode Fuzzy Hash: 967907e8c690c6f9212e246dd07351eb5bb1607b6a68081401ecce44aed56ed0
                                      • Instruction Fuzzy Hash: 7251D4A1B0E6860FE357BB78D8655B93FD1DF8722170940FBD489C76A3DC1898468362
                                      Function 00007FFB4B050620 Relevance: .1, Instructions: 135COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.1608314719.00007FFB4B050000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B050000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_7ffb4b050000_Update.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: db0aad966f772d09777f4d25a2373281534f763ad7a6c41776406c0436d90b0b
                                      • Instruction ID: dcdca5cd66e7df8db5c6bf4866a6564695b77228985a4e47550e08e73b34b592
                                      • Opcode Fuzzy Hash: db0aad966f772d09777f4d25a2373281534f763ad7a6c41776406c0436d90b0b
                                      • Instruction Fuzzy Hash: 4231C061B1D9490FE788FA3CD85A779B6C2EF99215F0401BEE44EC32D3DE689C028385
                                      Function 00007FFB4B050CD1 Relevance: .1, Instructions: 123COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.1608314719.00007FFB4B050000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B050000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_7ffb4b050000_Update.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9d5b645652943c750d11ddc83d6b3febe65512572d54714b09e3dd50c4ac3485
                                      • Instruction ID: e72706216045e591d99abf1c19eb26def4231463bdccd57902964d8fbcd8094b
                                      • Opcode Fuzzy Hash: 9d5b645652943c750d11ddc83d6b3febe65512572d54714b09e3dd50c4ac3485
                                      • Instruction Fuzzy Hash: 033187E1B19A054FE745FBBCD85A7BC77D1EF99301F1441BAE40DC3692ED2898018762
                                      Function 00007FFB4B0520C1 Relevance: .0, Instructions: 44COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000005.00000002.1608314719.00007FFB4B050000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B050000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_5_2_7ffb4b050000_Update.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f188febd3caf7041aa449366ecb4f58351d03f766050ee34f155c6490587ff8a
                                      • Instruction ID: 6fd8b5a5ce5e6d697ffbd127e0b6f3231da9370ccf0963bf63c716b9944c4a4c
                                      • Opcode Fuzzy Hash: f188febd3caf7041aa449366ecb4f58351d03f766050ee34f155c6490587ff8a
                                      • Instruction Fuzzy Hash: 9901F99491D7854FE796BB3898654767FE0DF92241B0804FBD984C72A7EC089984C3A2

                                      Executed Functions

                                      Function 00007FFB4B040FE8 Relevance: .7, Instructions: 726COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.1691646318.00007FFB4B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffb4b040000_Update.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: af69086d7b3d59bcd817e4eb470b267df4819642c3a30c9cdcd349289f855ed4
                                      • Instruction ID: c0d3fa42760513627a2159231b03d4df7eed73183b180d555599fcbc708e1b57
                                      • Opcode Fuzzy Hash: af69086d7b3d59bcd817e4eb470b267df4819642c3a30c9cdcd349289f855ed4
                                      • Instruction Fuzzy Hash: B0A1E8E7E0E6664AE706BBB8F4610F93F64DF43335B0845B7D58D8A1A3DD48244682A8
                                      Function 00007FFB4B0416C9 Relevance: .6, Instructions: 632COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.1691646318.00007FFB4B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffb4b040000_Update.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7578e5bab44a7d07be54f3e995ec6869c08c5aede2890d6d1ab9229622698955
                                      • Instruction ID: 1f63f0a3bfd7707a9c0ea8328716828fda857c7cf91978775e92239893c2b94b
                                      • Opcode Fuzzy Hash: 7578e5bab44a7d07be54f3e995ec6869c08c5aede2890d6d1ab9229622698955
                                      • Instruction Fuzzy Hash: 2B12D4B0B1CA594FE799FB38C4692797AD2EF88301F4445BDE40EC33D2DE28A8458751
                                      Function 00007FFB4B041F0D Relevance: .2, Instructions: 191COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.1691646318.00007FFB4B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffb4b040000_Update.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 94f046547fa23a7685c46fa7e98c60010935ae6721df421f7b963f5c6465fd2b
                                      • Instruction ID: 76fc4815c21874a79b4a5b53f0b3d3eb51954c29dec495e8323643e5bfaf8d3b
                                      • Opcode Fuzzy Hash: 94f046547fa23a7685c46fa7e98c60010935ae6721df421f7b963f5c6465fd2b
                                      • Instruction Fuzzy Hash: E651D090A1E6C94FD78AAB7888252757FD5DF87216B0801FEE4C9C72E3DE185C0AC356
                                      Function 00007FFB4B0409FA Relevance: 1.6, Strings: 1, Instructions: 329COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.1691646318.00007FFB4B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffb4b040000_Update.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: :M_^
                                      • API String ID: 0-2002838562
                                      • Opcode ID: 41f6cd20224f72c4b6f6d532cf7c31181b1cf6dd4daa1787efcc08c651160f9e
                                      • Instruction ID: 21145691b88605374b37709a8307dddf2116c394db853640c7ec969cb8c0a502
                                      • Opcode Fuzzy Hash: 41f6cd20224f72c4b6f6d532cf7c31181b1cf6dd4daa1787efcc08c651160f9e
                                      • Instruction Fuzzy Hash: 7E912AF6B0D66A8AE705BB7CE4111FC7BA0EF86326B0446B7D549C6283DD68604683A4
                                      Function 00007FFB4B0409F8 Relevance: 1.5, Strings: 1, Instructions: 290COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.1691646318.00007FFB4B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffb4b040000_Update.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: :M_^
                                      • API String ID: 0-2002838562
                                      • Opcode ID: eb6db186e36e4fb02b26ae2a0635653bd896cd7d91d31f0a315e70f2f853962b
                                      • Instruction ID: e8e0328659c4d9efc4ccf95c2bb299277a4020f339d676cc3c0d11da3d54ccd5
                                      • Opcode Fuzzy Hash: eb6db186e36e4fb02b26ae2a0635653bd896cd7d91d31f0a315e70f2f853962b
                                      • Instruction Fuzzy Hash: FF814AF6B0D62A8AE705BB7CE4251FC7BA1EF86325F0446B7D508C62C3DD28604683E4
                                      Function 00007FFB4B0410E2 Relevance: .6, Instructions: 650COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.1691646318.00007FFB4B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffb4b040000_Update.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 55e3bd896fd96e77b5bb973429f0278db0cd0a15c6bf7e5a1b950accb619bdc3
                                      • Instruction ID: b9563cc9ce2cdad6f91f3dea497edd8bad836c738c496d76cbffc477c694b4f2
                                      • Opcode Fuzzy Hash: 55e3bd896fd96e77b5bb973429f0278db0cd0a15c6bf7e5a1b950accb619bdc3
                                      • Instruction Fuzzy Hash: 6E7119E7E0E67A4AE715BBBCE4610F97F60EF43331B0841B7D589891A3DD18244686D4
                                      Function 00007FFB4B0410D3 Relevance: .6, Instructions: 635COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.1691646318.00007FFB4B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffb4b040000_Update.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c2ad2a484e4be8be4e1d2331d571c73d7fdae82d5bb9a78104590df8f82f2015
                                      • Instruction ID: cdef72df9fd879cd530f41c22e3446f5fba2b174bae31bd3be28c485cb283a3b
                                      • Opcode Fuzzy Hash: c2ad2a484e4be8be4e1d2331d571c73d7fdae82d5bb9a78104590df8f82f2015
                                      • Instruction Fuzzy Hash: 947109E7E0E67A4AE706BBBCE5A10F97F70EF43321B0441B7D5898A1E3DD18244686D4
                                      Function 00007FFB4B0411E2 Relevance: .5, Instructions: 544COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.1691646318.00007FFB4B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffb4b040000_Update.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2e81a47c92530fd155eb80cdbcbd3d172dd73f70ba3d3c2c05d54e47e4641e73
                                      • Instruction ID: 8b284786a92a3baaaebee36f6f219490126c931cb618e1bcbf78f9f48e07a382
                                      • Opcode Fuzzy Hash: 2e81a47c92530fd155eb80cdbcbd3d172dd73f70ba3d3c2c05d54e47e4641e73
                                      • Instruction Fuzzy Hash: C141F9E7D0E6AA4BD705BBBCE4B10F97FB0EF06220B0845F7D4C98A1A3DD1864468794
                                      Function 00007FFB4B0411D7 Relevance: .5, Instructions: 534COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.1691646318.00007FFB4B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffb4b040000_Update.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fcc5a4e7350f9eb87ad527c458966cbc520ffa9de6f6c28ce7632041ae8359d5
                                      • Instruction ID: df45b1680f14c022cc549a75712432d05717d38b5ac45c119a43c88a3b5d6a53
                                      • Opcode Fuzzy Hash: fcc5a4e7350f9eb87ad527c458966cbc520ffa9de6f6c28ce7632041ae8359d5
                                      • Instruction Fuzzy Hash: 8F4106E7D0D6AA4FE705BBBCD4B10FA7FA0EF46221B0441B7D589CA1A3DD1864068794
                                      Function 00007FFB4B040AD3 Relevance: .2, Instructions: 212COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.1691646318.00007FFB4B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffb4b040000_Update.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 831c34ea887d11e27626568cfa828e6c468b93675ef23ad9307f739a3640dbff
                                      • Instruction ID: 71c37026b2899973db2c66869af6d47cec5a3b3d1dcc2fcd59bcabfbee825d9d
                                      • Opcode Fuzzy Hash: 831c34ea887d11e27626568cfa828e6c468b93675ef23ad9307f739a3640dbff
                                      • Instruction Fuzzy Hash: 21514AB6B1DA698EE705BB7CE4512FC3BA1EF86315B0446BBD408C7283CD686446C7A0
                                      Function 00007FFB4B040E3E Relevance: .2, Instructions: 201COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.1691646318.00007FFB4B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffb4b040000_Update.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e68c5101bf5ad06244d8107e3926912b1497e4fdac7cf462ff18b94caeeef6ef
                                      • Instruction ID: 7718e0cf2308ce3eab54f80a8785521aa48a92707d30b40a40da60382f66b54d
                                      • Opcode Fuzzy Hash: e68c5101bf5ad06244d8107e3926912b1497e4fdac7cf462ff18b94caeeef6ef
                                      • Instruction Fuzzy Hash: F151F4A1B0E6960FE356B778D4551B53FD1DF8722170941FBD889CB2A3DC0898478362
                                      Function 00007FFB4B040620 Relevance: .1, Instructions: 135COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.1691646318.00007FFB4B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffb4b040000_Update.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1db23d17ad32cee2084b646dc4b7a1483fb28206725b76762bdbb2b21839cd97
                                      • Instruction ID: 68da0bd90bcc4f1a743f17f34d263a5ef88da2cf392f5de0f60eae672bf9c102
                                      • Opcode Fuzzy Hash: 1db23d17ad32cee2084b646dc4b7a1483fb28206725b76762bdbb2b21839cd97
                                      • Instruction Fuzzy Hash: 0D31C561B1D9490FE788BA3CD85A378B6C2EF99211F0401BEE44EC32D3DE589C068344
                                      Function 00007FFB4B040CD1 Relevance: .1, Instructions: 125COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.1691646318.00007FFB4B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffb4b040000_Update.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4b788f687794d998d4fda382fe2b150f8ce18a5ec8f5d4ec06b3d9b65ca1c249
                                      • Instruction ID: fa3feae5162ecc44127cd94e7cd41049e57674fe44429b04093beb8fad53f49e
                                      • Opcode Fuzzy Hash: 4b788f687794d998d4fda382fe2b150f8ce18a5ec8f5d4ec06b3d9b65ca1c249
                                      • Instruction Fuzzy Hash: 3A3187E1B19A194FE745BBBCD8593BD7BD1EF99301F0442BAE40DC7293DD28A8024751
                                      Function 00007FFB4B0420C1 Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.1691646318.00007FFB4B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B040000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_7ffb4b040000_Update.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 938e9ad70615f9a2d0bf445773309788744a3f832fc42cab51f657469acb8839
                                      • Instruction ID: 28b1aedda24372dc2c54df3e210f3f451f250d401d34ed6cc2de4684704e3081
                                      • Opcode Fuzzy Hash: 938e9ad70615f9a2d0bf445773309788744a3f832fc42cab51f657469acb8839
                                      • Instruction Fuzzy Hash: 3F012B95A2D7D10FF79A7B3898654717FE09F96241B0804AAE8C4C71B7D8089984C392