Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
rrwzOU7A9F.exe

Overview

General Information

Sample name:rrwzOU7A9F.exe
renamed because original name is a hash value
Original sample name:e28df9b4fe8cf6c4f407f1536ee07b6b641f7d4641723a0d7a05796c236babfe.exe
Analysis ID:1542726
MD5:1c60fa81854080166d34761610f776cc
SHA1:6ee883a9c2ad2c2da0521ace128e30d5134a5ccf
SHA256:e28df9b4fe8cf6c4f407f1536ee07b6b641f7d4641723a0d7a05796c236babfe
Tags:AsyncRATCloudflareTunnelsRATexeuser-JAMESWT_MHT
Infos:

Detection

XWorm
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected XWorm
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to log keystrokes (.Net Source)
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Uses dynamic DNS services
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • rrwzOU7A9F.exe (PID: 1708 cmdline: "C:\Users\user\Desktop\rrwzOU7A9F.exe" MD5: 1C60FA81854080166D34761610F776CC)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: Xworm

{"C2 url": ["dcxwq1.duckdns.org"], "Port": "7000", "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.2"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
rrwzOU7A9F.exeJoeSecurity_XWormYara detected XWormJoe Security
    rrwzOU7A9F.exeMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
    • 0x7a50:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
    • 0x7aed:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
    • 0x7c02:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
    • 0x76fe:$cnc4: POST / HTTP/1.1

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000000.2129741848.0000000000542000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_XWormYara detected XWormJoe Security
      00000000.00000000.2129741848.0000000000542000.00000002.00000001.01000000.00000003.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
      • 0x7850:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0x78ed:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0x7a02:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0x74fe:$cnc4: POST / HTTP/1.1
      00000000.00000002.4577195379.0000000002911000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
        Process Memory Space: rrwzOU7A9F.exe PID: 1708JoeSecurity_XWormYara detected XWormJoe Security

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.0.rrwzOU7A9F.exe.540000.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
            0.0.rrwzOU7A9F.exe.540000.0.unpackMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
            • 0x7a50:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
            • 0x7aed:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
            • 0x7c02:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
            • 0x76fe:$cnc4: POST / HTTP/1.1

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-26T08:49:35.419392+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:49:41.913399+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:49:48.943686+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:02.507233+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:11.936044+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:16.186931+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:21.663370+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:23.643734+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:23.708962+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:23.724257+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:23.760886+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:23.823417+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:23.841502+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:24.673456+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:29.882203+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:29.927070+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:29.999470+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:35.314748+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:40.147022+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:40.193674+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:40.210046+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:40.240263+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:40.264428+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:40.357514+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:41.913604+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:45.772265+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:45.890487+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:46.006032+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:46.007583+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:46.115128+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:46.185135+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:53.744836+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:56.365831+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:56.483152+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:56.552913+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:56.600053+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:01.866080+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:02.023642+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:05.850745+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:11.907963+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:12.438555+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:12.552637+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:12.555640+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:12.669729+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:18.178130+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:18.318229+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:18.333754+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:18.349617+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:18.398627+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:18.424059+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:18.541557+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:18.578782+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:18.722490+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:18.795827+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:23.272052+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:24.179811+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:24.296951+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:31.254259+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:34.070884+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:34.130819+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:34.177413+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:34.187766+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:34.288334+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:34.908409+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:40.726339+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:41.905649+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:42.631406+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:44.271948+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:44.349235+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:44.389349+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:44.490877+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:44.519413+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:58.050087+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:52:00.653382+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:52:00.789879+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:52:00.928012+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:52:08.437102+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:52:11.907273+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:52:16.579945+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:52:19.690980+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:52:22.892306+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:52:23.631479+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:52:27.890630+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:52:34.036603+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:52:36.903619+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:52:37.161558+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:52:40.047891+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:52:40.266527+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:52:41.909233+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:52:42.026520+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:52:44.956710+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:52:46.317729+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:52:55.219164+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:52:56.631341+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:53:06.793617+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:53:06.900960+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:53:06.909673+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:53:09.892693+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:53:11.888063+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:53:12.118199+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:53:12.235242+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:53:12.258738+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:53:12.271759+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:53:12.366277+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:53:19.085391+020028528701Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-26T08:49:35.740810+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:49:48.946134+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:02.510379+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:16.189519+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:21.666777+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:23.645831+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:23.717868+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:23.725946+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:23.763107+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:23.826239+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:23.843343+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:24.676650+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:29.893965+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:29.929520+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:29.995334+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:30.001534+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:30.007113+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:35.319251+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:40.150407+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:40.202355+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:40.212266+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:40.243945+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:40.267289+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:40.359998+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:45.774859+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:45.893288+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:46.008732+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:46.014901+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:46.117437+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:46.187119+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:46.345745+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:46.351373+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:53.747346+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:56.373310+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:56.485784+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:56.557951+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:50:56.606347+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:01.900892+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:02.284542+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:05.852920+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:12.445452+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:12.531155+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:12.537086+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:12.672090+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:18.180682+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:18.320532+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:18.335478+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:18.351831+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:18.400583+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:18.552350+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:18.591309+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:18.735291+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:18.803011+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:23.274619+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:24.181993+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:24.273174+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:24.298889+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:31.263142+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:34.073347+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:34.132985+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:34.179546+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:34.189678+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:34.290692+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:34.916093+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:40.728473+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:42.636188+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:44.273830+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:44.351150+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:44.391215+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:44.493810+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:44.524129+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:51:58.053146+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:52:00.656063+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:52:00.676067+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:52:00.739089+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:52:00.773767+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:52:00.845664+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:52:00.892122+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:52:00.985594+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:52:08.438793+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:52:16.581971+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:52:19.693608+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:52:22.895827+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:52:23.633635+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:52:27.893059+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:52:34.038374+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:52:36.907108+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:52:37.164934+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:52:40.048997+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:52:40.267551+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:52:42.027822+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:52:44.957638+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:52:46.318675+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:52:55.223462+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:52:56.632285+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:53:06.794925+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:53:06.906271+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:53:06.918450+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:53:09.893663+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:53:12.118987+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:53:12.236141+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:53:12.272556+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:53:12.325547+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:53:12.366946+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            2024-10-26T08:53:19.086163+020028529231Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-26T08:49:41.913399+020028528741Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:11.936044+020028528741Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:50:41.913604+020028528741Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:11.907963+020028528741Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:51:41.905649+020028528741Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:52:11.907273+020028528741Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:52:41.909233+020028528741Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            2024-10-26T08:53:11.888063+020028528741Malware Command and Control Activity Detected101.99.92.2037000192.168.2.649711TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-26T08:50:29.668465+020028531931Malware Command and Control Activity Detected192.168.2.649711101.99.92.2037000TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: rrwzOU7A9F.exeAvira: detected
            Found malware configuration
            Source: rrwzOU7A9F.exeMalware Configuration Extractor: Xworm {"C2 url": ["dcxwq1.duckdns.org"], "Port": "7000", "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.2"}
            Multi AV Scanner detection for submitted file
            Source: rrwzOU7A9F.exeReversingLabs: Detection: 78%
            Source: rrwzOU7A9F.exeVirustotal: Detection: 79%Perma Link
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: rrwzOU7A9F.exeJoe Sandbox ML: detected
            Sample uses string decryption to hide its real strings
            Source: rrwzOU7A9F.exeString decryptor: dcxwq1.duckdns.org
            Source: rrwzOU7A9F.exeString decryptor: 7000
            Source: rrwzOU7A9F.exeString decryptor: <123456789>
            Source: rrwzOU7A9F.exeString decryptor: <Xwormmm>
            Source: rrwzOU7A9F.exeString decryptor: XWorm V5.2
            Source: rrwzOU7A9F.exeString decryptor: USB.exe
            Source: rrwzOU7A9F.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: rrwzOU7A9F.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2855924 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.6:49711 -> 101.99.92.203:7000
            Source: Network trafficSuricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 101.99.92.203:7000 -> 192.168.2.6:49711
            Source: Network trafficSuricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:49711 -> 101.99.92.203:7000
            Source: Network trafficSuricata IDS: 2852874 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 : 101.99.92.203:7000 -> 192.168.2.6:49711
            Source: Network trafficSuricata IDS: 2853193 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.6:49711 -> 101.99.92.203:7000
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: dcxwq1.duckdns.org
            Uses dynamic DNS services
            Source: unknownDNS query: name: dcxwq1.duckdns.org
            Source: global trafficTCP traffic: 192.168.2.6:49711 -> 101.99.92.203:7000
            Source: Joe Sandbox ViewIP Address: 101.99.92.203 101.99.92.203
            Source: Joe Sandbox ViewASN Name: SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficDNS traffic detected: DNS query: dcxwq1.duckdns.org
            Source: rrwzOU7A9F.exe, 00000000.00000002.4577195379.0000000002911000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

            Key, Mouse, Clipboard, Microphone and Screen Capturing

            barindex
            Contains functionality to log keystrokes (.Net Source)
            Source: rrwzOU7A9F.exe, XLogger.cs.Net Code: KeyboardLayout

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: rrwzOU7A9F.exe, type: SAMPLEMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: 0.0.rrwzOU7A9F.exe.540000.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: 00000000.00000000.2129741848.0000000000542000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess Stats: CPU usage > 49%
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeCode function: 0_2_00007FFD346576920_2_00007FFD34657692
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeCode function: 0_2_00007FFD346568E60_2_00007FFD346568E6
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeCode function: 0_2_00007FFD346528500_2_00007FFD34652850
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeCode function: 0_2_00007FFD346529FA0_2_00007FFD346529FA
            Source: rrwzOU7A9F.exe, 00000000.00000000.2129762826.000000000054C000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamea.exe4 vs rrwzOU7A9F.exe
            Source: rrwzOU7A9F.exeBinary or memory string: OriginalFilenamea.exe4 vs rrwzOU7A9F.exe
            Source: rrwzOU7A9F.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: rrwzOU7A9F.exe, type: SAMPLEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: 0.0.rrwzOU7A9F.exe.540000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: 00000000.00000000.2129741848.0000000000542000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: rrwzOU7A9F.exe, Helper.csCryptographic APIs: 'TransformFinalBlock'
            Source: rrwzOU7A9F.exe, Helper.csCryptographic APIs: 'TransformFinalBlock'
            Source: rrwzOU7A9F.exe, AlgorithmAES.csCryptographic APIs: 'TransformFinalBlock'
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@3/1
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeMutant created: NULL
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeMutant created: \Sessions\1\BaseNamedObjects\KuxjcUwK7YR0UBzc
            Source: rrwzOU7A9F.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: rrwzOU7A9F.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: rrwzOU7A9F.exeReversingLabs: Detection: 78%
            Source: rrwzOU7A9F.exeVirustotal: Detection: 79%
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeSection loaded: avicap32.dllJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeSection loaded: msvfw32.dllJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
            Source: rrwzOU7A9F.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: rrwzOU7A9F.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

            Data Obfuscation

            barindex
            .NET source code contains method to dynamically call methods (often used by packers)
            Source: rrwzOU7A9F.exe, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true)
            Source: rrwzOU7A9F.exe, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
            Source: rrwzOU7A9F.exe, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[1] { Pack[2] }}, (string[])null, (Type[])null, (bool[])null, true)
            .NET source code contains potential unpacker
            Source: rrwzOU7A9F.exe, Messages.cs.Net Code: Plugin System.AppDomain.Load(byte[])
            Source: rrwzOU7A9F.exe, Messages.cs.Net Code: Memory System.AppDomain.Load(byte[])
            Source: rrwzOU7A9F.exe, Messages.cs.Net Code: Memory
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeCode function: 0_2_00007FFD346500BD pushad ; iretd 0_2_00007FFD346500C1
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeCode function: 0_2_00007FFD34651574 push E95EE936h; ret 0_2_00007FFD34651599
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeMemory allocated: A70000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeMemory allocated: 1A910000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeWindow / User API: threadDelayed 9663Jump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exe TID: 6880Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exe TID: 6876Thread sleep count: 9663 > 30Jump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exe TID: 6876Thread sleep count: 175 > 30Jump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: rrwzOU7A9F.exe, 00000000.00000002.4578889465.000000001B870000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllniti6
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeQueries volume information: C:\Users\user\Desktop\rrwzOU7A9F.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
            Source: C:\Users\user\Desktop\rrwzOU7A9F.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

            Stealing of Sensitive Information

            barindex
            Yara detected XWorm
            Source: Yara matchFile source: rrwzOU7A9F.exe, type: SAMPLE
            Source: Yara matchFile source: 0.0.rrwzOU7A9F.exe.540000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000000.2129741848.0000000000542000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.4577195379.0000000002911000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: rrwzOU7A9F.exe PID: 1708, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected XWorm
            Source: Yara matchFile source: rrwzOU7A9F.exe, type: SAMPLE
            Source: Yara matchFile source: 0.0.rrwzOU7A9F.exe.540000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000000.2129741848.0000000000542000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.4577195379.0000000002911000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: rrwzOU7A9F.exe PID: 1708, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
            Windows Management Instrumentation            		1
            DLL Side-Loading            		1
            DLL Side-Loading            		1
            Disable or Modify Tools            		1
            Input Capture            		111
            Security Software Discovery            		Remote Services1
            Input Capture            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts131
            Virtualization/Sandbox Evasion            		LSASS Memory1
            Process Discovery            		Remote Desktop Protocol11
            Archive Collected Data            		1
            Non-Standard Port            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
            Deobfuscate/Decode Files or Information            		Security Account Manager131
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared Drive1
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Obfuscated Files or Information            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture21
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
            Software Packing            		LSA Secrets13
            System Information Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            rrwzOU7A9F.exe79%ReversingLabsByteCode-MSIL.Trojan.Jalapeno
            rrwzOU7A9F.exe79%VirustotalBrowse
            rrwzOU7A9F.exe100%AviraTR/Spy.Gen
            rrwzOU7A9F.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            dcxwq1.duckdns.org
            		101.99.92.203
            		truetrue
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              dcxwq1.duckdns.orgtrue
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namerrwzOU7A9F.exe, 00000000.00000002.4577195379.0000000002911000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                101.99.92.203
                		dcxwq1.duckdns.orgMalaysia
                		45839SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMYtrue

                General Information

                Joe Sandbox version:41.0.0 Charoite
                Analysis ID:1542726
                Start date and time:2024-10-26 08:48:21 +02:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 6m 10s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:5
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:rrwzOU7A9F.exe
                renamed because original name is a hash value
                Original Sample Name:e28df9b4fe8cf6c4f407f1536ee07b6b641f7d4641723a0d7a05796c236babfe.exe
                Detection:MAL
                Classification:mal100.troj.spyw.evad.winEXE@1/0@3/1
                EGA Information:
                • Successful, ratio: 100%
                HCA Information:
                • Successful, ratio: 99%
                • Number of executed functions: 4
                • Number of non-executed functions: 1
                Cookbook Comments:
                • Found application associated with file extension: .exe
                • Override analysis time to 240000 for current running targets taking high CPU consumption

                Warnings

                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com

                Simulations

                Behavior and APIs

                TimeTypeDescription
                02:49:15API Interceptor13858497x Sleep call for process: rrwzOU7A9F.exe modified

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                101.99.92.2033xlcP3DFLm.exeGet hashmaliciousXWormBrowse
                  JruZmEO5Dm.exeGet hashmaliciousXWormBrowse
                    zVlbADkNqu.exeGet hashmaliciousXWormBrowse
                      vqUuq8t2Uc.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                        pXJ9iQvcQa.exeGet hashmaliciousAsyncRAT, DcRatBrowse

                          Domains

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          dcxwq1.duckdns.org3xlcP3DFLm.exeGet hashmaliciousXWormBrowse
                          • 101.99.92.203
                          JruZmEO5Dm.exeGet hashmaliciousXWormBrowse
                          • 101.99.92.203
                          zVlbADkNqu.exeGet hashmaliciousXWormBrowse
                          • 101.99.92.203
                          vqUuq8t2Uc.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                          • 101.99.92.203
                          pXJ9iQvcQa.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                          • 101.99.92.203
                          a.cmdGet hashmaliciousUnknownBrowse
                          • 91.92.249.117

                          ASNs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY3xlcP3DFLm.exeGet hashmaliciousXWormBrowse
                          • 101.99.92.203
                          JruZmEO5Dm.exeGet hashmaliciousXWormBrowse
                          • 101.99.92.203
                          zVlbADkNqu.exeGet hashmaliciousXWormBrowse
                          • 101.99.92.203
                          vqUuq8t2Uc.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                          • 101.99.92.203
                          pXJ9iQvcQa.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                          • 101.99.92.203
                          https://app.adjust.com/mr11ui?fallback=https://abcshopbd.com/#amVmZi5kaXhvbiRhdXN0YWx1c2EuY29tGet hashmaliciousHTMLPhisherBrowse
                          • 111.90.141.53
                          Transferencias6231.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                          • 101.99.94.195
                          Justificante de pago.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                          • 101.99.94.195
                          Justificante de pago.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                          • 101.99.94.195
                          TRANSFERENCIA BANCARIA.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                          • 101.99.94.195

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          No context

                          Created / dropped Files

                          No created / dropped files found

                          Static File Info

                          General

                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                          Entropy (8bit):3.6312729673583037
                          TrID:
                          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                          • Win32 Executable (generic) a (10002005/4) 49.75%
                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                          • Windows Screen Saver (13104/52) 0.07%
                          • Generic Win/DOS Executable (2004/3) 0.01%
                          File name:rrwzOU7A9F.exe
                          File size:65'536 bytes
                          MD5:1c60fa81854080166d34761610f776cc
                          SHA1:6ee883a9c2ad2c2da0521ace128e30d5134a5ccf
                          SHA256:e28df9b4fe8cf6c4f407f1536ee07b6b641f7d4641723a0d7a05796c236babfe
                          SHA512:e3cd8b5bb34dbba8995d39de34e2d541804c29ab930bfa365c803a00fa1e0f6738ba2afb42d740a180c7201f6599e1a26f82a38970247ac4c22728ace06d0040
                          SSDEEP:768:9GLtt3QI2/yQJVZsXeo8icHS1WbFb9YGQOMhwQnvO:9Ab3QI2/yQBKeNicHS1SFb9YGQOM6aO
                          TLSH:23534C48BB944216D9ED6FF469B372020674D713D917EB4E48E48ADB6F23BC48D013EA
                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.... !f................................. ........@.. ....................................@................................

                          File Icon

                          Icon Hash:00928e8e8686b000

                          Static PE Info

                          General

                          Entrypoint:0x40a5fe
                          Entrypoint Section:.text
                          Digitally signed:false
                          Imagebase:0x400000
                          Subsystem:windows gui
                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Time Stamp:0x6621200D [Thu Apr 18 13:28:45 2024 UTC]
                          TLS Callbacks:
                          CLR (.Net) Version:
                          OS Version Major:4
                          OS Version Minor:0
                          File Version Major:4
                          File Version Minor:0
                          Subsystem Version Major:4
                          Subsystem Version Minor:0
                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                          Entrypoint Preview

                          Instruction
                          jmp dword ptr [00402000h]
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al

                          Data Directories

                          NameVirtual AddressVirtual Size Is in Section
                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IMPORT0xa5b00x4b.text
                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x4c0.rsrc
                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xe0000xc.reloc
                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                          Sections

                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                          .text0x20000x86040x880049a5e522ae8e037e2409f27e37a5f58cFalse0.4927332261029412data5.691481388961481IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          .rsrc0xc0000x4c00x60030c5eb268fae0bb062894b64cd0262f3False0.37109375data3.6729732155924846IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                          .reloc0xe0000xc0x2001f3bc23101ffde98df7e0ea47b99e2c8False0.041015625data0.06116285224115448IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                          Resources

                          NameRVASizeTypeLanguageCountryZLIB Complexity
                          RT_VERSION0xc0a00x22cdata0.4712230215827338
                          RT_MANIFEST0xc2d00x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041

                          Imports

                          DLLImport
                          mscoree.dll_CorExeMain

                          Network Behavior

                          Suricata IDS Alerts

                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                          2024-10-26T08:49:35.174984+02002855924ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:49:35.419392+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:49:35.740810+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:49:41.913399+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:49:41.913399+02002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:49:48.943686+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:49:48.946134+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:02.507233+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:02.510379+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:11.936044+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:11.936044+02002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:16.186931+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:16.189519+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:21.663370+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:21.666777+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:23.643734+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:23.645831+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:23.708962+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:23.717868+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:23.724257+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:23.725946+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:23.760886+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:23.763107+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:23.823417+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:23.826239+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:23.841502+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:23.843343+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:24.673456+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:24.676650+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:29.668465+02002853193ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:29.882203+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:29.893965+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:29.927070+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:29.929520+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:29.995334+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:29.999470+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:30.001534+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:30.007113+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:35.314748+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:35.319251+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:40.147022+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:40.150407+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:40.193674+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:40.202355+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:40.210046+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:40.212266+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:40.240263+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:40.243945+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:40.264428+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:40.267289+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:40.357514+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:40.359998+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:41.913604+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:41.913604+02002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:45.772265+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:45.774859+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:45.890487+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:45.893288+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:46.006032+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:46.007583+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:46.008732+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:46.014901+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:46.115128+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:46.117437+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:46.185135+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:46.187119+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:46.345745+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:46.351373+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:53.744836+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:53.747346+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:56.365831+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:56.373310+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:56.483152+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:56.485784+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:56.552913+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:56.557951+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:50:56.600053+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:50:56.606347+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:01.866080+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:01.900892+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:02.023642+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:02.284542+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:05.850745+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:05.852920+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:11.907963+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:11.907963+02002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:12.438555+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:12.445452+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:12.531155+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:12.537086+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:12.552637+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:12.555640+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:12.669729+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:12.672090+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:18.178130+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:18.180682+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:18.318229+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:18.320532+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:18.333754+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:18.335478+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:18.349617+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:18.351831+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:18.398627+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:18.400583+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:18.424059+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:18.541557+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:18.552350+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:18.578782+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:18.591309+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:18.722490+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:18.735291+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:18.795827+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:18.803011+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:23.272052+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:23.274619+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:24.179811+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:24.181993+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:24.273174+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:24.296951+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:24.298889+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:31.254259+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:31.263142+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:34.070884+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:34.073347+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:34.130819+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:34.132985+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:34.177413+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:34.179546+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:34.187766+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:34.189678+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:34.288334+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:34.290692+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:34.908409+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:34.916093+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:40.726339+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:40.728473+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:41.905649+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:41.905649+02002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:42.631406+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:42.636188+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:44.271948+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:44.273830+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:44.349235+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:44.351150+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:44.389349+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:44.391215+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:44.490877+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:44.493810+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:44.519413+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:44.524129+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:51:58.050087+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:51:58.053146+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:52:00.653382+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:52:00.656063+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:52:00.676067+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:52:00.739089+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:52:00.773767+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:52:00.789879+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:52:00.845664+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:52:00.892122+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:52:00.928012+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:52:00.985594+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:52:08.437102+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:52:08.438793+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:52:11.907273+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:52:11.907273+02002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:52:16.579945+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:52:16.581971+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:52:19.690980+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:52:19.693608+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:52:22.892306+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:52:22.895827+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:52:23.631479+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:52:23.633635+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:52:27.890630+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:52:27.893059+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:52:34.036603+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:52:34.038374+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:52:36.903619+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:52:36.907108+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:52:37.161558+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:52:37.164934+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:52:40.047891+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:52:40.048997+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:52:40.266527+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:52:40.267551+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:52:41.909233+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:52:41.909233+02002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:52:42.026520+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:52:42.027822+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:52:44.956710+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:52:44.957638+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:52:46.317729+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:52:46.318675+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:52:55.219164+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:52:55.223462+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:52:56.631341+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:52:56.632285+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:53:06.793617+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:53:06.794925+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:53:06.900960+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:53:06.906271+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:53:06.909673+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:53:06.918450+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:53:09.892693+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:53:09.893663+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:53:11.888063+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:53:11.888063+02002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:53:12.118199+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:53:12.118987+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:53:12.235242+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:53:12.236141+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:53:12.258738+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:53:12.271759+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:53:12.272556+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:53:12.325547+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:53:12.366277+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:53:12.366946+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP
                          2024-10-26T08:53:19.085391+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1101.99.92.2037000192.168.2.649711TCP
                          2024-10-26T08:53:19.086163+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.649711101.99.92.2037000TCP

                          Network Port Distribution

                          TCP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Oct 26, 2024 08:49:21.414048910 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:49:21.419796944 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:49:21.419898987 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:49:21.626631021 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:49:21.632040977 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:49:35.174983978 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:49:35.180305958 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:49:35.419392109 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:49:35.464574099 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:49:35.740809917 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:49:35.746042013 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:49:41.913398981 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:49:41.964636087 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:49:48.699361086 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:49:48.704744101 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:49:48.943686008 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:49:48.946134090 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:49:48.951586008 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:02.246539116 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:02.252126932 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:02.507232904 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:02.510379076 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:02.515748978 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:11.936043978 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:11.980263948 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:15.777503014 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:15.782901049 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:16.186930895 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:16.189518929 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:16.194902897 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:21.418334007 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:21.424072981 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:21.663369894 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:21.666776896 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:21.672202110 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:23.387223959 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:23.392728090 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:23.433893919 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:23.439280033 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:23.465095997 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:23.470562935 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:23.480778933 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:23.486186028 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:23.527504921 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:23.532939911 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:23.574419975 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:23.579814911 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:23.643733978 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:23.645831108 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:23.651173115 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:23.708961964 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:23.717868090 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:23.723409891 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:23.724256992 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:23.725945950 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:23.760885954 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:23.763107061 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:23.809606075 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:23.823416948 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:23.826239109 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:23.831693888 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:23.841501951 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:23.843343019 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:23.889539957 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:24.420037031 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:24.425638914 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:24.673455954 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:24.676650047 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:24.682041883 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:29.636954069 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:29.643100023 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:29.668464899 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:29.673996925 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:29.683603048 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:29.689075947 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:29.699354887 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:29.704858065 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:29.746130943 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:29.752491951 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:29.882203102 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:29.893965006 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:29.899295092 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:29.927069902 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:29.929519892 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:29.977572918 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:29.990667105 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:29.995333910 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:29.999469995 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:30.001482964 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:30.001533985 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:30.007065058 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:30.007112980 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:30.012520075 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:35.059940100 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:35.067348003 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:35.314748049 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:35.319251060 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:35.324750900 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:39.902744055 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:39.908407927 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:39.933954954 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:39.939486027 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:39.949647903 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:39.955393076 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:39.965147018 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:39.970766068 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:39.996510983 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:40.002479076 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:40.074573040 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:40.080054045 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:40.147022009 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:40.150407076 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:40.157115936 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:40.193674088 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:40.202354908 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:40.210046053 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:40.212265968 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:40.240262985 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:40.243944883 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:40.264427900 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:40.267288923 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:40.313572884 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:40.357513905 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:40.359997988 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:40.367350101 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:41.913604021 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:41.964644909 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:45.527914047 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:45.533417940 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:45.636954069 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:45.642479897 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:45.730762005 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:45.736223936 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:45.762196064 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:45.767739058 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:45.772264957 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:45.774858952 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:45.821508884 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:45.855811119 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:45.861381054 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:45.871504068 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:45.876935005 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:45.890486956 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:45.893287897 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:45.941591978 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:45.941664934 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:45.947011948 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:46.006031990 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:46.007582903 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:46.007638931 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:46.008732080 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:46.014841080 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:46.014900923 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:46.020958900 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:46.115128040 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:46.117436886 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:46.123272896 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:46.185134888 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:46.187119007 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:46.192728043 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:46.343449116 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:46.345745087 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:46.351284981 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:46.351372957 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:46.356873035 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:53.496298075 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:53.502012968 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:53.744836092 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:53.747345924 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:53.752897978 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:56.121287107 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:56.126960993 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:56.230842113 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:56.236653090 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:56.293493986 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:56.299097061 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:56.308706045 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:56.314135075 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:56.365830898 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:56.373310089 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:56.378734112 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:56.483151913 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:56.485784054 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:56.492661953 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:56.552912951 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:56.557950974 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:56.563487053 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:56.600053072 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:50:56.606347084 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:50:56.657594919 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:01.621592045 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:01.628223896 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:01.668395042 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:01.674890995 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:01.866080046 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:01.900892019 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:01.906362057 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:02.023642063 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:02.136554956 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:02.284542084 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:02.290093899 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:05.605963945 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:05.611572981 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:05.850744963 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:05.852920055 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:05.858433962 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:11.777544975 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:11.783093929 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:11.886985064 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:11.892904043 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:11.907963037 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:11.933805943 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:11.981564999 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:12.012259960 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:12.017842054 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:12.058876038 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:12.064254045 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:12.074351072 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:12.079710960 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:12.106561899 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:12.112034082 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:12.152539968 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:12.157834053 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:12.277770042 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:12.283201933 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:12.308787107 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:12.314234018 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:12.324493885 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:12.330040932 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:12.438555002 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:12.445451975 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:12.450915098 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:12.521821022 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:12.531155109 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:12.536879063 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:12.537086010 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:12.542720079 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:12.543014050 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:12.548470020 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:12.552282095 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:12.552637100 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:12.555639982 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:12.555813074 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:12.601471901 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:12.601773024 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:12.607203007 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:12.669728994 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:12.672090054 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:12.677531958 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:17.933950901 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:17.939311028 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:17.982182026 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:17.987478971 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:18.074631929 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:18.080040932 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:18.090293884 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:18.095670938 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:18.105922937 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:18.112190962 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:18.152631998 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:18.162139893 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:18.178129911 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:18.180681944 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:18.229533911 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:18.229638100 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:18.234987974 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:18.318228960 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:18.320532084 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:18.325789928 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:18.325915098 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:18.331171036 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:18.333754063 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:18.335478067 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:18.349617004 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:18.351830959 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:18.398627043 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:18.400583029 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:18.424058914 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:18.424154043 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:18.473468065 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:18.479024887 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:18.484394073 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:18.541557074 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:18.552350044 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:18.557765007 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:18.578782082 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:18.591309071 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:18.641443968 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:18.722490072 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:18.735291004 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:18.740772963 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:18.795826912 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:18.803010941 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:18.808922052 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:23.027880907 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:23.033255100 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:23.272052050 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:23.274619102 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:23.280111074 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:23.683862925 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:23.689284086 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:23.699541092 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:23.704871893 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:23.714982986 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:23.720288038 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:23.730767012 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:23.736061096 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:24.027600050 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:24.032987118 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:24.179811001 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:24.181993008 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:24.187347889 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:24.271083117 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:24.273174047 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:24.278578997 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:24.278732061 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:24.284020901 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:24.296951056 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:24.298888922 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:24.345489979 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:30.966877937 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:30.972162008 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:31.254259109 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:31.263142109 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:31.268500090 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:33.824513912 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:33.829801083 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:33.840017080 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:33.845453024 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:33.887183905 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:33.892563105 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:33.933958054 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:33.939357042 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:33.965198040 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:33.970597982 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:34.070883989 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:34.073347092 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:34.078900099 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:34.130819082 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:34.132985115 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:34.138650894 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:34.177412987 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:34.179546118 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:34.187766075 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:34.189677954 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:34.237505913 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:34.288333893 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:34.290692091 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:34.296132088 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:34.402885914 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:34.408337116 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:34.908409119 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:34.916093111 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:34.921596050 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:40.481923103 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:40.487334967 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:40.726339102 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:40.728472948 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:40.734055042 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:41.905648947 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:41.980376959 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:42.386993885 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:42.392529964 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:42.631406069 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:42.636188030 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:42.641621113 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:44.027923107 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:44.033351898 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:44.059149027 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:44.064563036 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:44.105807066 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:44.115382910 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:44.168426991 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:44.175065041 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:44.246560097 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:44.255583048 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:44.271948099 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:44.273829937 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:44.325475931 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:44.349235058 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:44.351150036 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:44.356472015 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:44.389348984 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:44.391215086 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:44.437577963 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:44.490876913 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:44.493809938 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:44.499181986 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:44.519412994 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:44.524128914 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:44.573451042 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:57.793416023 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:57.808650017 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:58.050086975 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:58.053145885 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:58.067382097 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:51:59.621608973 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:51:59.933545113 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:00.415604115 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:00.415623903 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:00.415677071 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:00.433656931 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:00.653382063 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:00.656063080 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:00.669749975 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:00.672282934 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:00.676067114 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:00.737512112 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:00.739089012 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:00.751116037 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:00.771271944 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:00.773766994 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:00.789879084 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:00.789973974 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:00.845489025 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:00.845664024 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:00.864670038 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:00.888004065 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:00.892122030 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:00.906824112 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:00.907063007 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:00.928011894 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:00.928128958 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:00.985522985 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:00.985594034 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:00.998889923 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:08.184017897 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:08.197582006 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:08.437102079 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:08.438792944 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:08.451066971 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:11.907273054 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:11.949137926 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:16.324707031 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:16.338776112 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:16.579945087 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:16.581970930 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:16.596208096 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:19.436069965 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:19.451900959 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:19.690979958 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:19.693608046 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:19.708805084 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:22.622296095 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:22.637096882 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:22.892306089 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:22.895827055 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:22.908126116 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:23.277915955 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:23.363699913 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:23.631479025 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:23.633635044 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:23.646487951 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:27.637029886 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:27.651946068 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:27.890630007 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:27.893059015 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:27.903703928 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:33.777863026 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:33.783607960 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:34.036602974 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:34.038373947 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:34.044262886 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:36.449595928 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:36.459300995 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:36.833313942 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:36.903619051 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:36.904227018 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:36.907108068 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:36.920861006 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:37.161557913 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:37.164933920 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:37.175704956 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:39.793378115 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:39.808866978 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:40.012016058 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:40.027805090 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:40.047890902 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:40.048996925 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:40.105436087 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:40.266526937 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:40.267550945 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:40.282222986 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:41.762095928 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:41.777899027 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:41.909233093 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:41.964798927 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:42.026520014 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:42.027822018 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:42.042376995 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:44.702163935 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:44.717936039 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:44.956710100 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:44.957638025 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:44.972598076 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:46.058810949 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:46.073524952 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:46.317728996 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:46.318675041 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:46.333420038 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:54.965518951 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:54.978727102 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:55.219163895 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:55.223462105 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:55.237724066 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:56.355854034 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:56.392512083 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:56.631340981 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:52:56.632285118 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:52:56.646161079 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:06.543247938 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:53:06.553133965 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:06.621408939 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:53:06.631371975 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:06.652548075 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:53:06.662971020 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:06.793617010 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:06.794924974 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:53:06.806504011 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:06.900959969 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:06.906270981 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:53:06.909672976 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:06.917391062 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:06.918450117 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:53:06.929682016 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:09.640140057 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:53:09.651164055 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:09.892693043 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:09.893662930 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:53:09.906621933 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:11.871366024 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:53:11.878129959 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:11.888062954 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:11.933574915 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:53:11.933931112 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:53:11.993794918 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:11.996481895 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:53:12.004954100 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:12.012300968 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:53:12.020634890 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:12.027739048 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:53:12.033824921 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:12.118199110 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:12.118987083 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:53:12.128004074 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:12.235241890 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:12.236140966 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:53:12.241417885 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:12.258738041 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:12.271759033 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:12.271811008 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:53:12.272556067 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:53:12.325503111 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:12.325546980 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:53:12.330854893 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:12.366276979 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:12.366945982 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:53:12.413474083 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:18.840061903 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:53:18.845473051 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:19.085391045 CEST700049711101.99.92.203192.168.2.6
                          Oct 26, 2024 08:53:19.086163044 CEST497117000192.168.2.6101.99.92.203
                          Oct 26, 2024 08:53:19.091581106 CEST700049711101.99.92.203192.168.2.6

                          UDP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Oct 26, 2024 08:49:17.387379885 CEST5491653192.168.2.61.1.1.1
                          Oct 26, 2024 08:49:18.386786938 CEST5491653192.168.2.61.1.1.1
                          Oct 26, 2024 08:49:19.402539968 CEST5491653192.168.2.61.1.1.1
                          Oct 26, 2024 08:49:21.398121119 CEST53549161.1.1.1192.168.2.6
                          Oct 26, 2024 08:49:21.398144007 CEST53549161.1.1.1192.168.2.6
                          Oct 26, 2024 08:49:21.398156881 CEST53549161.1.1.1192.168.2.6

                          DNS Queries

                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                          Oct 26, 2024 08:49:17.387379885 CEST192.168.2.61.1.1.10x78beStandard query (0)dcxwq1.duckdns.orgA (IP address)IN (0x0001)false
                          Oct 26, 2024 08:49:18.386786938 CEST192.168.2.61.1.1.10x78beStandard query (0)dcxwq1.duckdns.orgA (IP address)IN (0x0001)false
                          Oct 26, 2024 08:49:19.402539968 CEST192.168.2.61.1.1.10x78beStandard query (0)dcxwq1.duckdns.orgA (IP address)IN (0x0001)false

                          DNS Answers

                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                          Oct 26, 2024 08:49:21.398121119 CEST1.1.1.1192.168.2.60x78beNo error (0)dcxwq1.duckdns.org101.99.92.203A (IP address)IN (0x0001)false
                          Oct 26, 2024 08:49:21.398144007 CEST1.1.1.1192.168.2.60x78beNo error (0)dcxwq1.duckdns.org101.99.92.203A (IP address)IN (0x0001)false
                          Oct 26, 2024 08:49:21.398156881 CEST1.1.1.1192.168.2.60x78beNo error (0)dcxwq1.duckdns.org101.99.92.203A (IP address)IN (0x0001)false

                          Statistics

                          CPU Usage

                          Click to jump to process

                          Memory Usage

                          Click to jump to process

                          High Level Behavior Distribution

                          Click to dive into process behavior distribution

                          System Behavior

                          General

                          Target ID:0
                          Start time:02:49:12
                          Start date:26/10/2024
                          Path:C:\Users\user\Desktop\rrwzOU7A9F.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Users\user\Desktop\rrwzOU7A9F.exe"
                          Imagebase:0x540000
                          File size:65'536 bytes
                          MD5 hash:1C60FA81854080166D34761610F776CC
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000000.2129741848.0000000000542000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                          • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000000.2129741848.0000000000542000.00000002.00000001.01000000.00000003.sdmp, Author: ditekSHen
                          • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000002.4577195379.0000000002911000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          Reputation:low
                          Has exited:false

                          Disassembly

                          Reset < >

                            Execution Graph

                            Execution Coverage:17.7%
                            Dynamic/Decrypted Code Coverage:100%
                            Signature Coverage:0%
                            Total number of Nodes:3
                            Total number of Limit Nodes:0
                            execution_graph 4492 7ffd34651be8 4493 7ffd34651bf1 SetWindowsHookExW 4492->4493 4495 7ffd34651cc1 4493->4495

                            Executed Functions

                            Function 00007FFD34652850 Relevance: 2.4, Strings: 1, Instructions: 1142COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 17 7ffd34652850-7ffd3465a693 19 7ffd3465a6dd-7ffd3465a6f0 17->19 20 7ffd3465a695-7ffd3465a6a0 call 7ffd346505c0 17->20 21 7ffd3465a6f2-7ffd3465a70f 19->21 22 7ffd3465a766 19->22 24 7ffd3465a6a5-7ffd3465a6f0 20->24 26 7ffd3465a76b-7ffd3465a780 21->26 27 7ffd3465a711-7ffd3465a761 call 7ffd34659530 21->27 22->26 24->21 24->22 32 7ffd3465a782-7ffd3465a794 call 7ffd346505d0 26->32 33 7ffd3465a799-7ffd3465a7ae 26->33 52 7ffd3465b339-7ffd3465b347 27->52 32->52 39 7ffd3465a7e1-7ffd3465a7f6 33->39 40 7ffd3465a7b0-7ffd3465a7dc 33->40 47 7ffd3465a809-7ffd3465a81e 39->47 48 7ffd3465a7f8-7ffd3465a804 call 7ffd34658530 39->48 40->52 56 7ffd3465a864-7ffd3465a879 47->56 57 7ffd3465a820-7ffd3465a823 47->57 48->52 62 7ffd3465a8ba-7ffd3465a8cf 56->62 63 7ffd3465a87b-7ffd3465a87e 56->63 57->22 59 7ffd3465a829-7ffd3465a834 57->59 59->22 61 7ffd3465a83a-7ffd3465a85f call 7ffd346505a8 call 7ffd34658530 59->61 61->52 69 7ffd3465a8d1-7ffd3465a8d4 62->69 70 7ffd3465a8fc-7ffd3465a911 62->70 63->22 64 7ffd3465a884-7ffd3465a88f 63->64 64->22 66 7ffd3465a895-7ffd3465a8b5 call 7ffd346505a8 call 7ffd346528a0 64->66 66->52 69->22 72 7ffd3465a8da-7ffd3465a8f7 call 7ffd346505a8 call 7ffd346528a8 69->72 80 7ffd3465a9fd-7ffd3465aa12 70->80 81 7ffd3465a917-7ffd3465a977 call 7ffd34650530 70->81 72->52 89 7ffd3465aa31-7ffd3465aa46 80->89 90 7ffd3465aa14-7ffd3465aa17 80->90 81->22 121 7ffd3465a97d-7ffd3465a9b5 call 7ffd34658540 81->121 98 7ffd3465aa68-7ffd3465aa7d 89->98 99 7ffd3465aa48-7ffd3465aa4b 89->99 90->22 91 7ffd3465aa1d-7ffd3465aa27 call 7ffd34652880 90->91 97 7ffd3465aa2b-7ffd3465aa2c 91->97 97->52 107 7ffd3465aa9d-7ffd3465aab2 98->107 108 7ffd3465aa7f-7ffd3465aa98 98->108 99->22 101 7ffd3465aa51-7ffd3465aa63 call 7ffd34652880 99->101 101->52 112 7ffd3465aad2-7ffd3465aae7 107->112 113 7ffd3465aab4-7ffd3465aacd 107->113 108->52 119 7ffd3465aae9-7ffd3465ab02 112->119 120 7ffd3465ab07-7ffd3465ab1c 112->120 113->52 119->52 124 7ffd3465ab1e-7ffd3465ab21 120->124 125 7ffd3465ab45-7ffd3465ab5a 120->125 121->22 138 7ffd3465a9bb-7ffd3465a9da call 7ffd34658550 121->138 124->22 127 7ffd3465ab27-7ffd3465ab40 124->127 132 7ffd3465ab60-7ffd3465abd8 125->132 133 7ffd3465abfa-7ffd3465ac0f 125->133 127->52 132->22 164 7ffd3465abde-7ffd3465abf5 132->164 139 7ffd3465ac11-7ffd3465ac22 133->139 140 7ffd3465ac27-7ffd3465ac3c 133->140 138->97 151 7ffd3465a9dc-7ffd3465a9f8 138->151 139->52 147 7ffd3465ac42-7ffd3465ac5d 140->147 148 7ffd3465acdc-7ffd3465acf1 140->148 157 7ffd3465acf3-7ffd3465ad04 148->157 158 7ffd3465ad09-7ffd3465ad1e 148->158 151->52 157->52 165 7ffd3465ad20-7ffd3465ad5a call 7ffd34650ec0 call 7ffd34659530 158->165 166 7ffd3465ad5f-7ffd3465ad74 158->166 164->52 165->52 171 7ffd3465ad7a-7ffd3465ae16 call 7ffd34650ec0 call 7ffd34659530 166->171 172 7ffd3465ae1b-7ffd3465ae30 166->172 171->52 177 7ffd3465aebe-7ffd3465aed3 172->177 178 7ffd3465ae36-7ffd3465ae39 172->178 185 7ffd3465aed5-7ffd3465aee2 call 7ffd34659530 177->185 186 7ffd3465aee7-7ffd3465aefc 177->186 179 7ffd3465aeb3-7ffd3465aeb8 178->179 180 7ffd3465ae3b-7ffd3465ae46 178->180 194 7ffd3465aeb9 179->194 180->179 184 7ffd3465ae48-7ffd3465aeb1 call 7ffd34650ec0 call 7ffd34659530 180->184 184->194 185->52 198 7ffd3465aefe-7ffd3465af38 call 7ffd34650ec0 call 7ffd34659530 186->198 199 7ffd3465af3d-7ffd3465af52 186->199 194->52 198->52 206 7ffd3465afdd-7ffd3465aff2 199->206 207 7ffd3465af58-7ffd3465af69 199->207 218 7ffd3465b032-7ffd3465b047 206->218 219 7ffd3465aff4-7ffd3465aff7 206->219 207->22 216 7ffd3465af6f-7ffd3465af7f call 7ffd346505a0 207->216 229 7ffd3465af81-7ffd3465afb6 call 7ffd34659530 216->229 230 7ffd3465afbb-7ffd3465afd8 call 7ffd346505a0 call 7ffd346505a8 call 7ffd34652858 216->230 231 7ffd3465b08d-7ffd3465b0a2 218->231 232 7ffd3465b049-7ffd3465b088 call 7ffd346591f0 call 7ffd346580f0 call 7ffd34652860 218->232 219->22 222 7ffd3465affd-7ffd3465b02d call 7ffd34650598 call 7ffd346505a8 call 7ffd34652858 219->222 222->52 229->52 230->52 248 7ffd3465b0a4-7ffd3465b107 call 7ffd34650ec0 call 7ffd34659530 231->248 249 7ffd3465b10c-7ffd3465b121 231->249 232->52 248->52 249->52 268 7ffd3465b127-7ffd3465b241 call 7ffd34658560 call 7ffd34658570 call 7ffd34658580 call 7ffd34658590 call 7ffd34652140 call 7ffd346585a0 call 7ffd34658570 call 7ffd34658580 249->268 304 7ffd3465b2b2-7ffd3465b2c7 call 7ffd34650ec0 268->304 305 7ffd3465b243-7ffd3465b247 268->305 308 7ffd3465b2c8-7ffd3465b338 call 7ffd346505b0 call 7ffd34659530 304->308 307 7ffd3465b249-7ffd3465b2a8 call 7ffd346585b0 call 7ffd346585c0 305->307 305->308 307->304 308->52
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4579716440.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7ffd34650000_rrwzOU7A9F.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID: 0-3916222277
                            • Opcode ID: a8770be5d95fbb3b6b2d920ce4ea4b6ec9107a102590faa3f98b125127a6dea3
                            • Instruction ID: 4aabdb89600bd533439a9f98782e73ab759dfcd090893d5ed6fa9817dfff3379
                            • Opcode Fuzzy Hash: a8770be5d95fbb3b6b2d920ce4ea4b6ec9107a102590faa3f98b125127a6dea3
                            • Instruction Fuzzy Hash: 10725030B1C92A4FEBA4FB7884A56B973D2EF99310B5445B9D51ED3282DE2CEC42D740
                            Function 00007FFD346568E6 Relevance: .5, Instructions: 470COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 563 7ffd346568e6-7ffd346568f3 564 7ffd346568fe-7ffd346569c7 563->564 565 7ffd346568f5-7ffd346568fd 563->565 569 7ffd34656a33 564->569 570 7ffd346569c9-7ffd346569d2 564->570 565->564 572 7ffd34656a35-7ffd34656a5a 569->572 570->569 571 7ffd346569d4-7ffd346569e0 570->571 573 7ffd346569e2-7ffd346569f4 571->573 574 7ffd34656a19-7ffd34656a31 571->574 578 7ffd34656a5c-7ffd34656a65 572->578 579 7ffd34656ac6 572->579 576 7ffd346569f6 573->576 577 7ffd346569f8-7ffd34656a0b 573->577 574->572 576->577 577->577 580 7ffd34656a0d-7ffd34656a15 577->580 578->579 581 7ffd34656a67-7ffd34656a73 578->581 582 7ffd34656ac8-7ffd34656b70 579->582 580->574 583 7ffd34656aac-7ffd34656ac4 581->583 584 7ffd34656a75-7ffd34656a87 581->584 593 7ffd34656b72-7ffd34656b7c 582->593 594 7ffd34656bde 582->594 583->582 585 7ffd34656a89 584->585 586 7ffd34656a8b-7ffd34656a9e 584->586 585->586 586->586 588 7ffd34656aa0-7ffd34656aa8 586->588 588->583 593->594 595 7ffd34656b7e-7ffd34656b8b 593->595 596 7ffd34656be0-7ffd34656c09 594->596 597 7ffd34656bc4-7ffd34656bdc 595->597 598 7ffd34656b8d-7ffd34656b9f 595->598 603 7ffd34656c73 596->603 604 7ffd34656c0b-7ffd34656c16 596->604 597->596 599 7ffd34656ba1 598->599 600 7ffd34656ba3-7ffd34656bb6 598->600 599->600 600->600 602 7ffd34656bb8-7ffd34656bc0 600->602 602->597 605 7ffd34656c75-7ffd34656d06 603->605 604->603 606 7ffd34656c18-7ffd34656c26 604->606 614 7ffd34656d0c-7ffd34656d1b 605->614 607 7ffd34656c5f-7ffd34656c71 606->607 608 7ffd34656c28-7ffd34656c3a 606->608 607->605 609 7ffd34656c3e-7ffd34656c51 608->609 610 7ffd34656c3c 608->610 609->609 612 7ffd34656c53-7ffd34656c5b 609->612 610->609 612->607 615 7ffd34656d23-7ffd34656d88 call 7ffd34656da4 614->615 616 7ffd34656d1d 614->616 623 7ffd34656d8f-7ffd34656da3 615->623 624 7ffd34656d8a 615->624 616->615 624->623
                            Memory Dump Source
                            • Source File: 00000000.00000002.4579716440.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7ffd34650000_rrwzOU7A9F.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4acd1b2c22911e48fe835795bf68512353ad67386c7761789136c3d7694e378c
                            • Instruction ID: af15d076fa74853c244c663e1b0e8f09d7adc0afbf3c8ef53898b34c0a587396
                            • Opcode Fuzzy Hash: 4acd1b2c22911e48fe835795bf68512353ad67386c7761789136c3d7694e378c
                            • Instruction Fuzzy Hash: 41F19530A08A4D8FEBA8DF28C8557E977E1FF55310F04826EE84DC7291DB78A955CB81
                            Function 00007FFD34657692 Relevance: .5, Instructions: 456COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4579716440.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7ffd34650000_rrwzOU7A9F.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d657bc33fd0a21bca2c10bce2507c074dfd0704b983dfa3954bb50b03f9c3945
                            • Instruction ID: 3090d9a2e180c68deb2f5f902aa3fdf5336b9f259c216e6cfe760d888a5791fe
                            • Opcode Fuzzy Hash: d657bc33fd0a21bca2c10bce2507c074dfd0704b983dfa3954bb50b03f9c3945
                            • Instruction Fuzzy Hash: C0E1C330A08A4E8FEBA9DF28C8657E977E1FF55311F14426ED84DC7291DF78A8408B81
                            Function 00007FFD34651BE8 Relevance: 1.6, APIs: 1, Instructions: 141COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 331 7ffd34651be8-7ffd34651bef 332 7ffd34651bf1-7ffd34651bf9 331->332 333 7ffd34651bfa-7ffd34651c6d 331->333 332->333 336 7ffd34651c73-7ffd34651c78 333->336 337 7ffd34651cf9-7ffd34651cfd 333->337 339 7ffd34651c7f-7ffd34651c80 336->339 338 7ffd34651c82-7ffd34651cbf SetWindowsHookExW 337->338 340 7ffd34651cc1 338->340 341 7ffd34651cc7-7ffd34651cf8 338->341 339->338 340->341
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.4579716440.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7ffd34650000_rrwzOU7A9F.jbxd
                            Similarity
                            • API ID: HookWindows
                            • String ID:
                            • API String ID: 2559412058-0
                            • Opcode ID: dfcacbffd20792bd6fd8effffe022092764e1ecd2aa1b21969b1bcde8a75a465
                            • Instruction ID: a30fd81a90e20d4cea84e42af8b355f87d75bc8f0a936647ad809ea49f55e2a6
                            • Opcode Fuzzy Hash: dfcacbffd20792bd6fd8effffe022092764e1ecd2aa1b21969b1bcde8a75a465
                            • Instruction Fuzzy Hash: A7410A31A1CA5C4FDB19DF6CD8566F97BE1EB5A311F00027ED04DD3192DA65A812C7C1

                            Non-executed Functions

                            Function 00007FFD346529FA Relevance: .1, Instructions: 145COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4579716440.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7ffd34650000_rrwzOU7A9F.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6ce9046332db8dd67ffd3fa20269f64c77a5d74a9ff776ad7272901be63e01b5
                            • Instruction ID: 757fd986bd7a344acf6a2064fe725594b67cf14ccd672ec56da53f88e7bf986e
                            • Opcode Fuzzy Hash: 6ce9046332db8dd67ffd3fa20269f64c77a5d74a9ff776ad7272901be63e01b5
                            • Instruction Fuzzy Hash: 1E4104ABA0D6E21EF2638F6D5CF54D63FA8EF5322470910F3D2C5C6093E90D2547AA61