Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Dm35sdidf3.exe

Overview

General Information

Sample name:Dm35sdidf3.exe
renamed because original name is a hash value
Original sample name:a8fa6b364a96838cb435a29c3be5eca12bc29f7079f07157d582c149abe7f385.exe
Analysis ID:1577174
MD5:bfc6bd999b1a5247cdbf67c15ba48b1f
SHA1:322cce6decc4edd6f0f54d5e9f117c83306723ba
SHA256:a8fa6b364a96838cb435a29c3be5eca12bc29f7079f07157d582c149abe7f385
Tags:92-255-57-155exeuser-JAMESWT_MHT
Infos:

Detection

XWorm
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected XWorm
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Program does not show much activity (idle)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Dm35sdidf3.exe (PID: 6364 cmdline: "C:\Users\user\Desktop\Dm35sdidf3.exe" MD5: BFC6BD999B1A5247CDBF67C15BA48B1F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: Xworm

{"C2 url": ["92.255.57.155"], "Port": 4411, "Aes key": "P0WER", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Dm35sdidf3.exeJoeSecurity_XWormYara detected XWormJoe Security
    Dm35sdidf3.exeMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
    • 0xac5c:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
    • 0xacf9:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
    • 0xae0e:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
    • 0xaa1e:$cnc4: POST / HTTP/1.1

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000000.1722575405.00000000007E2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_XWormYara detected XWormJoe Security
      00000000.00000000.1722575405.00000000007E2000.00000002.00000001.01000000.00000003.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
      • 0xaa5c:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0xaaf9:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0xac0e:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0xa81e:$cnc4: POST / HTTP/1.1
      00000000.00000002.4175859935.0000000002B01000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
        Process Memory Space: Dm35sdidf3.exe PID: 6364JoeSecurity_XWormYara detected XWormJoe Security

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.0.Dm35sdidf3.exe.7e0000.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
            0.0.Dm35sdidf3.exe.7e0000.0.unpackMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
            • 0xac5c:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
            • 0xacf9:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
            • 0xae0e:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
            • 0xaa1e:$cnc4: POST / HTTP/1.1

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-18T08:29:22.543392+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:29:28.547707+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:29:33.936263+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:29:45.284392+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:29:56.658278+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:29:58.558934+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:30:08.033325+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:30:10.381009+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:30:16.909054+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:30:17.833181+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:30:18.023857+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:30:20.458969+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:30:28.392168+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:30:28.583125+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:30:29.471655+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:30:33.111800+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:30:33.302503+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:30:33.426536+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:30:38.988157+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:30:43.611594+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:30:43.806539+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:30:44.971607+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:30:46.503466+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:30:53.110975+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:30:54.049228+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:30:58.144303+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:30:58.562419+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:30:59.283307+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:30:59.474293+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:30:59.639085+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:31:09.752396+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:31:09.989283+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:31:10.370143+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:31:10.668755+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:31:21.892785+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:31:25.205711+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:31:25.396195+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:31:27.611630+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:31:28.562883+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:31:32.362030+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:31:35.409102+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:31:35.613193+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:31:36.645170+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:31:47.924554+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:31:50.645919+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:31:54.929686+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:31:58.585935+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:01.237234+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:01.427484+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:03.315654+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:08.080609+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:10.240246+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:10.490322+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:11.658476+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:11.849402+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:12.029913+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:12.165271+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:20.377155+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:20.986120+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:23.346840+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:23.537740+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:23.850180+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:28.593269+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:28.784292+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:28.975025+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:33.772586+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:33.963309+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:35.205090+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:35.395795+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:39.070423+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:41.612422+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:44.205862+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:44.396678+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:45.986468+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:53.174093+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:58.614274+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:59.486669+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:59.677533+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:32:59.798466+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:33:01.104605+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:33:02.267508+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:33:05.971076+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            2024-12-18T08:33:08.772100+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-18T08:29:22.639006+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:29:33.938497+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:29:45.287137+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:29:56.660581+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:30:08.036000+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:30:10.383606+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:30:16.911657+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:30:17.840505+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:30:18.026386+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:30:18.157021+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:30:18.318761+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:30:20.460971+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:30:28.397882+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:30:29.473752+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:30:33.115987+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:30:33.304491+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:30:33.428673+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:30:33.627517+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:30:38.990723+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:30:43.658601+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:30:43.812883+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:30:43.971773+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:30:44.973790+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:30:46.519541+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:30:53.113094+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:30:54.076476+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:30:58.147880+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:30:59.285758+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:30:59.476685+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:30:59.641022+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:31:09.759599+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:31:10.049902+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:31:10.378893+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:31:10.671669+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:31:21.896974+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:31:25.207386+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:31:25.397826+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:31:27.613272+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:31:32.374730+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:31:35.690792+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:31:36.354838+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:31:36.649652+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:31:47.929739+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:31:50.649064+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:31:55.100252+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:01.239090+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:01.429149+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:01.551399+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:03.318172+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:08.091842+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:10.251838+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:10.492996+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:11.719157+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:11.854247+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:12.038087+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:12.169792+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:20.379798+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:20.988206+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:23.392054+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:23.539565+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:23.704730+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:24.005631+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:28.785446+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:28.976198+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:33.773353+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:33.964260+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:34.085140+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:34.250280+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:35.206137+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:35.397115+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:39.071454+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:41.613828+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:44.209843+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:44.403282+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:45.990514+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:53.175847+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:59.487700+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:59.678221+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:59.799031+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:32:59.993880+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:33:01.145169+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:33:02.272807+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:33:05.978009+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            2024-12-18T08:33:08.772915+010028529231Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-18T08:29:28.547707+010028588011Malware Command and Control Activity Detected92.255.57.1554411192.168.2.449730TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-18T08:30:46.069632+010028587991Malware Command and Control Activity Detected192.168.2.44973092.255.57.1554411TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: Dm35sdidf3.exeAvira: detected
            Found malware configuration
            Source: Dm35sdidf3.exeMalware Configuration Extractor: Xworm {"C2 url": ["92.255.57.155"], "Port": 4411, "Aes key": "P0WER", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}
            Multi AV Scanner detection for submitted file
            Source: Dm35sdidf3.exeReversingLabs: Detection: 76%
            Source: Dm35sdidf3.exeVirustotal: Detection: 68%Perma Link
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: Dm35sdidf3.exeJoe Sandbox ML: detected
            Sample uses string decryption to hide its real strings
            Source: Dm35sdidf3.exeString decryptor: 92.255.57.155
            Source: Dm35sdidf3.exeString decryptor: 4411
            Source: Dm35sdidf3.exeString decryptor: P0WER
            Source: Dm35sdidf3.exeString decryptor: <Xwormmm>
            Source: Dm35sdidf3.exeString decryptor: XWorm V5.6
            Source: Dm35sdidf3.exeString decryptor: USB.exe
            Source: Dm35sdidf3.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: Dm35sdidf3.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2858800 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.4:49730 -> 92.255.57.155:4411
            Source: Network trafficSuricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 92.255.57.155:4411 -> 192.168.2.4:49730
            Source: Network trafficSuricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.4:49730 -> 92.255.57.155:4411
            Source: Network trafficSuricata IDS: 2858801 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound : 92.255.57.155:4411 -> 192.168.2.4:49730
            Source: Network trafficSuricata IDS: 2858799 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.4:49730 -> 92.255.57.155:4411
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: 92.255.57.155
            Source: global trafficTCP traffic: 192.168.2.4:49730 -> 92.255.57.155:4411
            Source: Joe Sandbox ViewIP Address: 92.255.57.155 92.255.57.155
            Source: Joe Sandbox ViewASN Name: TELSPRU TELSPRU
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
            Source: Dm35sdidf3.exe, 00000000.00000002.4175859935.0000000002B01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: Dm35sdidf3.exe, type: SAMPLEMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: 0.0.Dm35sdidf3.exe.7e0000.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: 00000000.00000000.1722575405.00000000007E2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess Stats: CPU usage > 49%
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeCode function: 0_2_00007FFD9B88A2440_2_00007FFD9B88A244
            Source: Dm35sdidf3.exe, 00000000.00000000.1722575405.00000000007E2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameXClient.exe4 vs Dm35sdidf3.exe
            Source: Dm35sdidf3.exeBinary or memory string: OriginalFilenameXClient.exe4 vs Dm35sdidf3.exe
            Source: Dm35sdidf3.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: Dm35sdidf3.exe, type: SAMPLEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: 0.0.Dm35sdidf3.exe.7e0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: 00000000.00000000.1722575405.00000000007E2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: Dm35sdidf3.exe, 8zNojDlPt46QazeXuL2Y6OFYWD4q0R1PB0Jr.csCryptographic APIs: 'TransformFinalBlock'
            Source: Dm35sdidf3.exe, QaWqpUWtixIY480pbeOtn5Zr4D7gzBZcHLuj.csCryptographic APIs: 'TransformFinalBlock'
            Source: Dm35sdidf3.exe, QaWqpUWtixIY480pbeOtn5Zr4D7gzBZcHLuj.csCryptographic APIs: 'TransformFinalBlock'
            Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@0/1
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeMutant created: NULL
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeMutant created: \Sessions\1\BaseNamedObjects\o8kSNczORMveFDjV
            Source: Dm35sdidf3.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: Dm35sdidf3.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: Dm35sdidf3.exeReversingLabs: Detection: 76%
            Source: Dm35sdidf3.exeVirustotal: Detection: 68%
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeSection loaded: avicap32.dllJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeSection loaded: msvfw32.dllJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
            Source: Dm35sdidf3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: Dm35sdidf3.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

            Data Obfuscation

            barindex
            .NET source code contains method to dynamically call methods (often used by packers)
            Source: Dm35sdidf3.exe, YEvg1ghr5oE7q291wupcmyp3OMXXDn6VzNcS.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{BVATFifTpLLdrEgagPCqj07O4YZaqnifocDc1Ai582wi6IE85R4oo6JIyPcw0vYx9Cwp9Scj9TDAHeruFk2uBdYRexkOZ.JAcwvugr7yueKabGzBseGV7hjHu3W5QkNTNx8sjM423vV0qUPhEfZ5MkLIEJU4xShmmuAovdOhpox4n3YIsmafGmDjbdd,BVATFifTpLLdrEgagPCqj07O4YZaqnifocDc1Ai582wi6IE85R4oo6JIyPcw0vYx9Cwp9Scj9TDAHeruFk2uBdYRexkOZ._0L8f3WleevzcnPl9n2WNh7NW3wKOwPuy3tb1aRsXW0f6uDBis6nnThh3XPCCqA67oaXX8IvfAGwXsJMVtwgg9Ni2DmPT8,BVATFifTpLLdrEgagPCqj07O4YZaqnifocDc1Ai582wi6IE85R4oo6JIyPcw0vYx9Cwp9Scj9TDAHeruFk2uBdYRexkOZ.AXmSpip9Rgys9UoRCdGDlWOrb1oWCmZg9LzuKvf7aAgnKzemNYUyaBbirLIHk9vkM1Q5MLhWeOn1dI5xukaKG5mOVcOdq,BVATFifTpLLdrEgagPCqj07O4YZaqnifocDc1Ai582wi6IE85R4oo6JIyPcw0vYx9Cwp9Scj9TDAHeruFk2uBdYRexkOZ.pdozcqiNcmOnTnX1sUHm37yRWYhfKxfHJgJzzWfK4H9V6gQ9zRXQa28p93aV0bU5xPMwelYaDwx7MaHuT0cauWHxV6Umo,QaWqpUWtixIY480pbeOtn5Zr4D7gzBZcHLuj.ZUrIm4Kp1Nn4jNQE1iMoBcsuerfZEYytj3QZ()}}, (string[])null, (Type[])null, (bool[])null, true)
            Source: Dm35sdidf3.exe, YEvg1ghr5oE7q291wupcmyp3OMXXDn6VzNcS.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{YEqzscG0zcPqbAz0DZOo4YlGXPhJyHTNqYyr[2],QaWqpUWtixIY480pbeOtn5Zr4D7gzBZcHLuj.sOh0Jlwra2Jn4MOGwAe1E2VHcq3RkFs1RAqN(Convert.FromBase64String(YEqzscG0zcPqbAz0DZOo4YlGXPhJyHTNqYyr[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
            .NET source code contains potential unpacker
            Source: Dm35sdidf3.exe, YEvg1ghr5oE7q291wupcmyp3OMXXDn6VzNcS.cs.Net Code: KU6ebjx3tSHR1sS58Bl74qLknJYhh6poBC0K System.AppDomain.Load(byte[])
            Source: Dm35sdidf3.exe, YEvg1ghr5oE7q291wupcmyp3OMXXDn6VzNcS.cs.Net Code: ZXM1GiAbCs2MG58yBipqRw6sU19wHUENOsMn System.AppDomain.Load(byte[])
            Source: Dm35sdidf3.exe, YEvg1ghr5oE7q291wupcmyp3OMXXDn6VzNcS.cs.Net Code: ZXM1GiAbCs2MG58yBipqRw6sU19wHUENOsMn
            Source: Dm35sdidf3.exe, b02VErUOAyp7KgsN3bFDF2auprIqAGCLaGMp.csHigh entropy of concatenated method names: 'INkezmr6hizs7DYFjV4aAMMuO4B8vcIzpRzl', '_1UgweADLCOTyFcav1bCSPpZmBT2YjbCvAU2a', 'N38ShQwEPMzDIeuhJy4EphCuYO22ULsDR4AR', 'VQJXMcVFd751mpqtfhNss', 'MoXo9dtjQWauKcR4tF0QZ', '_9KThUWSyhPoAhybqdEEGn', 'ZOGHWakUiTGxpDEMxkgVq', 'VbdrNDJi8xPxLw2mCoL5G', 'ZDOPOAfhNiZba9q2wF0zk', 'gLT3eh2G9sbPPYX5MS02M'
            Source: Dm35sdidf3.exe, ecfzk1BLTMVYPDpfIlTKGWKme1YqqZGoyQ7Vc33TJphCOCCj76EqW1abpBIyhIQ4ZDwplcAJv1P6YGgTLqEZyNFN0Yjag.csHigh entropy of concatenated method names: 'Equals', 'GetHashCode', 'GetType', 'ToString', 'Create__Instance__', 'Dispose__Instance__', 'aBhmG8hesQRZx5swb8QklvJR7WenRTLT4PpJ', 'J3SeuSTYALTr3yfRGGRIng8jjRcOlYfMvoE8', 'EoOkNZdPQEWcWFnAib8PkZw6yS7hompPojzR', 'FJElkQ5aMB1hwH9O2Q9GR2Cz4GaNeyxzx8iv'
            Source: Dm35sdidf3.exe, YEvg1ghr5oE7q291wupcmyp3OMXXDn6VzNcS.csHigh entropy of concatenated method names: 'ACdeIzXseyPo4zWqWy02RazcDiWaeYEF3sMU', 'KU6ebjx3tSHR1sS58Bl74qLknJYhh6poBC0K', 'N1sexz3RI1DpSUs8sFctRkct2k71o6Dw5adn', 'UqsaOcNK4UPWrSnz315O3fHPN7hmKXXzM5ek', 'JVZHi2GrdZvpd6rLMCYrVVcMGmoHeoBq6p3H', 'pyZ9AMn9R81CWO7jWKyfev1oi7ghwwdSnb3i', 'qZ6RmsuveDKUm2nZ6abIPK0CPfRROfax8QwG', 'NKRNz1jRg2dg9416sbsJ9O1Prxh7Ujl233zE', 'ai8NTPVbOPHKdfOoapJOEteWyRNHxMPPWDhT', 'NvDSL0KgPKbgoTgffwjCGHfA0D7JbHNtdeDP'
            Source: Dm35sdidf3.exe, 8zNojDlPt46QazeXuL2Y6OFYWD4q0R1PB0Jr.csHigh entropy of concatenated method names: 'Vl7IYPbs0k94qffFzhKGetVhWAXE2DuwFW3Z', '_0Byrd5Yenv0fM67D8WjMm', 'FTmqyKQFF2nZLlpTlQxHj', 'ycVPE2G11CcWkNNNsiscT', '_1Ou3AbDogGuZOToO0DEh1'
            Source: Dm35sdidf3.exe, tSBhnwvdpxEXyJxA8lGv4Bgp4p8TME6qQQXq.csHigh entropy of concatenated method names: 'NxpU6fdmEe350QRzSjmBG9bNgqiTmTVt3HvB', '_0iGLzTupk4oCtdljtdO0J', 'GH26cbm9WLUxhV866JkHg', '_41oPTrdIImlCUF6BZDilb', 'sy473pUm38ZS8xSNy8qaL'
            Source: Dm35sdidf3.exe, QaWqpUWtixIY480pbeOtn5Zr4D7gzBZcHLuj.csHigh entropy of concatenated method names: 'J8wHw2osnqTKiwkc3AZR8dJNxdbogdSKtxmF', 'qRcvRLsx0rxBIjhYsY9PC5vCWjsb8g2zuOH7', 'hLvrRQnXSt6R0bWy2ezji7tuxQIXN8qZ0RVf', 'ceHhszv7a2pCt2179HvaC23Hie2toqek6kQm', 'rMQUqeCYVWFCeYXZemrUiFJninSg7w4dNwcp', 'w5OdajmqiE1M7BW3IMdtUvegP99kuNYpO8vy', 'BjIxTPFBlXVTDrgqc7l5EYgWBO9QbMzlkizN', 'Su3QHI7NRcYJwIpsPYz5ohtFr2qfwzPcRLZJ', 'vABejWKfbSdGkHO9pNjXKLu0vDNBKiHgCRXA', '_5rpp77KCzZlHIngjWeMz70hTryBV4kjkB21s'
            Source: Dm35sdidf3.exe, Ovf0N5CQI1OINhI7lGry0rZm9kRY1ouImX1rRJDUauSsRBy7XEy1Vt7xi5mHlsT56DNCiId2YJlUZmsE23x0zAxkvKtDD.csHigh entropy of concatenated method names: 'U5sr0xpHdPhDSSbzFhxVIzRWeUyjHKaz7fC1kB0zXHJhnGI0CUd6SU5JrE3jDkMuJaZ7EPji9ym2R2XoRsaHYn1rH30jX', '_1uaG3Jmqcbu2z3C6aXj7JDQp2ADrLzHvGZEbDAKFqxfCBIw8pqHWCSMAzwDlV7JEVIKw2jbg6Y6KWsHnPlqFhGkgkWgUO', 'zQW9aPhZQcTvVUKWPGF2Lx6BnGfcxuOWukqHMV5NabLvy73gvdWFFJrw8wap5tuyfzFK81X3Lcq2tDHNKzdH2wLMcfc6J', '_4evsVFwMgy4n0x0cZfFsT', 'bqSHGcZwiXLgYoIjsUGSg', 'Wgka3ShlAx39hjLg9aMl6', '_1GVuR1tPkrWg5WEjE8zNi', 'Gf4QevTLf6VvSRMQTyTwD', 'pLeUDmoCnx132zeKo40LY', 'OnEtj15FfkoF6zFGMzPj9'
            Source: Dm35sdidf3.exe, iHb4sM6YGQ9c4dJp0PcDcTbymDMrcNDmdcyptmWABN6esl0n9Gq730slwRvMQhBj9S7AVAKLOj0nx1lNlgFo1hvIZSqHt.csHigh entropy of concatenated method names: 'xIeDGhWJh2dTLJj2KIKIkFlXgJ7yVJFMa5ZsnMElaczn389Ab5jcRZjYkKt4ktw9FQNKLIiNSjxfAYBeFydeIuEsxRDU0', 'iidSY7kDOs5FStDZNmRMEjt7glMgsaLCx80cm1y6v2rBQX100VXnfdgl8ByYbIq1ko8jZmN3f7W1XVjrN27WQa2rilPm8', 'FExflqz2ggYzAB8RkhZzQMhxx6cV08pL74aeNkOLC16P1A5u4mPbh4a9MT8ExggxPZvlSo1Qtx8QnVUuKM1ZGz1xvvbVE', 'GrEs6aQJtRM5DVNA9OStPBAI69B70MrCQV4OAAGaHOcugd3H2svSK0xh9ENhsIxRZzNDGBo079U7lkA0mxcejrA46fvwu', 'jXQ7CW5pazCc1V0AEwdp5SnRJDYF7u5sZpU1n9bZRSjgDRix2AIbxFkub0H4SD8hHRAob5vbVGbs5kHrIA0a7heeGQbl7', 'glsn8zXWNedoYiCWR7ggZIm7mZY5mNmOoEyXSr6Gd9iu88DRgb03GoD5Jw1HVc9eduqMCd7d76L4cERmtSvnznvJHtpF0', 'iccNNeoF51wTxbpATnVFbAdt8d8MulXIqrA55pnFvGlLeEqiiqogIHyvrrBCs4jIsjlfOXE0IFpBmAe8fJwMIuIbeX9Kf', 'jZpp5aIkL5DUHdMmI7HQBPJ6EmvQxikeAD4IAgyMBLIyLX0x1fcGkG6MTlxst0p7C61krxBu4e1dGyIgXSrjFGo1hTvqR', 'pXBe9HFDtAdZotphcgbdt1jtfMAXkED5dptTH1HtOoBwh5VCyGpNPIeDaGpQRtHO5QEcup2bma2XS7Ndj7k2FVaPEumb1', 'Q1EltKwM1R3yq1zXEHilAmDHGT4S5fhl21UG'
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeMemory allocated: F20000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeMemory allocated: 1AB00000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeWindow / User API: threadDelayed 9771Jump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exe TID: 2516Thread sleep time: -8301034833169293s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exe TID: 3592Thread sleep count: 9771 > 30Jump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exe TID: 3592Thread sleep count: 80 > 30Jump to behavior
            Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: Dm35sdidf3.exe, 00000000.00000002.4175419627.0000000000CBF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

            Anti Debugging

            barindex
            Found potential dummy code loops (likely to delay analysis)
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess Stats: CPU usage > 42% for more than 60s
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeProcess token adjusted: DebugJump to behavior
            Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeQueries volume information: C:\Users\user\Desktop\Dm35sdidf3.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
            Source: Dm35sdidf3.exe, 00000000.00000002.4178955324.000000001B997000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
            Source: C:\Users\user\Desktop\Dm35sdidf3.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

            Stealing of Sensitive Information

            barindex
            Yara detected XWorm
            Source: Yara matchFile source: Dm35sdidf3.exe, type: SAMPLE
            Source: Yara matchFile source: 0.0.Dm35sdidf3.exe.7e0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000000.1722575405.00000000007E2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.4175859935.0000000002B01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Dm35sdidf3.exe PID: 6364, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected XWorm
            Source: Yara matchFile source: Dm35sdidf3.exe, type: SAMPLE
            Source: Yara matchFile source: 0.0.Dm35sdidf3.exe.7e0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000000.1722575405.00000000007E2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.4175859935.0000000002B01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Dm35sdidf3.exe PID: 6364, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
            Windows Management Instrumentation            		1
            DLL Side-Loading            		1
            DLL Side-Loading            		1
            Disable or Modify Tools            		OS Credential Dumping221
            Security Software Discovery            		Remote Services11
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts232
            Virtualization/Sandbox Evasion            		LSASS Memory232
            Virtualization/Sandbox Evasion            		Remote Desktop ProtocolData from Removable Media1
            Non-Standard Port            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
            Deobfuscate/Decode Files or Information            		Security Account Manager1
            Application Window Discovery            		SMB/Windows Admin SharesData from Network Shared Drive1
            Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
            Software Packing            		NTDS13
            System Information Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            DLL Side-Loading            		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Dm35sdidf3.exe76%ReversingLabsByteCode-MSIL.Spyware.AsyncRAT
            Dm35sdidf3.exe68%VirustotalBrowse
            Dm35sdidf3.exe100%AviraHEUR/AGEN.1305769
            Dm35sdidf3.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            92.255.57.1550%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            No contacted domains info

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            92.255.57.155true
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameDm35sdidf3.exe, 00000000.00000002.4175859935.0000000002B01000.00000004.00000800.00020000.00000000.sdmpfalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              92.255.57.155
              		unknownRussian Federation
              		42253TELSPRUtrue

              General Information

              Joe Sandbox version:41.0.0 Charoite
              Analysis ID:1577174
              Start date and time:2024-12-18 08:28:05 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 6m 15s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:5
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:Dm35sdidf3.exe
              renamed because original name is a hash value
              Original Sample Name:a8fa6b364a96838cb435a29c3be5eca12bc29f7079f07157d582c149abe7f385.exe
              Detection:MAL
              Classification:mal100.troj.evad.winEXE@1/0@0/1
              EGA Information:Failed
              HCA Information:
              • Successful, ratio: 95%
              • Number of executed functions: 45
              • Number of non-executed functions: 0
              Cookbook Comments:
              • Found application associated with file extension: .exe
              • Override analysis time to 240000 for current running targets taking high CPU consumption

              Warnings

              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
              • Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.63
              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
              • Execution Graph export aborted for target Dm35sdidf3.exe, PID 6364 because it is empty
              • Not all processes where analyzed, report is missing behavior information

              Simulations

              Behavior and APIs

              TimeTypeDescription
              02:29:15API Interceptor15213789x Sleep call for process: Dm35sdidf3.exe modified

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              92.255.57.155anyrunsample.ps1Get hashmaliciousUnknownBrowse
              • 92.255.57.155/1/1.png
              https://reviewgustereports.com/Get hashmaliciousCAPTCHA Scam ClickFix, XWormBrowse
              • 92.255.57.155/1/1.png

              Domains

              No context

              ASNs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              TELSPRUQP2uO3eN2p.ps1Get hashmaliciousXWormBrowse
              • 92.255.57.155
              WErY5oc4hl.ps1Get hashmaliciousXWormBrowse
              • 92.255.57.155
              NLXwvLjXPh.ps1Get hashmaliciousXWormBrowse
              • 92.255.57.155
              mhqxUdpe7V.ps1Get hashmaliciousXWormBrowse
              • 92.255.57.155
              MiGFg375KJ.exeGet hashmaliciousXWormBrowse
              • 92.255.57.155
              anyrunsample.ps1Get hashmaliciousUnknownBrowse
              • 92.255.57.155
              sEOELQpFOB.lnkGet hashmaliciousRedLineBrowse
              • 92.255.57.75
              ref095vq842r70_classement_atout_france.pdf.lnk.d.lnkGet hashmaliciousRedLine, SectopRATBrowse
              • 92.255.57.75
              fa20b849ebe7c53d59f3ed0fcfac8445ea08e7296af5a.exeGet hashmaliciousStealcBrowse
              • 92.255.57.89
              LXS5itpTK7.exeGet hashmaliciousStealcBrowse
              • 92.255.57.89

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              No created / dropped files found

              Static File Info

              General

              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Entropy (8bit):5.976329883917489
              TrID:
              • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
              • Win32 Executable (generic) a (10002005/4) 49.75%
              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
              • Windows Screen Saver (13104/52) 0.07%
              • Generic Win/DOS Executable (2004/3) 0.01%
              File name:Dm35sdidf3.exe
              File size:51'200 bytes
              MD5:bfc6bd999b1a5247cdbf67c15ba48b1f
              SHA1:322cce6decc4edd6f0f54d5e9f117c83306723ba
              SHA256:a8fa6b364a96838cb435a29c3be5eca12bc29f7079f07157d582c149abe7f385
              SHA512:34d2a828b1b60ed3282354c067b705037b688d951eea3cf4609fb301ba801d118f5f33d4c410b73fc4a2f2d655a686d08da29242988e7e31d421dd8eb0e15461
              SSDEEP:768:GDuqGmxUFYnDTbmjcc9gXV/oGB3eI6kgkbWb8OBPPyQff5+ijuO1h9tK:GyaEUDuAc9gBfYkb6vBPPyi5nuO15K
              TLSH:49337C1837F24126D6FE4FB01CB22213C775A6235927DB5F28C5419B2B57A89CE817F2
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Pg................................. ........@.. ....................... ............@................................

              File Icon

              Icon Hash:90cececece8e8eb0

              Static PE Info

              General

              Entrypoint:0x40dc0e
              Entrypoint Section:.text
              Digitally signed:false
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Time Stamp:0x675011CD [Wed Dec 4 08:24:45 2024 UTC]
              TLS Callbacks:
              CLR (.Net) Version:
              OS Version Major:4
              OS Version Minor:0
              File Version Major:4
              File Version Minor:0
              Subsystem Version Major:4
              Subsystem Version Minor:0
              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

              Entrypoint Preview

              Instruction
              jmp dword ptr [00402000h]
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al

              Data Directories

              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0xdbb80x53.text
              IMAGE_DIRECTORY_ENTRY_RESOURCE0xe0000x4ce.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0x100000xc.reloc
              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

              Sections

              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x20000xbc140xbe00161a01b26be38d852fff9825969e23a1False0.60625data6.08733262296002IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              .rsrc0xe0000x4ce0x6008e419a62ee542690684c0878869e76ecFalse0.3756510416666667data3.7216503306685733IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .reloc0x100000xc0x2000b0a22def20b1a933cae8e2d8f9a571dFalse0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

              Resources

              NameRVASizeTypeLanguageCountryZLIB Complexity
              RT_VERSION0xe0a00x244data0.4724137931034483
              RT_MANIFEST0xe2e40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041

              Imports

              DLLImport
              mscoree.dll_CorExeMain

              Network Behavior

              Suricata IDS Alerts

              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
              2024-12-18T08:29:22.109692+01002858800ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:29:22.543392+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:29:22.639006+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:29:28.547707+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:29:28.547707+01002858801ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:29:33.936263+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:29:33.938497+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:29:45.284392+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:29:45.287137+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:29:56.658278+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:29:56.660581+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:29:58.558934+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:30:08.033325+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:30:08.036000+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:30:10.381009+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:30:10.383606+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:30:16.909054+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:30:16.911657+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:30:17.833181+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:30:17.840505+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:30:18.023857+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:30:18.026386+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:30:18.157021+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:30:18.318761+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:30:20.458969+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:30:20.460971+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:30:28.392168+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:30:28.397882+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:30:28.583125+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:30:29.471655+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:30:29.473752+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:30:33.111800+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:30:33.115987+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:30:33.302503+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:30:33.304491+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:30:33.426536+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:30:33.428673+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:30:33.627517+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:30:38.988157+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:30:38.990723+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:30:43.611594+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:30:43.658601+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:30:43.806539+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:30:43.812883+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:30:43.971773+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:30:44.971607+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:30:44.973790+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:30:46.069632+01002858799ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:30:46.503466+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:30:46.519541+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:30:53.110975+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:30:53.113094+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:30:54.049228+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:30:54.076476+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:30:58.144303+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:30:58.147880+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:30:58.562419+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:30:59.283307+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:30:59.285758+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:30:59.474293+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:30:59.476685+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:30:59.639085+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:30:59.641022+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:31:09.752396+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:31:09.759599+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:31:09.989283+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:31:10.049902+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:31:10.370143+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:31:10.378893+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:31:10.668755+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:31:10.671669+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:31:21.892785+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:31:21.896974+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:31:25.205711+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:31:25.207386+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:31:25.396195+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:31:25.397826+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:31:27.611630+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:31:27.613272+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:31:28.562883+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:31:32.362030+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:31:32.374730+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:31:35.409102+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:31:35.613193+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:31:35.690792+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:31:36.354838+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:31:36.645170+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:31:36.649652+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:31:47.924554+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:31:47.929739+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:31:50.645919+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:31:50.649064+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:31:54.929686+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:31:55.100252+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:31:58.585935+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:01.237234+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:01.239090+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:01.427484+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:01.429149+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:01.551399+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:03.315654+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:03.318172+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:08.080609+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:08.091842+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:10.240246+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:10.251838+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:10.490322+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:10.492996+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:11.658476+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:11.719157+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:11.849402+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:11.854247+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:12.029913+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:12.038087+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:12.165271+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:12.169792+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:20.377155+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:20.379798+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:20.986120+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:20.988206+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:23.346840+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:23.392054+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:23.537740+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:23.539565+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:23.704730+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:23.850180+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:24.005631+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:28.593269+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:28.784292+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:28.785446+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:28.975025+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:28.976198+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:33.772586+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:33.773353+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:33.963309+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:33.964260+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:34.085140+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:34.250280+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:35.205090+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:35.206137+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:35.395795+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:35.397115+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:39.070423+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:39.071454+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:41.612422+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:41.613828+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:44.205862+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:44.209843+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:44.396678+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:44.403282+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:45.986468+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:45.990514+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:53.174093+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:53.175847+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:58.614274+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:59.486669+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:59.487700+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:59.677533+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:59.678221+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:59.798466+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:32:59.799031+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:32:59.993880+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:33:01.104605+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:33:01.145169+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:33:02.267508+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:33:02.272807+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:33:05.971076+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:33:05.978009+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP
              2024-12-18T08:33:08.772100+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.449730TCP
              2024-12-18T08:33:08.772915+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.44973092.255.57.1554411TCP

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Dec 18, 2024 08:29:10.430937052 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:29:10.551002026 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:29:10.551337957 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:29:10.733361006 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:29:10.853096962 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:29:22.109692097 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:29:22.229495049 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:29:22.543391943 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:29:22.598637104 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:29:22.639005899 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:29:22.758771896 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:29:28.547707081 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:29:28.598673105 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:29:33.501486063 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:29:33.621470928 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:29:33.936263084 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:29:33.938497066 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:29:34.058144093 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:29:44.850054979 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:29:44.969783068 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:29:45.284392118 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:29:45.287137032 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:29:45.406774044 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:29:56.224457026 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:29:56.344151020 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:29:56.658277988 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:29:56.660581112 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:29:56.780209064 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:29:58.558933973 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:29:58.614468098 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:07.599381924 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:07.719281912 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:08.033324957 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:08.036000013 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:08.155749083 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:09.933649063 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:10.053798914 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:10.381009102 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:10.383605957 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:10.503257990 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:16.472309113 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:16.592222929 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:16.909054041 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:16.911657095 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:17.032299995 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:17.396009922 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:17.515563011 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:17.515619993 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:17.635023117 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:17.833180904 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:17.840504885 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:17.960201979 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:18.023857117 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:18.026386023 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:18.146105051 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:18.151226997 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:18.157021046 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:18.318420887 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:18.318761110 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:18.438920021 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:20.021172047 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:20.143548012 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:20.458969116 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:20.460971117 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:20.580708027 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:27.958409071 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:28.078362942 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:28.392168045 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:28.397881985 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:28.517633915 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:28.583125114 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:28.630179882 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:29.037142038 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:29.157259941 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:29.471654892 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:29.473752022 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:29.593455076 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:32.677494049 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:32.797082901 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:32.797151089 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:32.916841030 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:32.916907072 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:33.036504030 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:33.111799955 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:33.115987062 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:33.235498905 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:33.302503109 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:33.304491043 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:33.424243927 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:33.426536083 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:33.428673029 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:33.590487003 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:33.615207911 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:33.627516985 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:33.747124910 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:33.747564077 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:33.867212057 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:38.553771973 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:38.673726082 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:38.988157034 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:38.990722895 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:39.110817909 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:43.177217007 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:43.297375917 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:43.297550917 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:43.417418957 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:43.417654991 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:43.538105965 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:43.538311005 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:43.611593962 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:43.658468008 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:43.658601046 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:43.778374910 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:43.806539059 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:43.812882900 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:43.969769955 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:43.971772909 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:43.993695974 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:43.993923903 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:44.114000082 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:44.114129066 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:44.123739958 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:44.179541111 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:44.278593063 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:44.278811932 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:44.398854971 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:44.537949085 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:44.657804966 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:44.971606970 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:44.973789930 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:45.093585968 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:46.069632053 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:46.189340115 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:46.503465891 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:46.519541025 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:46.639173985 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:52.677301884 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:52.796892881 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:53.110975027 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:53.113094091 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:53.232687950 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:53.615036964 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:53.734707117 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:54.049227953 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:54.076476097 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:54.196057081 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:57.709744930 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:57.829529047 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:58.144303083 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:58.147880077 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:58.267873049 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:58.562418938 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:58.615559101 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:58.849621058 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:58.969264030 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:59.005558968 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:59.125540018 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:59.125750065 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:59.245611906 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:59.283307076 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:59.285758018 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:59.405303001 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:59.474292994 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:59.476685047 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:59.639070988 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:59.639085054 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:30:59.641021967 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:30:59.831496000 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:09.317998886 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:09.437927008 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:09.438107967 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:09.557704926 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:09.752396107 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:09.759598970 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:09.879407883 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:09.927692890 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:09.989283085 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:10.037718058 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:10.047362089 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:10.049901962 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:10.070333004 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:10.115391016 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:10.210262060 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:10.217780113 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:10.337563992 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:10.370142937 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:10.378892899 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:10.542263031 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:10.668755054 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:10.671669006 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:10.791234970 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:21.458600998 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:21.578773975 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:21.892785072 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:21.896974087 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:22.016681910 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:24.771534920 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:24.891521931 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:24.891733885 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:25.011614084 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:25.205710888 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:25.207386017 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:25.327188015 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:25.396194935 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:25.397825956 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:25.517765999 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:27.177689075 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:27.297593117 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:27.611629963 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:27.613271952 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:27.732969046 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:28.562882900 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:28.615617990 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:31.927412033 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:32.047214985 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:32.362030029 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:32.374730110 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:32.494642019 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:34.974402905 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:35.094305038 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:35.094527006 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:35.215267897 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:35.215415955 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:35.335459948 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:35.335546970 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:35.409101963 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:35.409274101 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:35.456067085 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:35.456243992 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:35.529217958 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:35.529401064 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:35.576137066 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:35.613193035 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:35.661442041 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:35.690586090 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:35.690792084 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:35.720262051 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:35.725814104 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:35.804442883 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:35.807014942 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:35.810877085 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:35.815853119 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:35.927051067 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:35.927383900 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:35.935971975 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:35.953491926 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:36.007751942 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:36.113782883 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:36.115906954 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:36.353194952 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:36.353293896 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:36.354837894 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:36.474870920 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:36.475198984 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:36.595133066 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:36.645169973 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:36.649652004 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:36.769785881 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:47.490266085 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:47.610133886 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:47.924554110 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:47.929738998 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:48.050508976 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:50.211658001 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:50.331432104 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:50.645919085 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:50.649064064 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:50.768843889 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:54.494266033 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:54.614027977 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:54.929686069 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:54.989754915 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:55.100251913 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:31:55.220091105 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:58.585935116 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:31:58.630498886 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:00.802381039 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:00.922007084 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:00.922075033 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:01.042212009 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:01.237234116 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:01.239089966 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:01.358592033 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:01.427484035 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:01.429148912 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:01.548696995 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:01.549680948 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:01.551398993 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:01.714104891 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:01.714190006 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:01.833801985 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:02.880824089 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:03.000466108 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:03.315654039 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:03.318171978 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:03.438129902 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:07.646323919 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:07.766041994 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:08.080609083 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:08.091841936 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:08.211564064 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:09.803694010 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:09.925206900 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:10.055847883 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:10.176429033 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:10.240246058 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:10.251837969 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:10.371485949 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:10.490322113 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:10.492995977 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:10.612771034 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:11.224376917 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:11.344449997 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:11.344532967 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:11.464363098 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:11.599452019 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:11.658476114 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:11.708528042 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:11.719084978 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:11.719156981 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:11.838757038 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:11.849401951 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:11.854247093 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:12.014141083 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:12.029912949 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:12.038086891 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:12.158262014 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:12.165271044 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:12.169791937 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:12.330235958 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:19.943124056 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:20.063095093 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:20.377155066 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:20.379797935 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:20.499679089 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:20.536972046 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:20.656760931 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:20.986119986 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:20.988205910 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:21.112925053 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:22.912446022 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:23.032104015 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:23.032310009 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:23.152095079 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:23.152302027 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:23.272075891 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:23.272241116 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:23.346839905 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:23.391874075 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:23.392054081 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:23.511945009 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:23.537739992 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:23.539565086 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:23.702181101 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:23.702914000 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:23.704730034 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:23.728498936 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:23.728566885 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:23.824325085 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:23.831847906 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:23.848328114 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:23.850179911 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:23.896258116 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:23.998140097 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:24.005630970 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:24.125421047 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:28.208801031 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:28.328742981 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:28.331935883 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:28.451668978 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:28.593269110 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:28.646116018 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:28.784291983 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:28.785445929 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:28.905186892 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:28.975024939 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:28.976197958 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:29.097579002 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:33.333784103 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:33.453624964 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:33.453825951 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:33.573498964 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:33.573642969 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:33.693260908 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:33.772586107 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:33.773353100 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:33.892981052 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:33.963309050 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:33.964260101 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:34.084081888 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:34.084150076 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:34.085139990 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:34.250132084 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:34.250279903 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:34.275124073 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:34.318039894 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:34.370289087 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:34.370444059 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:34.490282059 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:34.771194935 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:34.890938997 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:34.890995979 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:35.010674953 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:35.205090046 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:35.206136942 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:35.325879097 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:35.395795107 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:35.397114992 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:35.516696930 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:38.635906935 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:38.755916119 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:39.070422888 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:39.071454048 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:39.191200018 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:41.177695036 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:41.297775984 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:41.612421989 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:41.613827944 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:41.733611107 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:43.771373034 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:43.891158104 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:43.898160934 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:44.017775059 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:44.205862045 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:44.209842920 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:44.329476118 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:44.396677971 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:44.403281927 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:44.520824909 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:44.523051023 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:44.531872034 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:44.651473999 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:45.552623987 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:45.672437906 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:45.986468077 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:45.990514040 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:46.111166000 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:52.740166903 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:52.859944105 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:53.174093008 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:53.175847054 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:53.295594931 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:58.614274025 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:58.661932945 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:59.052544117 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:59.172646046 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:59.172710896 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:59.292346954 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:59.292418957 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:59.412065029 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:59.486669064 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:59.487699986 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:59.607395887 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:59.677532911 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:59.678220987 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:59.798465967 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:59.798624039 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:59.799031019 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:32:59.918620110 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:59.989315987 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:32:59.993880033 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:33:00.113591909 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:33:00.116096020 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:33:00.237526894 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:33:00.239867926 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:33:00.359608889 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:33:01.104604959 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:33:01.145169020 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:33:01.265286922 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:33:01.833807945 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:33:01.953877926 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:33:02.267508030 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:33:02.272806883 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:33:02.392586946 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:33:05.537020922 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:33:05.657001972 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:33:05.971076012 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:33:05.978008986 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:33:06.097732067 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:33:08.338084936 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:33:08.457803965 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:33:08.772099972 CET44114973092.255.57.155192.168.2.4
              Dec 18, 2024 08:33:08.772914886 CET497304411192.168.2.492.255.57.155
              Dec 18, 2024 08:33:08.892627001 CET44114973092.255.57.155192.168.2.4

              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              Click to dive into process behavior distribution

              System Behavior

              General

              Target ID:0
              Start time:02:29:02
              Start date:18/12/2024
              Path:C:\Users\user\Desktop\Dm35sdidf3.exe
              Wow64 process (32bit):false
              Commandline:"C:\Users\user\Desktop\Dm35sdidf3.exe"
              Imagebase:0x7e0000
              File size:51'200 bytes
              MD5 hash:BFC6BD999B1A5247CDBF67C15BA48B1F
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000000.1722575405.00000000007E2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
              • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000000.1722575405.00000000007E2000.00000002.00000001.01000000.00000003.sdmp, Author: ditekSHen
              • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000002.4175859935.0000000002B01000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
              Reputation:low
              Has exited:false

              Disassembly

              Reset < >

                Executed Functions

                Function 00007FFD9B88A244 Relevance: .9, Instructions: 933COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ba59bf61c22c6ffdfac1c0978d7af0c10ed39eafdf6cd02e1852c62b619a743f
                • Instruction ID: cdaead10db70832fa8c9965282f89e8f5de79a11b80432dcb8868b0d50490eaa
                • Opcode Fuzzy Hash: ba59bf61c22c6ffdfac1c0978d7af0c10ed39eafdf6cd02e1852c62b619a743f
                • Instruction Fuzzy Hash: A9625520F1D90E5BEBA8FBA88465A7972D2FF98340B514578D42EC31DADE38F9428741
                Function 00007FFD9B888339 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID: {(;
                • API String ID: 0-2678964553
                • Opcode ID: 8e7ff7e4959765174d8615e886f0a6171bf898a269c6d9bd37d6e20d34672026
                • Instruction ID: 2675f7ae613c9cbc23479718591e52d6955679114feef437001a0f0f3594ab7c
                • Opcode Fuzzy Hash: 8e7ff7e4959765174d8615e886f0a6171bf898a269c6d9bd37d6e20d34672026
                • Instruction Fuzzy Hash: F6412930B4EA498FE746EB7CC8669A977F0FF5A314B4001B6D018C71A6DA39B842C741
                Function 00007FFD9B888021 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID: d
                • API String ID: 0-2564639436
                • Opcode ID: 407e9a842f13f8ed6a5802fcf1a8b83ada4d4ca58b6ca2a17af400169d0fb6a8
                • Instruction ID: 25b509e710b436994e39bea4220696409876d52728ffdcf1f902b4540bb25a53
                • Opcode Fuzzy Hash: 407e9a842f13f8ed6a5802fcf1a8b83ada4d4ca58b6ca2a17af400169d0fb6a8
                • Instruction Fuzzy Hash: 1921D431E0EA5A4FEB109FB8C8156E9BBE0EF49310F0601BAD469D71A2CB3C59458791
                Function 00007FFD9B8811B0 Relevance: .4, Instructions: 408COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7be7b3b74edf2a72623e43be78e2b0e3babc765c0a14e9f2671ca5eecfe80aeb
                • Instruction ID: 638a99c9ae3cd61dbdd6a1196fe65dcf1a389a404b94599854e9fe5a4b01f8a7
                • Opcode Fuzzy Hash: 7be7b3b74edf2a72623e43be78e2b0e3babc765c0a14e9f2671ca5eecfe80aeb
                • Instruction Fuzzy Hash: FCD1F571B19D1D8FD7A8EB68D4A8A6477E1FF9C350B4105B9E06DC72E6CE34B8018741
                Function 00007FFD9B8828FA Relevance: .4, Instructions: 356COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d0105afb373664230a26f2359d06508bd457a7c580a8836fca669132c7900a01
                • Instruction ID: 0e01faefa4a18b7e17c5407e31d112ed8a4690486a96ccbf5cd4e2608ea1d4b2
                • Opcode Fuzzy Hash: d0105afb373664230a26f2359d06508bd457a7c580a8836fca669132c7900a01
                • Instruction Fuzzy Hash: B3A1B8647189198BE749BBACE865BF9B3D2FFA8740F500176E01DC36DADD28BC428351
                Function 00007FFD9B88120F Relevance: .3, Instructions: 338COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6a8d2dc07d77f5e1fd5a045ee37833430f268c3ad3b2ed104a0fe24a54f28353
                • Instruction ID: 133c939b65cdc5a3c058518c2457ef54310a5abaf512a26ab60cfb6d33ebc4b9
                • Opcode Fuzzy Hash: 6a8d2dc07d77f5e1fd5a045ee37833430f268c3ad3b2ed104a0fe24a54f28353
                • Instruction Fuzzy Hash: B2A13C43F0EAE64BE32677B878354F96F50DF8972470941BBD0AC8B0E7DC1869468395
                Function 00007FFD9B882361 Relevance: .3, Instructions: 313COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 56570b3ee640990788963ec16a3490f9bd5f15d3c8756a76d0a97f00d407942f
                • Instruction ID: bf91ff196f0a29df32b69edda2690742b38646220746d3235bda1204e6085bc9
                • Opcode Fuzzy Hash: 56570b3ee640990788963ec16a3490f9bd5f15d3c8756a76d0a97f00d407942f
                • Instruction Fuzzy Hash: 42912C62F0DD4D0FE7A9ABA844796B9A7D1FF98390F5401BAD06DC32D7DE3868028741
                Function 00007FFD9B888B89 Relevance: .3, Instructions: 278COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5825a8dccdd63cb75c629ab8d724fabfdaa4f4881bb1d5ecfccdd28c22da4172
                • Instruction ID: 6648cd88a57de07ec608fa0fef99e3c6c381417222f72e3aac4a383e8f57f1a2
                • Opcode Fuzzy Hash: 5825a8dccdd63cb75c629ab8d724fabfdaa4f4881bb1d5ecfccdd28c22da4172
                • Instruction Fuzzy Hash: 9F912771F0EE4E4FE7A8EB78886566477E2EF58310F4502B6D029C71E6DE38A9078341
                Function 00007FFD9B882396 Relevance: .3, Instructions: 274COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cc2c91cffde49f5e87547715429c3e99299b647cc31cb97d1727f954a153ec4b
                • Instruction ID: ef7dbb43d4af8acc9ab49e53f04eb033241e930d6cbc7e9049e7c9be2bedeaac
                • Opcode Fuzzy Hash: cc2c91cffde49f5e87547715429c3e99299b647cc31cb97d1727f954a153ec4b
                • Instruction Fuzzy Hash: BC814D61F0DD4E4FE7A9AB784479669A7D1FF98390F4401BAD06DC32D7DE38A8028741
                Function 00007FFD9B8888D0 Relevance: .3, Instructions: 267COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ffc12e43d523b7f87316e9ae9d71d609c172796e337cd19b8b4691aef3bfd6d8
                • Instruction ID: 8e29390d402bc0779d63df6a71eb6fc352e81a8c2503af98c77c53cb12fa69a6
                • Opcode Fuzzy Hash: ffc12e43d523b7f87316e9ae9d71d609c172796e337cd19b8b4691aef3bfd6d8
                • Instruction Fuzzy Hash: 61212861A1EACE0FE745EBA888B95E97F71FF49240B4501F7D069DB1E3DD2819468301
                Function 00007FFD9B88810D Relevance: .2, Instructions: 223COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6ff08e028f32e2012da9fcd71e73265ae16fb2efb2d008e40b43688b20a0637f
                • Instruction ID: 42019ff28c3bc137091478a11ed6337c70ef0616959b44f42bc1b676f83b3730
                • Opcode Fuzzy Hash: 6ff08e028f32e2012da9fcd71e73265ae16fb2efb2d008e40b43688b20a0637f
                • Instruction Fuzzy Hash: 05619131A08A0D8FDB58DF68D855BEDB7F1FF58310F10426AD45DD3296DA34A9428B81
                Function 00007FFD9B880925 Relevance: .2, Instructions: 213COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f7b4867464763bb4196fba17ef4f01a6abbadc1db850990ebb0ebf870e91b67f
                • Instruction ID: 556f7b1282ece60f45bf24df0cda9eb70c4b1f72242e51fe91d93b1a76f6a6da
                • Opcode Fuzzy Hash: f7b4867464763bb4196fba17ef4f01a6abbadc1db850990ebb0ebf870e91b67f
                • Instruction Fuzzy Hash: 2A51D821B29E4E0FD798BB7898795B97BD2FF8865078005B9E01EC32DBDD3869018341
                Function 00007FFD9B881D18 Relevance: .2, Instructions: 205COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d43c28a7d54adabb1c9f847800474b61b1c870bac09fa28d23f7bb0c09b84586
                • Instruction ID: c3cad0309002896f9e3483760bf89e89d6e20a13735215f34c2dd9ecea668f97
                • Opcode Fuzzy Hash: d43c28a7d54adabb1c9f847800474b61b1c870bac09fa28d23f7bb0c09b84586
                • Instruction Fuzzy Hash: AE610C30E0DA8A4FE756E77484716A97BE1EF5A320F1902B9D069C71E7CE3C6842C751
                Function 00007FFD9B883DBC Relevance: .2, Instructions: 199COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4baf61019602648145c0d02021ba41cf0b3a43bb57bdfc3800a7dbd4d0d06c9f
                • Instruction ID: 4d9f052e08281f031452f2676f6ac7445bb29d3e03b2ea089003a89376ae01c0
                • Opcode Fuzzy Hash: 4baf61019602648145c0d02021ba41cf0b3a43bb57bdfc3800a7dbd4d0d06c9f
                • Instruction Fuzzy Hash: 01518530908A1C8FDB58DF58D855BE9BBF1FF59310F1082AAD44DD3252DE34A9858F81
                Function 00007FFD9B888E41 Relevance: .2, Instructions: 197COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7979115709f2ddd387489cf88928048df0ffe364315798bbd9bc09af777619ac
                • Instruction ID: 06f5060cc595d71c8adb6ebdb4ea9b87050e7ae660ffd2c22ed7462db2664a19
                • Opcode Fuzzy Hash: 7979115709f2ddd387489cf88928048df0ffe364315798bbd9bc09af777619ac
                • Instruction Fuzzy Hash: 7F51C530B1994D8FEB95EB68C865AB977F2FF99304F4140B9E01DC32E6CE38A9418741
                Function 00007FFD9B8890CD Relevance: .2, Instructions: 185COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 363bf106f6bab7a0b5f4f4e953e4b0cdad150a7bb6ae7a89f06a27058ee211fd
                • Instruction ID: a4591551fcd3d4f02d7d5bafa97936846da1c69a3aacecd048aea2e43e334133
                • Opcode Fuzzy Hash: 363bf106f6bab7a0b5f4f4e953e4b0cdad150a7bb6ae7a89f06a27058ee211fd
                • Instruction Fuzzy Hash: EC510531B09A4D4FDB95EB78D869AE977E1EF49310F0501BAE01DC72E2CE28AD42C741
                Function 00007FFD9B8813C5 Relevance: .2, Instructions: 181COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b1da776aa82f12e905908f9ad7b058959458eee981a3c6f7b97dcbeaa4c35878
                • Instruction ID: 7c76f4dfeb74c9a74b69570427655f8e5282f88e520d54072adf3fb5eaf2e30d
                • Opcode Fuzzy Hash: b1da776aa82f12e905908f9ad7b058959458eee981a3c6f7b97dcbeaa4c35878
                • Instruction Fuzzy Hash: D5512683E0FAC91BF76167B858350756F92EF5A650B0944BBD0ECC70E7DD28AE058342
                Function 00007FFD9B881A70 Relevance: .2, Instructions: 164COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 87ec2097deadbd5a2c226c4a9d9b7fcbdeee075bd39f67770a59c8f4d30fc378
                • Instruction ID: 36d2b22b3f0dd3f829f0ffeda121cefa137b77adbb112cf3ff16c9c81bfa48eb
                • Opcode Fuzzy Hash: 87ec2097deadbd5a2c226c4a9d9b7fcbdeee075bd39f67770a59c8f4d30fc378
                • Instruction Fuzzy Hash: D9519174A09A4D8FDB69EF68D469BA977F1FF69311F00016ED00AC36A1DF35A841CB41
                Function 00007FFD9B880B5E Relevance: .2, Instructions: 160COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ef4a5a3630aefa02fc1489e4b49c7bda8d487bdaf142d94f8f76c622fe00a8ec
                • Instruction ID: a447071ecb20fd27aa15e9acbd04b57040f3cd2d8d9f122218bc50a332f0a13c
                • Opcode Fuzzy Hash: ef4a5a3630aefa02fc1489e4b49c7bda8d487bdaf142d94f8f76c622fe00a8ec
                • Instruction Fuzzy Hash: 2A410621B1DA890FE789AB7C98796787BD2EF8A215F0901FBE05DC72E7CD185C068341
                Function 00007FFD9B889120 Relevance: .1, Instructions: 149COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 456da1e26f610005cd309a55ba9c1cac55aef143ad7519230948774863ac515b
                • Instruction ID: 89f9336019de107edd477a400af0b7c5d1a09158948ff1ad6b2090e902b85a8c
                • Opcode Fuzzy Hash: 456da1e26f610005cd309a55ba9c1cac55aef143ad7519230948774863ac515b
                • Instruction Fuzzy Hash: BE417431B1890D4FDB98EB6CD869AA977E1FF9C310F450579E01ED32A6DE34AC418741
                Function 00007FFD9B888471 Relevance: .1, Instructions: 142COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: df73efe43852e08d873cb875f6bafce4a50ba69de67e719d5838a7a7fbbe33cb
                • Instruction ID: 62e535a623ec1bb209439e0cea8c58aa9e9dc7663d4be7ac2ee1e1588d18a693
                • Opcode Fuzzy Hash: df73efe43852e08d873cb875f6bafce4a50ba69de67e719d5838a7a7fbbe33cb
                • Instruction Fuzzy Hash: 5441C331B0994D4FDB95EBA8C469ABD77F1EF5D300B0500BAE41DD32A2EF38A8428711
                Function 00007FFD9B880528 Relevance: .1, Instructions: 138COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4e70161d77692626816d928c9655cd59239d7fe5d76f90f0f6c8a5f0c332cd2e
                • Instruction ID: 95e586c48544d0e7ae0dec7dc417cc85b43cede64a3a33b574588fef5a5c06b3
                • Opcode Fuzzy Hash: 4e70161d77692626816d928c9655cd59239d7fe5d76f90f0f6c8a5f0c332cd2e
                • Instruction Fuzzy Hash: 3A31D621B1994D0FE798AB2C986977866C2EF9C319F4405BEF05EC32EBDE685C028341
                Function 00007FFD9B880E11 Relevance: .1, Instructions: 128COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5f29f1838f6848c94453f305f808d55fab21852b8d35dcae92b5dacf5541cd4c
                • Instruction ID: 828c828bacd237d44642ad974b99e24d3c353ca0e5915465c845346e2a81f461
                • Opcode Fuzzy Hash: 5f29f1838f6848c94453f305f808d55fab21852b8d35dcae92b5dacf5541cd4c
                • Instruction Fuzzy Hash: 4F31C351B19D094FEB44BBAC582A7BD66D2EF98711F0402B7E01DC32D6DE28A8418341
                Function 00007FFD9B880CC1 Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 48efcf13a84157f211f2e239a8c028ea2fa37601251bceb9e5255b112b72495f
                • Instruction ID: 6e623fd2b5afd4f8efdf5bdc94eda8330a2021e8f473b5919ba07fa3610158c9
                • Opcode Fuzzy Hash: 48efcf13a84157f211f2e239a8c028ea2fa37601251bceb9e5255b112b72495f
                • Instruction Fuzzy Hash: E541D320F19A4D8FEB59EBB8D8756B97BB2FF98300F5005B5D019C32CADD3868018741
                Function 00007FFD9B8804FA Relevance: .1, Instructions: 117COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4ab3220961efecf06a1231f290fe1536876354309ee435c89e1c3eac3f28930c
                • Instruction ID: 86a0aec19c6adab616610023c95a10e5c1557638aa627cf14420f778c4b1dd7b
                • Opcode Fuzzy Hash: 4ab3220961efecf06a1231f290fe1536876354309ee435c89e1c3eac3f28930c
                • Instruction Fuzzy Hash: A3315C0BB0E9A10BE721A35DB8751E87B90DFC163630905B7D298CA0A7E814AD4B83B1
                Function 00007FFD9B880E30 Relevance: .1, Instructions: 116COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 85c2810ea4fe03758e6d0dcc9d99e3ef5cb14f61644a3204a4a7a07651d54496
                • Instruction ID: 19e23913d56bc41bac7c85472ccce2b2ad1a76e7ae7f3f3fbf888fca06daf9aa
                • Opcode Fuzzy Hash: 85c2810ea4fe03758e6d0dcc9d99e3ef5cb14f61644a3204a4a7a07651d54496
                • Instruction Fuzzy Hash: 58318451B18D094BFB98BBBC586A7FD66D2EFD8751F00017AE02DC32DAEE28AC414751
                Function 00007FFD9B8898B5 Relevance: .1, Instructions: 102COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cc4d90f0312b8db2848b21c77e85fda099e41e4e332eda2be9fc194cd3de3cab
                • Instruction ID: 8080d699f489f8c990f9ebabf51442326eb0eaf9b57a8f39085a48d5fd8f1380
                • Opcode Fuzzy Hash: cc4d90f0312b8db2848b21c77e85fda099e41e4e332eda2be9fc194cd3de3cab
                • Instruction Fuzzy Hash: 3531A17050D7489FDB19DBA8D846BEABBF0FF56320F0482AFD089C7562D764A406CB51
                Function 00007FFD9B8879D0 Relevance: .1, Instructions: 98COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 207503d2320679425f348722ea9e1bc691b5c2524b8d0b7736f0db1d5bd8566f
                • Instruction ID: bb5d7727c9e6a4f50002eb2371329ea164074be20941c21b97dfc178faf0586a
                • Opcode Fuzzy Hash: 207503d2320679425f348722ea9e1bc691b5c2524b8d0b7736f0db1d5bd8566f
                • Instruction Fuzzy Hash: 33213531B0DA9C4FEB55EBA898163E9B7E0EF59320F0401B6D05DC31A6DA2869024791
                Function 00007FFD9B88926A Relevance: .1, Instructions: 92COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9f84720c871f7445c81bcdbca141983c7923965f23e8d24af6a65b7a29d2140c
                • Instruction ID: facddfc29480f6ad160dcd16c8ccff2b60427f8b25877cb5d72bfedafeae55f1
                • Opcode Fuzzy Hash: 9f84720c871f7445c81bcdbca141983c7923965f23e8d24af6a65b7a29d2140c
                • Instruction Fuzzy Hash: 18212831F09D1D4FEB68DB6884A96BDB2E1EF98350F40157EE02ED31E6CE3869418741
                Function 00007FFD9B882662 Relevance: .1, Instructions: 82COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 782de4a59513503c7cce41b8de18581352e8afb7d2c66b2d6a01773a99515f39
                • Instruction ID: 68bf0dfbbc796490b52e57228af4259fe26f30a7ff2e0ccbde44cef674658be6
                • Opcode Fuzzy Hash: 782de4a59513503c7cce41b8de18581352e8afb7d2c66b2d6a01773a99515f39
                • Instruction Fuzzy Hash: B9113A51B1DD4A0BE76CAB9C68366BAA6C2FF8C390B504179D45EC32D7DE386D020381
                Function 00007FFD9B88189D Relevance: .1, Instructions: 80COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 339bfec94d111801cba23b8c7c85f6513a9d93cad1f24442fe7cde8e567d4f1f
                • Instruction ID: 22250d0c4db6a9cfda0dfb8c3031142903cb222333c65d626de1fe8428db6676
                • Opcode Fuzzy Hash: 339bfec94d111801cba23b8c7c85f6513a9d93cad1f24442fe7cde8e567d4f1f
                • Instruction Fuzzy Hash: 6C21F871A0D9494FE724BBA8C86567037A0EF5D360B8900B5C01CCB1E2EE38A5068791
                Function 00007FFD9B8817E5 Relevance: .1, Instructions: 78COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e7d0b27a65b4d22b7ced7a60cb91f3ac231c5d58ea87f54499cd7a27c6376460
                • Instruction ID: 1d755cb12265e31624d31fefc0720f449ad7f248b3efbedd308a93fb29eebcde
                • Opcode Fuzzy Hash: e7d0b27a65b4d22b7ced7a60cb91f3ac231c5d58ea87f54499cd7a27c6376460
                • Instruction Fuzzy Hash: 72210320F1E94E8BF775B7B594362783692AF5D750F120079D02DC61E7EE3C69818351
                Function 00007FFD9B8897D9 Relevance: .1, Instructions: 77COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 95e862cfecd4afcaf5732d92ad02dad160f7cfc6c0930aabf8acaa95ba3414f9
                • Instruction ID: 15b882816072dae7c26fc00457538938d672186e271be39cd79bc5f59a14e7b6
                • Opcode Fuzzy Hash: 95e862cfecd4afcaf5732d92ad02dad160f7cfc6c0930aabf8acaa95ba3414f9
                • Instruction Fuzzy Hash: 99212B20B4E98E0FE7559BA448396FA3BE1EF8E314F0540B6E199C31A7CD2C99428351
                Function 00007FFD9B8896C1 Relevance: .1, Instructions: 77COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4175cee6e93b846cd9d60b8a45d7bdab18c4f0ef779a3c5f0faeca314afb1452
                • Instruction ID: 02e148112d22040451d132c22c10d569b3353c871eef42257a39ad77d97c1c2e
                • Opcode Fuzzy Hash: 4175cee6e93b846cd9d60b8a45d7bdab18c4f0ef779a3c5f0faeca314afb1452
                • Instruction Fuzzy Hash: 1021F350B1D9998BE74ABBA8A83ABF977D1FF58310F5105B6E028C32D7DD2869018342
                Function 00007FFD9B881200 Relevance: .1, Instructions: 66COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1809a5c357bc4982bda5498fca504b4a3fb03664c7ad878ae4daf8f6a7c48472
                • Instruction ID: 709775be1e6c2f9db39ac7bdbf09d8fdbd01597e06d20b82c3e85794e67d0c18
                • Opcode Fuzzy Hash: 1809a5c357bc4982bda5498fca504b4a3fb03664c7ad878ae4daf8f6a7c48472
                • Instruction Fuzzy Hash: BB11C860B19D1D8BEB59BBACA82ABF972D5FF58710F5105B5F02DC32C6DD2879018382
                Function 00007FFD9B8816D1 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8e1ac42d8c0e3fa4f2fbd334b73562a28f6f32fd48a53089b83cb43ad53e00f7
                • Instruction ID: 97e2f072d57fc8e5655bdc663b02743df950ec4ad29b4375822e68a44680161e
                • Opcode Fuzzy Hash: 8e1ac42d8c0e3fa4f2fbd334b73562a28f6f32fd48a53089b83cb43ad53e00f7
                • Instruction Fuzzy Hash: 1801D2B1909A8D4FD75EEF2884692B93FF0FF69240B4440AFD099D76A2DE7421418705
                Function 00007FFD9B887F61 Relevance: .1, Instructions: 52COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dfe931f6e37f866f3907387c34a2a961e23f6f68b322772b89043d898602c6d6
                • Instruction ID: 22bc54262cb13ad1a485dc7eb7ee9d272e7461c6eea44228cdf294437fb69566
                • Opcode Fuzzy Hash: dfe931f6e37f866f3907387c34a2a961e23f6f68b322772b89043d898602c6d6
                • Instruction Fuzzy Hash: 6901C471E0AA9D4FEB41EFA888255ED7BF1EF19301F4101ABD028C61E7EB3899548742
                Function 00007FFD9B88A14D Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a6278cf49c8d5590dcd7a35c349199643345ef51d10e216da71d34063feff26a
                • Instruction ID: 2ee9105b650406852c627cc86ccce6b55592a6805e4ca0b6f5fc2dcde20f48e6
                • Opcode Fuzzy Hash: a6278cf49c8d5590dcd7a35c349199643345ef51d10e216da71d34063feff26a
                • Instruction Fuzzy Hash: F401845955F6CD6FDB235B7448304A67F64AE43214B0915EBD0E9CB0E3D52C1519C342
                Function 00007FFD9B888C1D Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b89b1e4f734a5332c83e3c5ad3ec24daf5657f32e41b63989089da9bf3348896
                • Instruction ID: dcab861ecaa3809fa680545b8e5549a19f653e1d33265859dacfb8b1d80bc8a8
                • Opcode Fuzzy Hash: b89b1e4f734a5332c83e3c5ad3ec24daf5657f32e41b63989089da9bf3348896
                • Instruction Fuzzy Hash: 5D01D630F0AD0B4BF79CFB7858666A47252EF08355F8006B9E42EC21DBDD29B50742D1
                Function 00007FFD9B88176D Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f00f07a86354adf7b007fa90b763f1678e1df804f8c597cd09fbc13219be033f
                • Instruction ID: cc43b01a914eb7f91823972556553b1acf844e388cf9e97e06bb9504f2d136ee
                • Opcode Fuzzy Hash: f00f07a86354adf7b007fa90b763f1678e1df804f8c597cd09fbc13219be033f
                • Instruction Fuzzy Hash: 4CF0F440F1E98E4FF77577B8483A2782682AF5D344F4600BDD169C62EBDE6C68418302
                Function 00007FFD9B881848 Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 391a326c1e3fae3e170f96b82ebafae063fc1dce4da7ce918deff847d235ff30
                • Instruction ID: 2005206af4958340dd52ef868f2ded4e73517858578077b7caa0605c7e88b605
                • Opcode Fuzzy Hash: 391a326c1e3fae3e170f96b82ebafae063fc1dce4da7ce918deff847d235ff30
                • Instruction Fuzzy Hash: 9DF0D130E0D80A4BE365EB64D46267473A2AFAD320F410634D02DC31E1DF38B9828680
                Function 00007FFD9B881551 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 48348ad8cab64320a032577bf9bf861e6d49003bbf6ef7b73461be53fb912a82
                • Instruction ID: 7ccf4b84a04c2d1b00cd11e8faead315cd8800595eeb4eba97470bcf98a81785
                • Opcode Fuzzy Hash: 48348ad8cab64320a032577bf9bf861e6d49003bbf6ef7b73461be53fb912a82
                • Instruction Fuzzy Hash: 4DE02635C0E7CD4FDB226F5448320D57F20FF19600F4611CBE45846052DA20A6044382
                Function 00007FFD9B88A1A5 Relevance: .0, Instructions: 26COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c2371e3368e7fb26261de12ec693fe19013f884288711e61d1ace4d6efb925be
                • Instruction ID: a82e4e99c730d60e252685e252aa104ce315fc4697643f8dcdad40ad51342eea
                • Opcode Fuzzy Hash: c2371e3368e7fb26261de12ec693fe19013f884288711e61d1ace4d6efb925be
                • Instruction Fuzzy Hash: A8E08C6585FBCD5FDB235B6849210D8BF70FE12200F4916D7E4A8860A3EA6952298382
                Function 00007FFD9B8805D0 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f5126a02a73db16502306162ad1732f7eae5236e3751eb3d90fee572b05ed999
                • Instruction ID: ac248cec3ef61f89b1c08a6828b5df53fdcd80d3199b3a04abf2a3bd621f9042
                • Opcode Fuzzy Hash: f5126a02a73db16502306162ad1732f7eae5236e3751eb3d90fee572b05ed999
                • Instruction Fuzzy Hash: F3D05E60E1F84E57F37537B15826ABA15A48F8D790F060035E029621E6EEB8264442E1
                Function 00007FFD9B881208 Relevance: .0, Instructions: 8COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4179978294.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffd9b880000_Dm35sdidf3.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 171f5e95479c2d695c9e37bfdb648ea9d0111225c4f9e5625e60cc823d1bfb13
                • Instruction ID: 81920ace79ca41114cd7cd51eaa324650ba5559fd142d2cc19f2e3d59a58917e
                • Opcode Fuzzy Hash: 171f5e95479c2d695c9e37bfdb648ea9d0111225c4f9e5625e60cc823d1bfb13
                • Instruction Fuzzy Hash: 04B01200E57C0F02E424B3F5085606474006B4C250FC21570D439C0095ED5D12980142