Edit tour

Windows Analysis Report
1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe

Overview

General Information

Sample name:1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe
Analysis ID:1598370
MD5:70eaf49a98e12f4d4de3c019c0baad11
SHA1:b48fa964e0c99e49ff2e9d4d74e2ead1457d9dcf
SHA256:38b88caf1dd809c6d77d8addce355a3e35dccab52f15ed67491437a49bace226
Tags:base64-decodedexeuser-abuse_ch
Infos:

Detection

XWorm
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected XWorm
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Contains functionality to log keystrokes (.Net Source)
Found potential dummy code loops (likely to delay analysis)
Joe Sandbox ML detected suspicious sample
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Program does not show much activity (idle)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • cleanup
{
  "C2 url": [
    "85.31.47.24"
  ],
  "Port": 1888,
  "Aes key": "<123456789>",
  "SPL": "<Xwormmm>",
  "Install file": "USB.exe"
}
SourceRuleDescriptionAuthorStrings
1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeJoeSecurity_XWormYara detected XWormJoe Security
    1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exerat_win_xworm_v3Finds XWorm (version XClient, v3) samples based on characteristic stringsSekoia.io
    • 0x6417:$str01: $VB$Local_Port
    • 0x6408:$str02: $VB$Local_Host
    • 0x670c:$str03: get_Jpeg
    • 0x60c7:$str04: get_ServicePack
    • 0x7156:$str05: Select * from AntivirusProduct
    • 0x7354:$str06: PCRestart
    • 0x7368:$str07: shutdown.exe /f /r /t 0
    • 0x741a:$str08: StopReport
    • 0x73f0:$str09: StopDDos
    • 0x74f2:$str10: sendPlugin
    • 0x769e:$str12: -ExecutionPolicy Bypass -File "
    • 0x77c7:$str13: Content-length: 5235
    1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
    • 0x7a34:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
    • 0x7ad1:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
    • 0x7be6:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
    • 0x76e2:$cnc4: POST / HTTP/1.1
    SourceRuleDescriptionAuthorStrings
    00000000.00000000.1469935431.0000000000032000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_XWormYara detected XWormJoe Security
      00000000.00000000.1469935431.0000000000032000.00000002.00000001.01000000.00000003.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
      • 0x7834:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0x78d1:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0x79e6:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0x74e2:$cnc4: POST / HTTP/1.1
      Process Memory Space: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe PID: 2716JoeSecurity_XWormYara detected XWormJoe Security
        SourceRuleDescriptionAuthorStrings
        0.0.1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe.30000.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
          0.0.1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe.30000.0.unpackrat_win_xworm_v3Finds XWorm (version XClient, v3) samples based on characteristic stringsSekoia.io
          • 0x6417:$str01: $VB$Local_Port
          • 0x6408:$str02: $VB$Local_Host
          • 0x670c:$str03: get_Jpeg
          • 0x60c7:$str04: get_ServicePack
          • 0x7156:$str05: Select * from AntivirusProduct
          • 0x7354:$str06: PCRestart
          • 0x7368:$str07: shutdown.exe /f /r /t 0
          • 0x741a:$str08: StopReport
          • 0x73f0:$str09: StopDDos
          • 0x74f2:$str10: sendPlugin
          • 0x769e:$str12: -ExecutionPolicy Bypass -File "
          • 0x77c7:$str13: Content-length: 5235
          0.0.1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe.30000.0.unpackMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
          • 0x7a34:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
          • 0x7ad1:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
          • 0x7be6:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
          • 0x76e2:$cnc4: POST / HTTP/1.1
          No Sigma rule has matched
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-01-24T07:54:23.334394+010028531931Malware Command and Control Activity Detected192.168.2.85000685.31.47.241888TCP

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeAvira: detected
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeMalware Configuration Extractor: Xworm {"C2 url": ["85.31.47.24"], "Port": 1888, "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe"}
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeVirustotal: Detection: 73%Perma Link
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeReversingLabs: Detection: 84%
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeJoe Sandbox ML: detected
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeString decryptor: 85.31.47.24
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeString decryptor: 1888
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeString decryptor: <123456789>
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeString decryptor: <Xwormmm>
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeString decryptor: 23-ene-2025
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeString decryptor: USB.exe
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

          Networking

          barindex
          Source: Network trafficSuricata IDS: 2855924 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.8:49734 -> 85.31.47.24:1888
          Source: Network trafficSuricata IDS: 2853193 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.8:50006 -> 85.31.47.24:1888
          Source: Malware configuration extractorURLs: 85.31.47.24
          Source: global trafficTCP traffic: 192.168.2.8:49706 -> 85.31.47.24:1888
          Source: Joe Sandbox ViewASN Name: CLOUDCOMPUTINGDE CLOUDCOMPUTINGDE
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe, 00000000.00000002.3934920917.0000000002231000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

          Key, Mouse, Clipboard, Microphone and Screen Capturing

          barindex
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe, XLogger.cs.Net Code: KeyboardLayout

          System Summary

          barindex
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe, type: SAMPLEMatched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe, type: SAMPLEMatched rule: Detects AsyncRAT Author: ditekSHen
          Source: 0.0.1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe.30000.0.unpack, type: UNPACKEDPEMatched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
          Source: 0.0.1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe.30000.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
          Source: 00000000.00000000.1469935431.0000000000032000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess Stats: CPU usage > 49%
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeCode function: 0_2_00007FFB4B0474C20_2_00007FFB4B0474C2
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeCode function: 0_2_00007FFB4B0467160_2_00007FFB4B046716
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe, 00000000.00000000.1469956381.000000000003C000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameXClient.exe4 vs 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeBinary or memory string: OriginalFilenameXClient.exe4 vs 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe, type: SAMPLEMatched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe, type: SAMPLEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
          Source: 0.0.1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe.30000.0.unpack, type: UNPACKEDPEMatched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
          Source: 0.0.1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe.30000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
          Source: 00000000.00000000.1469935431.0000000000032000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe, Helper.csCryptographic APIs: 'TransformFinalBlock'
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe, Helper.csCryptographic APIs: 'TransformFinalBlock'
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe, AlgorithmAES.csCryptographic APIs: 'TransformFinalBlock'
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@0/1
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeMutant created: NULL
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeMutant created: \Sessions\1\BaseNamedObjects\ElNqLr9sSzibVsM9
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeVirustotal: Detection: 73%
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeReversingLabs: Detection: 84%
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeSection loaded: avicap32.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeSection loaded: msvfw32.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

          Data Obfuscation

          barindex
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true)
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[1] { Pack[2] }}, (string[])null, (Type[])null, (bool[])null, true)
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe, Messages.cs.Net Code: Plugin System.AppDomain.Load(byte[])
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe, Messages.cs.Net Code: Memory System.AppDomain.Load(byte[])
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe, Messages.cs.Net Code: Memory
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeCode function: 0_2_00007FFB4B0429FA push eax; iretd 0_2_00007FFB4B042A11
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeCode function: 0_2_00007FFB4B042729 pushad ; retf 0_2_00007FFB4B0429D1
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeMemory allocated: 760000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeMemory allocated: 1A230000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWindow / User API: threadDelayed 9144Jump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWindow / User API: threadDelayed 685Jump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe TID: 1568Thread sleep time: -6456360425798339s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe TID: 2944Thread sleep count: 9144 > 30Jump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe TID: 2944Thread sleep count: 685 > 30Jump to behavior
          Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: unknown FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: unknown FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeFile Volume queried: unknown FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe, 00000000.00000002.3936478722.000000001B190000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllW
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess information queried: ProcessInformationJump to behavior

          Anti Debugging

          barindex
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess Stats: CPU usage > 42% for more than 60s
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeProcess token adjusted: DebugJump to behavior
          Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeMemory allocated: page read and write | page guardJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeQueries volume information: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe, 00000000.00000002.3936478722.000000001B190000.00000004.00000020.00020000.00000000.sdmp, 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe, 00000000.00000002.3936478722.000000001B1BC000.00000004.00000020.00020000.00000000.sdmp, 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe, 00000000.00000002.3936478722.000000001B1F7000.00000004.00000020.00020000.00000000.sdmp, 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe, 00000000.00000002.3934258355.00000000004C4000.00000004.00000020.00020000.00000000.sdmp, 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe, 00000000.00000002.3936478722.000000001B1E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

          Stealing of Sensitive Information

          barindex
          Source: Yara matchFile source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe, type: SAMPLE
          Source: Yara matchFile source: 0.0.1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe.30000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.1469935431.0000000000032000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe PID: 2716, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Source: Yara matchFile source: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe, type: SAMPLE
          Source: Yara matchFile source: 0.0.1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe.30000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.1469935431.0000000000032000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe PID: 2716, type: MEMORYSTR
          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
          Windows Management Instrumentation
          1
          DLL Side-Loading
          1
          DLL Side-Loading
          1
          Disable or Modify Tools
          1
          Input Capture
          221
          Security Software Discovery
          Remote Services1
          Input Capture
          1
          Encrypted Channel
          Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts232
          Virtualization/Sandbox Evasion
          LSASS Memory1
          Process Discovery
          Remote Desktop Protocol11
          Archive Collected Data
          1
          Non-Standard Port
          Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
          Deobfuscate/Decode Files or Information
          Security Account Manager232
          Virtualization/Sandbox Evasion
          SMB/Windows Admin SharesData from Network Shared Drive1
          Application Layer Protocol
          Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
          Obfuscated Files or Information
          NTDS1
          Application Window Discovery
          Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
          Software Packing
          LSA Secrets13
          System Information Discovery
          SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          DLL Side-Loading
          Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 1598370 Sample: 1737701404fa7085385bfb79cbd... Startdate: 24/01/2025 Architecture: WINDOWS Score: 100 11 Suricata IDS alerts for network traffic 2->11 13 Found malware configuration 2->13 15 Malicious sample detected (through community Yara rule) 2->15 17 10 other signatures 2->17 5 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe 2 2->5         started        process3 dnsIp4 9 85.31.47.24, 1888, 49706, 49707 CLOUDCOMPUTINGDE Germany 5->9 19 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 5->19 21 Found potential dummy code loops (likely to delay analysis) 5->21 signatures5

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand
          SourceDetectionScannerLabelLink
          1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe73%VirustotalBrowse
          1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe84%ReversingLabsByteCode-MSIL.Spyware.AsyncRAT
          1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe100%AviraTR/Spy.Gen
          1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe100%Joe Sandbox ML
          No Antivirus matches
          No Antivirus matches
          No Antivirus matches
          SourceDetectionScannerLabelLink
          85.31.47.240%Avira URL Cloudsafe

          Download Network PCAP: filteredfull

          No contacted domains info
          NameMaliciousAntivirus DetectionReputation
          85.31.47.24true
          • Avira URL Cloud: safe
          unknown
          NameSourceMaliciousAntivirus DetectionReputation
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe, 00000000.00000002.3934920917.0000000002231000.00000004.00000800.00020000.00000000.sdmpfalse
            high
            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs
            IPDomainCountryFlagASNASN NameMalicious
            85.31.47.24
            unknownGermany
            43659CLOUDCOMPUTINGDEtrue
            Joe Sandbox version:42.0.0 Malachite
            Analysis ID:1598370
            Start date and time:2025-01-24 07:51:12 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 7m 5s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:5
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Sample name:1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe
            Detection:MAL
            Classification:mal100.troj.spyw.evad.winEXE@1/0@0/1
            EGA Information:
            • Successful, ratio: 100%
            HCA Information:
            • Successful, ratio: 98%
            • Number of executed functions: 3
            • Number of non-executed functions: 0
            Cookbook Comments:
            • Found application associated with file extension: .exe
            • Override analysis time to 240000 for current running targets taking high CPU consumption
            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
            • Excluded IPs from analysis (whitelisted): 4.245.163.56, 172.202.163.200, 13.107.246.60
            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
            • Not all processes where analyzed, report is missing behavior information
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.
            TimeTypeDescription
            01:52:19API Interceptor11371383x Sleep call for process: 1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe modified
            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            85.31.47.241737093845fa524ebf195ac8a9f4732d7ce215bdebbbcad650b27a4f718c7cf3432f4a94fc618.dat-decoded.exeGet hashmaliciousXWormBrowse
              17370524479f15d0891d2a1787b99e1cc15981f0e6b8193a68e4b415d1a054aa4ccae688ea843.dat-decoded.exeGet hashmaliciousXWormBrowse
                No context
                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                CLOUDCOMPUTINGDE1737093845fa524ebf195ac8a9f4732d7ce215bdebbbcad650b27a4f718c7cf3432f4a94fc618.dat-decoded.exeGet hashmaliciousXWormBrowse
                • 85.31.47.24
                17370524479f15d0891d2a1787b99e1cc15981f0e6b8193a68e4b415d1a054aa4ccae688ea843.dat-decoded.exeGet hashmaliciousXWormBrowse
                • 85.31.47.24
                New Order Inquiry.exeGet hashmaliciousRemcosBrowse
                • 80.76.51.19
                file.exeGet hashmaliciousDarkVision RatBrowse
                • 85.31.47.116
                Inquiry List.docGet hashmaliciousDarkVision RatBrowse
                • 85.31.47.116
                same.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, Vidar, XWormBrowse
                • 80.76.51.73
                onlysteal.exeGet hashmaliciousDCRatBrowse
                • 185.216.71.25
                WC2SD38tcf.exeGet hashmaliciousStealcBrowse
                • 185.216.71.4
                hidakibest.arm6.elfGet hashmaliciousGafgyt, MiraiBrowse
                • 185.216.71.152
                hidakibest.ppc.elfGet hashmaliciousGafgyt, MiraiBrowse
                • 185.216.71.152
                No context
                No context
                No created / dropped files found
                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Entropy (8bit):5.6115753026156225
                TrID:
                • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                • Win32 Executable (generic) a (10002005/4) 49.75%
                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                • Windows Screen Saver (13104/52) 0.07%
                • Generic Win/DOS Executable (2004/3) 0.01%
                File name:1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe
                File size:36'864 bytes
                MD5:70eaf49a98e12f4d4de3c019c0baad11
                SHA1:b48fa964e0c99e49ff2e9d4d74e2ead1457d9dcf
                SHA256:38b88caf1dd809c6d77d8addce355a3e35dccab52f15ed67491437a49bace226
                SHA512:2bafea3ab77685af33ee7b24ad4b84e6dfec5ea454815b9ccee522246a964ddaec4538d58f1d17090b80daf4a14a7476b35d2215bdaca49ddf8cc873e6ce3377
                SSDEEP:768:vL13A5Uno9RfHWa2B71eo8icHyEWbFb9YyOMhSQXv8M:jxA5Uno9JHWXZeNicHyESFb9YyOM468M
                TLSH:C7F24B48BBA04217D9ED6BF4A97372020274DA13D917EB4E4CD489DB6F23BC48D013EA
                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p:.g................................. ........@.. ....................................@................................
                Icon Hash:00928e8e8686b000
                Entrypoint:0x40a5ee
                Entrypoint Section:.text
                Digitally signed:false
                Imagebase:0x400000
                Subsystem:windows gui
                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Time Stamp:0x67923A70 [Thu Jan 23 12:47:44 2025 UTC]
                TLS Callbacks:
                CLR (.Net) Version:
                OS Version Major:4
                OS Version Minor:0
                File Version Major:4
                File Version Minor:0
                Subsystem Version Major:4
                Subsystem Version Minor:0
                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                Instruction
                jmp dword ptr [00402000h]
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                NameVirtual AddressVirtual Size Is in Section
                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IMPORT0xa5940x57.text
                IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x4d8.rsrc
                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                IMAGE_DIRECTORY_ENTRY_BASERELOC0xe0000xc.reloc
                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                .text0x20000x85f40x86009939b30a11a98c53d22e175a540f888cFalse0.49897971082089554data5.747241922000822IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                .rsrc0xc0000x4d80x6002472af5ddbb53779b7381f16b8b9407bFalse0.3756510416666667data3.7216503306685733IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                .reloc0xe0000xc0x200fd3ac7fbb8a34dc91e775b7c64e87bbcFalse0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                NameRVASizeTypeLanguageCountryZLIB Complexity
                RT_VERSION0xc0a00x244data0.4724137931034483
                RT_MANIFEST0xc2e80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041
                DLLImport
                mscoree.dll_CorExeMain

                Download Network PCAP: filteredfull

                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                2025-01-24T07:53:30.322948+01002855924ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.84973485.31.47.241888TCP
                2025-01-24T07:54:23.334394+01002853193ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.85000685.31.47.241888TCP
                TimestampSource PortDest PortSource IPDest IP
                Jan 24, 2025 07:52:20.363905907 CET497061888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:20.368680000 CET18884970685.31.47.24192.168.2.8
                Jan 24, 2025 07:52:20.368772984 CET497061888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:20.585479021 CET497061888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:20.590280056 CET18884970685.31.47.24192.168.2.8
                Jan 24, 2025 07:52:22.119375944 CET18884970685.31.47.24192.168.2.8
                Jan 24, 2025 07:52:22.119652987 CET497061888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:24.880647898 CET497061888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:24.882673979 CET497071888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:24.885461092 CET18884970685.31.47.24192.168.2.8
                Jan 24, 2025 07:52:24.887809992 CET18884970785.31.47.24192.168.2.8
                Jan 24, 2025 07:52:24.887892008 CET497071888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:24.903960943 CET497071888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:24.909780025 CET18884970785.31.47.24192.168.2.8
                Jan 24, 2025 07:52:26.645775080 CET18884970785.31.47.24192.168.2.8
                Jan 24, 2025 07:52:26.645948887 CET497071888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:29.834497929 CET497071888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:29.838749886 CET497081888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:29.839865923 CET18884970785.31.47.24192.168.2.8
                Jan 24, 2025 07:52:29.844337940 CET18884970885.31.47.24192.168.2.8
                Jan 24, 2025 07:52:29.845392942 CET497081888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:29.875442982 CET497081888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:29.880316019 CET18884970885.31.47.24192.168.2.8
                Jan 24, 2025 07:52:31.573472023 CET18884970885.31.47.24192.168.2.8
                Jan 24, 2025 07:52:31.573545933 CET497081888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:34.849843025 CET497081888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:34.850826979 CET497131888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:34.854712009 CET18884970885.31.47.24192.168.2.8
                Jan 24, 2025 07:52:34.855645895 CET18884971385.31.47.24192.168.2.8
                Jan 24, 2025 07:52:34.856031895 CET497131888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:34.873406887 CET497131888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:34.878221035 CET18884971385.31.47.24192.168.2.8
                Jan 24, 2025 07:52:36.608171940 CET18884971385.31.47.24192.168.2.8
                Jan 24, 2025 07:52:36.608355999 CET497131888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:39.833854914 CET497131888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:39.834572077 CET497161888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:39.838814974 CET18884971385.31.47.24192.168.2.8
                Jan 24, 2025 07:52:39.839636087 CET18884971685.31.47.24192.168.2.8
                Jan 24, 2025 07:52:39.843833923 CET497161888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:39.860208035 CET497161888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:39.865164042 CET18884971685.31.47.24192.168.2.8
                Jan 24, 2025 07:52:41.608114004 CET18884971685.31.47.24192.168.2.8
                Jan 24, 2025 07:52:41.608198881 CET497161888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:44.678242922 CET497161888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:44.683051109 CET18884971685.31.47.24192.168.2.8
                Jan 24, 2025 07:52:44.720272064 CET497171888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:44.725188017 CET18884971785.31.47.24192.168.2.8
                Jan 24, 2025 07:52:44.725296974 CET497171888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:44.882590055 CET497171888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:44.887412071 CET18884971785.31.47.24192.168.2.8
                Jan 24, 2025 07:52:46.463511944 CET18884971785.31.47.24192.168.2.8
                Jan 24, 2025 07:52:46.465554953 CET497171888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:49.677720070 CET497171888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:49.678679943 CET497181888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:49.682626963 CET18884971785.31.47.24192.168.2.8
                Jan 24, 2025 07:52:49.683455944 CET18884971885.31.47.24192.168.2.8
                Jan 24, 2025 07:52:49.683542013 CET497181888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:49.702258110 CET497181888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:49.707086086 CET18884971885.31.47.24192.168.2.8
                Jan 24, 2025 07:52:51.416899920 CET18884971885.31.47.24192.168.2.8
                Jan 24, 2025 07:52:51.417531967 CET497181888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:53.865142107 CET497181888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:53.865871906 CET497191888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:53.869951010 CET18884971885.31.47.24192.168.2.8
                Jan 24, 2025 07:52:53.870620966 CET18884971985.31.47.24192.168.2.8
                Jan 24, 2025 07:52:53.870697021 CET497191888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:53.888231039 CET497191888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:53.893093109 CET18884971985.31.47.24192.168.2.8
                Jan 24, 2025 07:52:55.612152100 CET18884971985.31.47.24192.168.2.8
                Jan 24, 2025 07:52:55.612236977 CET497191888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:58.396306992 CET497191888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:58.398243904 CET497201888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:58.401197910 CET18884971985.31.47.24192.168.2.8
                Jan 24, 2025 07:52:58.403114080 CET18884972085.31.47.24192.168.2.8
                Jan 24, 2025 07:52:58.403203964 CET497201888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:58.422384024 CET497201888192.168.2.885.31.47.24
                Jan 24, 2025 07:52:58.427252054 CET18884972085.31.47.24192.168.2.8
                Jan 24, 2025 07:53:00.161994934 CET18884972085.31.47.24192.168.2.8
                Jan 24, 2025 07:53:00.162246943 CET497201888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:01.755738020 CET497201888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:01.757183075 CET497211888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:01.760601044 CET18884972085.31.47.24192.168.2.8
                Jan 24, 2025 07:53:01.762003899 CET18884972185.31.47.24192.168.2.8
                Jan 24, 2025 07:53:01.762096882 CET497211888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:01.778594971 CET497211888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:01.783458948 CET18884972185.31.47.24192.168.2.8
                Jan 24, 2025 07:53:03.521754980 CET18884972185.31.47.24192.168.2.8
                Jan 24, 2025 07:53:03.521822929 CET497211888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:04.978038073 CET497211888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:04.980079889 CET497221888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:04.983103037 CET18884972185.31.47.24192.168.2.8
                Jan 24, 2025 07:53:04.985069036 CET18884972285.31.47.24192.168.2.8
                Jan 24, 2025 07:53:04.985177040 CET497221888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:05.014857054 CET497221888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:05.019686937 CET18884972285.31.47.24192.168.2.8
                Jan 24, 2025 07:53:06.729485989 CET18884972285.31.47.24192.168.2.8
                Jan 24, 2025 07:53:06.729657888 CET497221888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:07.615117073 CET497221888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:07.616746902 CET497231888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:07.620160103 CET18884972285.31.47.24192.168.2.8
                Jan 24, 2025 07:53:07.621570110 CET18884972385.31.47.24192.168.2.8
                Jan 24, 2025 07:53:07.621648073 CET497231888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:07.638566971 CET497231888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:07.643450022 CET18884972385.31.47.24192.168.2.8
                Jan 24, 2025 07:53:09.375528097 CET18884972385.31.47.24192.168.2.8
                Jan 24, 2025 07:53:09.376590967 CET497231888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:09.693196058 CET497231888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:09.694092035 CET497241888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:09.697976112 CET18884972385.31.47.24192.168.2.8
                Jan 24, 2025 07:53:09.698900938 CET18884972485.31.47.24192.168.2.8
                Jan 24, 2025 07:53:09.698990107 CET497241888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:09.713618040 CET497241888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:09.719253063 CET18884972485.31.47.24192.168.2.8
                Jan 24, 2025 07:53:11.432960033 CET18884972485.31.47.24192.168.2.8
                Jan 24, 2025 07:53:11.433185101 CET497241888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:11.474584103 CET497241888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:11.475368977 CET497251888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:11.479413986 CET18884972485.31.47.24192.168.2.8
                Jan 24, 2025 07:53:11.480300903 CET18884972585.31.47.24192.168.2.8
                Jan 24, 2025 07:53:11.480367899 CET497251888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:11.499345064 CET497251888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:11.504420042 CET18884972585.31.47.24192.168.2.8
                Jan 24, 2025 07:53:13.238223076 CET18884972585.31.47.24192.168.2.8
                Jan 24, 2025 07:53:13.241573095 CET497251888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:13.521569014 CET497251888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:13.522981882 CET497271888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:13.526360035 CET18884972585.31.47.24192.168.2.8
                Jan 24, 2025 07:53:13.527789116 CET18884972785.31.47.24192.168.2.8
                Jan 24, 2025 07:53:13.527883053 CET497271888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:13.548468113 CET497271888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:13.553889990 CET18884972785.31.47.24192.168.2.8
                Jan 24, 2025 07:53:15.270495892 CET18884972785.31.47.24192.168.2.8
                Jan 24, 2025 07:53:15.270654917 CET497271888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:15.974570036 CET497271888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:15.975337029 CET497281888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:15.979545116 CET18884972785.31.47.24192.168.2.8
                Jan 24, 2025 07:53:15.980181932 CET18884972885.31.47.24192.168.2.8
                Jan 24, 2025 07:53:15.980278015 CET497281888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:15.998429060 CET497281888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:16.003351927 CET18884972885.31.47.24192.168.2.8
                Jan 24, 2025 07:53:17.713769913 CET18884972885.31.47.24192.168.2.8
                Jan 24, 2025 07:53:17.713927031 CET497281888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:17.755891085 CET497281888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:17.756689072 CET497291888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:17.760719061 CET18884972885.31.47.24192.168.2.8
                Jan 24, 2025 07:53:17.761560917 CET18884972985.31.47.24192.168.2.8
                Jan 24, 2025 07:53:17.761671066 CET497291888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:17.779246092 CET497291888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:17.784017086 CET18884972985.31.47.24192.168.2.8
                Jan 24, 2025 07:53:19.502497911 CET18884972985.31.47.24192.168.2.8
                Jan 24, 2025 07:53:19.502599955 CET497291888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:19.599658966 CET497291888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:19.601461887 CET497301888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:19.604856968 CET18884972985.31.47.24192.168.2.8
                Jan 24, 2025 07:53:19.606394053 CET18884973085.31.47.24192.168.2.8
                Jan 24, 2025 07:53:19.606743097 CET497301888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:19.663130045 CET497301888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:19.668155909 CET18884973085.31.47.24192.168.2.8
                Jan 24, 2025 07:53:21.339410067 CET18884973085.31.47.24192.168.2.8
                Jan 24, 2025 07:53:21.339509964 CET497301888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:21.460664988 CET497301888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:21.462054968 CET497311888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:21.465600014 CET18884973085.31.47.24192.168.2.8
                Jan 24, 2025 07:53:21.467003107 CET18884973185.31.47.24192.168.2.8
                Jan 24, 2025 07:53:21.467092037 CET497311888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:21.502926111 CET497311888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:21.507879972 CET18884973185.31.47.24192.168.2.8
                Jan 24, 2025 07:53:23.198159933 CET18884973185.31.47.24192.168.2.8
                Jan 24, 2025 07:53:23.201582909 CET497311888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:23.201669931 CET497311888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:23.204018116 CET497321888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:23.206475019 CET18884973185.31.47.24192.168.2.8
                Jan 24, 2025 07:53:23.209007978 CET18884973285.31.47.24192.168.2.8
                Jan 24, 2025 07:53:23.209108114 CET497321888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:23.227580070 CET497321888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:23.232660055 CET18884973285.31.47.24192.168.2.8
                Jan 24, 2025 07:53:24.964706898 CET18884973285.31.47.24192.168.2.8
                Jan 24, 2025 07:53:24.964879036 CET497321888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:30.137367010 CET497321888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:30.142522097 CET18884973285.31.47.24192.168.2.8
                Jan 24, 2025 07:53:30.150648117 CET497341888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:30.155493975 CET18884973485.31.47.24192.168.2.8
                Jan 24, 2025 07:53:30.155601978 CET497341888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:30.214095116 CET497341888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:30.219100952 CET18884973485.31.47.24192.168.2.8
                Jan 24, 2025 07:53:30.322947979 CET497341888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:30.327944040 CET18884973485.31.47.24192.168.2.8
                Jan 24, 2025 07:53:30.631047010 CET497341888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:30.635991096 CET18884973485.31.47.24192.168.2.8
                Jan 24, 2025 07:53:34.337663889 CET497341888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:34.342731953 CET18884973485.31.47.24192.168.2.8
                Jan 24, 2025 07:53:34.802997112 CET497341888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:34.807976961 CET18884973485.31.47.24192.168.2.8
                Jan 24, 2025 07:53:37.833578110 CET18884973485.31.47.24192.168.2.8
                Jan 24, 2025 07:53:37.833667040 CET497341888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:37.833719969 CET18884973485.31.47.24192.168.2.8
                Jan 24, 2025 07:53:37.833782911 CET497341888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:37.833982944 CET18884973485.31.47.24192.168.2.8
                Jan 24, 2025 07:53:37.834028959 CET497341888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:40.377204895 CET497341888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:40.378334999 CET497951888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:40.382103920 CET18884973485.31.47.24192.168.2.8
                Jan 24, 2025 07:53:40.383147955 CET18884979585.31.47.24192.168.2.8
                Jan 24, 2025 07:53:40.383225918 CET497951888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:40.435307026 CET497951888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:40.440098047 CET18884979585.31.47.24192.168.2.8
                Jan 24, 2025 07:53:40.584187031 CET497951888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:40.588954926 CET18884979585.31.47.24192.168.2.8
                Jan 24, 2025 07:53:42.121790886 CET18884979585.31.47.24192.168.2.8
                Jan 24, 2025 07:53:42.121867895 CET497951888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:45.458914995 CET497951888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:45.461323023 CET498311888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:45.465276003 CET18884979585.31.47.24192.168.2.8
                Jan 24, 2025 07:53:45.468003988 CET18884983185.31.47.24192.168.2.8
                Jan 24, 2025 07:53:45.468107939 CET498311888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:45.510910034 CET498311888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:45.515894890 CET18884983185.31.47.24192.168.2.8
                Jan 24, 2025 07:53:47.215665102 CET18884983185.31.47.24192.168.2.8
                Jan 24, 2025 07:53:47.215769053 CET498311888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:50.616714954 CET498311888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:50.617147923 CET498621888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:50.621584892 CET18884983185.31.47.24192.168.2.8
                Jan 24, 2025 07:53:50.621951103 CET18884986285.31.47.24192.168.2.8
                Jan 24, 2025 07:53:50.622067928 CET498621888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:50.686896086 CET498621888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:50.691683054 CET18884986285.31.47.24192.168.2.8
                Jan 24, 2025 07:53:56.068533897 CET498621888192.168.2.885.31.47.24
                Jan 24, 2025 07:53:56.074084044 CET18884986285.31.47.24192.168.2.8
                Jan 24, 2025 07:53:57.732831001 CET18884986285.31.47.24192.168.2.8
                Jan 24, 2025 07:53:57.732908964 CET498621888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:01.195647001 CET498621888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:01.200839043 CET499331888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:01.358422041 CET18884986285.31.47.24192.168.2.8
                Jan 24, 2025 07:54:01.358439922 CET18884993385.31.47.24192.168.2.8
                Jan 24, 2025 07:54:01.359204054 CET499331888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:01.525696039 CET499331888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:01.530489922 CET18884993385.31.47.24192.168.2.8
                Jan 24, 2025 07:54:03.096935034 CET18884993385.31.47.24192.168.2.8
                Jan 24, 2025 07:54:03.097014904 CET499331888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:07.209157944 CET499331888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:07.211016893 CET499711888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:07.215575933 CET18884993385.31.47.24192.168.2.8
                Jan 24, 2025 07:54:07.216042042 CET18884997185.31.47.24192.168.2.8
                Jan 24, 2025 07:54:07.216213942 CET499711888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:07.286875963 CET499711888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:07.291735888 CET18884997185.31.47.24192.168.2.8
                Jan 24, 2025 07:54:09.025448084 CET18884997185.31.47.24192.168.2.8
                Jan 24, 2025 07:54:09.025659084 CET499711888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:12.474771976 CET499711888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:12.475869894 CET500041888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:12.479687929 CET18884997185.31.47.24192.168.2.8
                Jan 24, 2025 07:54:12.480668068 CET18885000485.31.47.24192.168.2.8
                Jan 24, 2025 07:54:12.480748892 CET500041888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:12.521985054 CET500041888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:12.526860952 CET18885000485.31.47.24192.168.2.8
                Jan 24, 2025 07:54:12.693581104 CET500041888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:12.698414087 CET18885000485.31.47.24192.168.2.8
                Jan 24, 2025 07:54:12.755983114 CET500041888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:12.760873079 CET18885000485.31.47.24192.168.2.8
                Jan 24, 2025 07:54:12.834124088 CET500041888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:12.839036942 CET18885000485.31.47.24192.168.2.8
                Jan 24, 2025 07:54:12.865482092 CET500041888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:12.870471001 CET18885000485.31.47.24192.168.2.8
                Jan 24, 2025 07:54:14.223983049 CET18885000485.31.47.24192.168.2.8
                Jan 24, 2025 07:54:14.224059105 CET500041888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:17.896416903 CET500041888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:17.897499084 CET500051888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:17.901215076 CET18885000485.31.47.24192.168.2.8
                Jan 24, 2025 07:54:17.902332067 CET18885000585.31.47.24192.168.2.8
                Jan 24, 2025 07:54:17.902417898 CET500051888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:17.982127905 CET500051888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:17.987234116 CET18885000585.31.47.24192.168.2.8
                Jan 24, 2025 07:54:18.021842003 CET500051888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:18.027010918 CET18885000585.31.47.24192.168.2.8
                Jan 24, 2025 07:54:18.068520069 CET500051888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:18.073550940 CET18885000585.31.47.24192.168.2.8
                Jan 24, 2025 07:54:18.084172010 CET500051888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:18.089116096 CET18885000585.31.47.24192.168.2.8
                Jan 24, 2025 07:54:18.209141016 CET500051888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:18.214131117 CET18885000585.31.47.24192.168.2.8
                Jan 24, 2025 07:54:19.655539036 CET18885000585.31.47.24192.168.2.8
                Jan 24, 2025 07:54:19.655934095 CET500051888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:23.162173033 CET500051888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:23.163698912 CET500061888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:23.167126894 CET18885000585.31.47.24192.168.2.8
                Jan 24, 2025 07:54:23.168634892 CET18885000685.31.47.24192.168.2.8
                Jan 24, 2025 07:54:23.173675060 CET500061888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:23.244790077 CET500061888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:23.249608994 CET18885000685.31.47.24192.168.2.8
                Jan 24, 2025 07:54:23.287307978 CET500061888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:23.292201042 CET18885000685.31.47.24192.168.2.8
                Jan 24, 2025 07:54:23.318783998 CET500061888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:23.323549986 CET18885000685.31.47.24192.168.2.8
                Jan 24, 2025 07:54:23.334393978 CET500061888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:23.339343071 CET18885000685.31.47.24192.168.2.8
                Jan 24, 2025 07:54:23.349751949 CET500061888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:23.354629993 CET18885000685.31.47.24192.168.2.8
                Jan 24, 2025 07:54:23.380904913 CET500061888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:23.385776997 CET18885000685.31.47.24192.168.2.8
                Jan 24, 2025 07:54:23.490778923 CET500061888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:23.495732069 CET18885000685.31.47.24192.168.2.8
                Jan 24, 2025 07:54:23.537390947 CET500061888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:23.542300940 CET18885000685.31.47.24192.168.2.8
                Jan 24, 2025 07:54:23.553069115 CET500061888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:23.557914972 CET18885000685.31.47.24192.168.2.8
                Jan 24, 2025 07:54:24.927684069 CET18885000685.31.47.24192.168.2.8
                Jan 24, 2025 07:54:24.927781105 CET500061888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:28.602931023 CET500061888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:28.608850956 CET18885000685.31.47.24192.168.2.8
                Jan 24, 2025 07:54:28.626812935 CET500071888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:28.632791996 CET18885000785.31.47.24192.168.2.8
                Jan 24, 2025 07:54:28.632893085 CET500071888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:28.695622921 CET500071888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:28.700494051 CET18885000785.31.47.24192.168.2.8
                Jan 24, 2025 07:54:30.388178110 CET18885000785.31.47.24192.168.2.8
                Jan 24, 2025 07:54:30.388343096 CET500071888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:33.709959984 CET500071888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:33.713069916 CET500081888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:33.715003967 CET18885000785.31.47.24192.168.2.8
                Jan 24, 2025 07:54:33.718050003 CET18885000885.31.47.24192.168.2.8
                Jan 24, 2025 07:54:33.718142033 CET500081888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:33.755769968 CET500081888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:33.760920048 CET18885000885.31.47.24192.168.2.8
                Jan 24, 2025 07:54:35.518460035 CET18885000885.31.47.24192.168.2.8
                Jan 24, 2025 07:54:35.518536091 CET500081888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:38.849633932 CET500081888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:38.852602005 CET500091888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:38.854620934 CET18885000885.31.47.24192.168.2.8
                Jan 24, 2025 07:54:38.857526064 CET18885000985.31.47.24192.168.2.8
                Jan 24, 2025 07:54:38.857624054 CET500091888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:38.908051014 CET500091888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:38.913180113 CET18885000985.31.47.24192.168.2.8
                Jan 24, 2025 07:54:38.927934885 CET500091888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:38.933053970 CET18885000985.31.47.24192.168.2.8
                Jan 24, 2025 07:54:38.944255114 CET500091888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:39.103941917 CET18885000985.31.47.24192.168.2.8
                Jan 24, 2025 07:54:40.598005056 CET18885000985.31.47.24192.168.2.8
                Jan 24, 2025 07:54:40.598083019 CET500091888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:44.096319914 CET500091888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:44.099812984 CET500101888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:44.101232052 CET18885000985.31.47.24192.168.2.8
                Jan 24, 2025 07:54:44.104635000 CET18885001085.31.47.24192.168.2.8
                Jan 24, 2025 07:54:44.104711056 CET500101888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:44.402199030 CET500101888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:44.407124996 CET18885001085.31.47.24192.168.2.8
                Jan 24, 2025 07:54:44.428174973 CET500101888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:44.433067083 CET18885001085.31.47.24192.168.2.8
                Jan 24, 2025 07:54:44.490644932 CET500101888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:44.495457888 CET18885001085.31.47.24192.168.2.8
                Jan 24, 2025 07:54:45.844779015 CET18885001085.31.47.24192.168.2.8
                Jan 24, 2025 07:54:45.844856977 CET500101888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:49.537098885 CET500101888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:49.538918972 CET500111888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:49.543209076 CET18885001085.31.47.24192.168.2.8
                Jan 24, 2025 07:54:49.544265985 CET18885001185.31.47.24192.168.2.8
                Jan 24, 2025 07:54:49.544404030 CET500111888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:49.582523108 CET500111888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:49.587902069 CET18885001185.31.47.24192.168.2.8
                Jan 24, 2025 07:54:53.655169964 CET18885001185.31.47.24192.168.2.8
                Jan 24, 2025 07:54:53.655261040 CET500111888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:54.599771976 CET500111888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:54.601988077 CET500121888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:54.604660034 CET18885001185.31.47.24192.168.2.8
                Jan 24, 2025 07:54:54.606808901 CET18885001285.31.47.24192.168.2.8
                Jan 24, 2025 07:54:54.606890917 CET500121888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:54.640192032 CET500121888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:54.644979954 CET18885001285.31.47.24192.168.2.8
                Jan 24, 2025 07:54:54.646651030 CET500121888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:54.651454926 CET18885001285.31.47.24192.168.2.8
                Jan 24, 2025 07:54:56.348978996 CET18885001285.31.47.24192.168.2.8
                Jan 24, 2025 07:54:56.349035025 CET500121888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:59.693569899 CET500121888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:59.695985079 CET500131888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:59.701073885 CET18885001285.31.47.24192.168.2.8
                Jan 24, 2025 07:54:59.703300953 CET18885001385.31.47.24192.168.2.8
                Jan 24, 2025 07:54:59.703427076 CET500131888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:59.778877974 CET500131888192.168.2.885.31.47.24
                Jan 24, 2025 07:54:59.786489964 CET18885001385.31.47.24192.168.2.8
                Jan 24, 2025 07:55:01.454874039 CET18885001385.31.47.24192.168.2.8
                Jan 24, 2025 07:55:01.455111027 CET500131888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:04.881105900 CET500131888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:04.883738041 CET500141888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:04.885931969 CET18885001385.31.47.24192.168.2.8
                Jan 24, 2025 07:55:04.888576984 CET18885001485.31.47.24192.168.2.8
                Jan 24, 2025 07:55:04.888741970 CET500141888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:04.929444075 CET500141888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:04.934691906 CET18885001485.31.47.24192.168.2.8
                Jan 24, 2025 07:55:04.959222078 CET500141888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:04.964092970 CET18885001485.31.47.24192.168.2.8
                Jan 24, 2025 07:55:05.021933079 CET500141888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:05.027200937 CET18885001485.31.47.24192.168.2.8
                Jan 24, 2025 07:55:05.068552971 CET500141888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:05.076133966 CET18885001485.31.47.24192.168.2.8
                Jan 24, 2025 07:55:05.193515062 CET500141888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:05.200113058 CET18885001485.31.47.24192.168.2.8
                Jan 24, 2025 07:55:06.626331091 CET18885001485.31.47.24192.168.2.8
                Jan 24, 2025 07:55:06.626534939 CET500141888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:10.130964994 CET500141888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:10.132493019 CET500151888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:10.136746883 CET18885001485.31.47.24192.168.2.8
                Jan 24, 2025 07:55:10.138581991 CET18885001585.31.47.24192.168.2.8
                Jan 24, 2025 07:55:10.138668060 CET500151888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:10.176896095 CET500151888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:10.184850931 CET18885001585.31.47.24192.168.2.8
                Jan 24, 2025 07:55:10.303148985 CET500151888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:10.309592962 CET18885001585.31.47.24192.168.2.8
                Jan 24, 2025 07:55:10.334496021 CET500151888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:10.343115091 CET18885001585.31.47.24192.168.2.8
                Jan 24, 2025 07:55:11.874588013 CET18885001585.31.47.24192.168.2.8
                Jan 24, 2025 07:55:11.874772072 CET500151888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:15.349651098 CET500151888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:15.351433992 CET500161888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:15.354592085 CET18885001585.31.47.24192.168.2.8
                Jan 24, 2025 07:55:15.356345892 CET18885001685.31.47.24192.168.2.8
                Jan 24, 2025 07:55:15.356416941 CET500161888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:15.398957968 CET500161888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:15.403851032 CET18885001685.31.47.24192.168.2.8
                Jan 24, 2025 07:55:15.443639040 CET500161888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:15.448591948 CET18885001685.31.47.24192.168.2.8
                Jan 24, 2025 07:55:15.475413084 CET500161888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:15.480381012 CET18885001685.31.47.24192.168.2.8
                Jan 24, 2025 07:55:15.522290945 CET500161888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:15.528325081 CET18885001685.31.47.24192.168.2.8
                Jan 24, 2025 07:55:15.553478956 CET500161888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:15.559614897 CET18885001685.31.47.24192.168.2.8
                Jan 24, 2025 07:55:15.678051949 CET500161888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:15.684437990 CET18885001685.31.47.24192.168.2.8
                Jan 24, 2025 07:55:15.693675041 CET500161888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:15.700022936 CET18885001685.31.47.24192.168.2.8
                Jan 24, 2025 07:55:15.740689993 CET500161888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:15.747385025 CET18885001685.31.47.24192.168.2.8
                Jan 24, 2025 07:55:15.756088972 CET500161888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:15.762846947 CET18885001685.31.47.24192.168.2.8
                Jan 24, 2025 07:55:17.126410007 CET18885001685.31.47.24192.168.2.8
                Jan 24, 2025 07:55:17.126494884 CET500161888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:20.802786112 CET500161888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:20.804656029 CET500171888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:20.807740927 CET18885001685.31.47.24192.168.2.8
                Jan 24, 2025 07:55:20.809688091 CET18885001785.31.47.24192.168.2.8
                Jan 24, 2025 07:55:20.809756994 CET500171888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:20.869443893 CET500171888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:20.874731064 CET18885001785.31.47.24192.168.2.8
                Jan 24, 2025 07:55:20.897567987 CET500171888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:20.902327061 CET18885001785.31.47.24192.168.2.8
                Jan 24, 2025 07:55:20.943572998 CET500171888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:20.948411942 CET18885001785.31.47.24192.168.2.8
                Jan 24, 2025 07:55:20.990546942 CET500171888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:20.995429039 CET18885001785.31.47.24192.168.2.8
                Jan 24, 2025 07:55:21.037417889 CET500171888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:21.042201042 CET18885001785.31.47.24192.168.2.8
                Jan 24, 2025 07:55:21.068653107 CET500171888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:21.073512077 CET18885001785.31.47.24192.168.2.8
                Jan 24, 2025 07:55:22.544255972 CET18885001785.31.47.24192.168.2.8
                Jan 24, 2025 07:55:22.544322014 CET500171888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:26.318516970 CET500171888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:26.321690083 CET500181888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:26.323398113 CET18885001785.31.47.24192.168.2.8
                Jan 24, 2025 07:55:26.326690912 CET18885001885.31.47.24192.168.2.8
                Jan 24, 2025 07:55:26.326772928 CET500181888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:26.366468906 CET500181888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:26.371542931 CET18885001885.31.47.24192.168.2.8
                Jan 24, 2025 07:55:26.428024054 CET500181888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:26.432930946 CET18885001885.31.47.24192.168.2.8
                Jan 24, 2025 07:55:26.475387096 CET500181888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:26.480695963 CET18885001885.31.47.24192.168.2.8
                Jan 24, 2025 07:55:26.491772890 CET500181888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:26.496618986 CET18885001885.31.47.24192.168.2.8
                Jan 24, 2025 07:55:26.537491083 CET500181888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:26.542424917 CET18885001885.31.47.24192.168.2.8
                Jan 24, 2025 07:55:26.553170919 CET500181888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:26.558001995 CET18885001885.31.47.24192.168.2.8
                Jan 24, 2025 07:55:26.600236893 CET500181888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:26.605206013 CET18885001885.31.47.24192.168.2.8
                Jan 24, 2025 07:55:26.662408113 CET500181888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:26.667251110 CET18885001885.31.47.24192.168.2.8
                Jan 24, 2025 07:55:26.709230900 CET500181888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:26.714152098 CET18885001885.31.47.24192.168.2.8
                Jan 24, 2025 07:55:26.756078005 CET500181888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:26.760943890 CET18885001885.31.47.24192.168.2.8
                Jan 24, 2025 07:55:26.787400007 CET500181888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:26.793678045 CET18885001885.31.47.24192.168.2.8
                Jan 24, 2025 07:55:28.102686882 CET18885001885.31.47.24192.168.2.8
                Jan 24, 2025 07:55:28.102768898 CET500181888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:31.804832935 CET500191888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:31.804835081 CET500181888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:31.809845924 CET18885001885.31.47.24192.168.2.8
                Jan 24, 2025 07:55:31.809880018 CET18885001985.31.47.24192.168.2.8
                Jan 24, 2025 07:55:31.810024023 CET500191888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:32.033102989 CET500191888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:32.038701057 CET18885001985.31.47.24192.168.2.8
                Jan 24, 2025 07:55:32.193690062 CET500191888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:32.199028015 CET18885001985.31.47.24192.168.2.8
                Jan 24, 2025 07:55:32.209522009 CET500191888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:32.214991093 CET18885001985.31.47.24192.168.2.8
                Jan 24, 2025 07:55:32.303217888 CET500191888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:32.309695959 CET18885001985.31.47.24192.168.2.8
                Jan 24, 2025 07:55:33.566356897 CET18885001985.31.47.24192.168.2.8
                Jan 24, 2025 07:55:33.566438913 CET500191888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:37.319785118 CET500191888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:37.319797039 CET500201888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:37.324939966 CET18885001985.31.47.24192.168.2.8
                Jan 24, 2025 07:55:37.324990034 CET18885002085.31.47.24192.168.2.8
                Jan 24, 2025 07:55:37.325192928 CET500201888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:37.426948071 CET500201888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:37.431812048 CET18885002085.31.47.24192.168.2.8
                Jan 24, 2025 07:55:39.062875032 CET18885002085.31.47.24192.168.2.8
                Jan 24, 2025 07:55:39.062973976 CET500201888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:42.521656990 CET500201888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:42.522872925 CET500211888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:42.526631117 CET18885002085.31.47.24192.168.2.8
                Jan 24, 2025 07:55:42.529069901 CET18885002185.31.47.24192.168.2.8
                Jan 24, 2025 07:55:42.529154062 CET500211888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:42.569102049 CET500211888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:42.574414968 CET18885002185.31.47.24192.168.2.8
                Jan 24, 2025 07:55:42.756474018 CET500211888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:42.761423111 CET18885002185.31.47.24192.168.2.8
                Jan 24, 2025 07:55:44.006280899 CET500211888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:44.011123896 CET18885002185.31.47.24192.168.2.8
                Jan 24, 2025 07:55:44.263861895 CET18885002185.31.47.24192.168.2.8
                Jan 24, 2025 07:55:44.264130116 CET500211888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:47.599946022 CET500211888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:47.601140976 CET500221888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:47.604957104 CET18885002185.31.47.24192.168.2.8
                Jan 24, 2025 07:55:47.606003046 CET18885002285.31.47.24192.168.2.8
                Jan 24, 2025 07:55:47.606081009 CET500221888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:47.693870068 CET500221888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:47.698790073 CET18885002285.31.47.24192.168.2.8
                Jan 24, 2025 07:55:48.585078955 CET500221888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:48.589982986 CET18885002285.31.47.24192.168.2.8
                Jan 24, 2025 07:55:49.341504097 CET18885002285.31.47.24192.168.2.8
                Jan 24, 2025 07:55:49.341603994 CET500221888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:52.771897078 CET500221888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:52.776952982 CET18885002285.31.47.24192.168.2.8
                Jan 24, 2025 07:55:52.777009964 CET500231888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:52.782002926 CET18885002385.31.47.24192.168.2.8
                Jan 24, 2025 07:55:52.782664061 CET500231888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:52.900841951 CET500231888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:52.905704975 CET18885002385.31.47.24192.168.2.8
                Jan 24, 2025 07:55:52.977732897 CET500231888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:52.982542038 CET18885002385.31.47.24192.168.2.8
                Jan 24, 2025 07:55:54.535281897 CET18885002385.31.47.24192.168.2.8
                Jan 24, 2025 07:55:54.535377026 CET500231888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:58.006015062 CET500231888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:58.008244991 CET500241888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:58.011130095 CET18885002385.31.47.24192.168.2.8
                Jan 24, 2025 07:55:58.013283014 CET18885002485.31.47.24192.168.2.8
                Jan 24, 2025 07:55:58.013354063 CET500241888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:58.075200081 CET500241888192.168.2.885.31.47.24
                Jan 24, 2025 07:55:58.080156088 CET18885002485.31.47.24192.168.2.8
                Jan 24, 2025 07:55:59.748807907 CET18885002485.31.47.24192.168.2.8
                Jan 24, 2025 07:55:59.748868942 CET500241888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:03.224791050 CET500241888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:03.228059053 CET500251888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:03.232462883 CET18885002485.31.47.24192.168.2.8
                Jan 24, 2025 07:56:03.235857010 CET18885002585.31.47.24192.168.2.8
                Jan 24, 2025 07:56:03.235929012 CET500251888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:03.282289982 CET500251888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:03.287224054 CET18885002585.31.47.24192.168.2.8
                Jan 24, 2025 07:56:03.303227901 CET500251888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:03.308223009 CET18885002585.31.47.24192.168.2.8
                Jan 24, 2025 07:56:04.987036943 CET18885002585.31.47.24192.168.2.8
                Jan 24, 2025 07:56:04.987139940 CET500251888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:08.304625034 CET500251888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:08.305063963 CET500261888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:08.309688091 CET18885002585.31.47.24192.168.2.8
                Jan 24, 2025 07:56:08.309962988 CET18885002685.31.47.24192.168.2.8
                Jan 24, 2025 07:56:08.310049057 CET500261888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:08.493050098 CET500261888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:08.497879028 CET18885002685.31.47.24192.168.2.8
                Jan 24, 2025 07:56:10.065666914 CET18885002685.31.47.24192.168.2.8
                Jan 24, 2025 07:56:10.065737009 CET500261888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:13.552927017 CET500261888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:13.558109999 CET18885002685.31.47.24192.168.2.8
                Jan 24, 2025 07:56:13.610627890 CET500271888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:13.615843058 CET18885002785.31.47.24192.168.2.8
                Jan 24, 2025 07:56:13.615956068 CET500271888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:13.923815966 CET500271888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:13.928729057 CET18885002785.31.47.24192.168.2.8
                Jan 24, 2025 07:56:13.959496975 CET500271888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:13.964406013 CET18885002785.31.47.24192.168.2.8
                Jan 24, 2025 07:56:13.990684986 CET500271888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:13.995743036 CET18885002785.31.47.24192.168.2.8
                Jan 24, 2025 07:56:14.006562948 CET500271888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:14.011635065 CET18885002785.31.47.24192.168.2.8
                Jan 24, 2025 07:56:14.178210020 CET500271888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:14.183458090 CET18885002785.31.47.24192.168.2.8
                Jan 24, 2025 07:56:14.412853003 CET500271888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:14.421334028 CET18885002785.31.47.24192.168.2.8
                Jan 24, 2025 07:56:15.392400980 CET18885002785.31.47.24192.168.2.8
                Jan 24, 2025 07:56:15.392590046 CET500271888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:19.474867105 CET500271888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:19.478781939 CET500281888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:19.479897022 CET18885002785.31.47.24192.168.2.8
                Jan 24, 2025 07:56:19.484006882 CET18885002885.31.47.24192.168.2.8
                Jan 24, 2025 07:56:19.484096050 CET500281888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:19.522648096 CET500281888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:19.527772903 CET18885002885.31.47.24192.168.2.8
                Jan 24, 2025 07:56:21.237627029 CET18885002885.31.47.24192.168.2.8
                Jan 24, 2025 07:56:21.237692118 CET500281888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:28.521673918 CET500281888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:28.524194956 CET500291888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:28.647686005 CET18885002885.31.47.24192.168.2.8
                Jan 24, 2025 07:56:28.647706985 CET18885002985.31.47.24192.168.2.8
                Jan 24, 2025 07:56:28.647789955 CET500291888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:28.712215900 CET500291888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:28.717160940 CET18885002985.31.47.24192.168.2.8
                Jan 24, 2025 07:56:30.392592907 CET18885002985.31.47.24192.168.2.8
                Jan 24, 2025 07:56:30.393722057 CET500291888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:36.318562984 CET500291888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:36.319205046 CET500301888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:36.323419094 CET18885002985.31.47.24192.168.2.8
                Jan 24, 2025 07:56:36.324310064 CET18885003085.31.47.24192.168.2.8
                Jan 24, 2025 07:56:36.324417114 CET500301888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:36.336535931 CET500301888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:36.341464043 CET18885003085.31.47.24192.168.2.8
                Jan 24, 2025 07:56:38.063680887 CET18885003085.31.47.24192.168.2.8
                Jan 24, 2025 07:56:38.063914061 CET500301888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:40.396677017 CET500301888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:40.397665977 CET500311888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:40.401487112 CET18885003085.31.47.24192.168.2.8
                Jan 24, 2025 07:56:40.402461052 CET18885003185.31.47.24192.168.2.8
                Jan 24, 2025 07:56:40.402678013 CET500311888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:40.414606094 CET500311888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:40.419395924 CET18885003185.31.47.24192.168.2.8
                Jan 24, 2025 07:56:42.147233009 CET18885003185.31.47.24192.168.2.8
                Jan 24, 2025 07:56:42.147309065 CET500311888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:47.615607023 CET500311888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:47.616755009 CET500321888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:47.620716095 CET18885003185.31.47.24192.168.2.8
                Jan 24, 2025 07:56:47.622874975 CET18885003285.31.47.24192.168.2.8
                Jan 24, 2025 07:56:47.622982025 CET500321888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:47.638744116 CET500321888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:47.644433975 CET18885003285.31.47.24192.168.2.8
                Jan 24, 2025 07:56:49.358727932 CET18885003285.31.47.24192.168.2.8
                Jan 24, 2025 07:56:49.358834982 CET500321888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:57.568591118 CET500321888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:57.569240093 CET500331888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:57.573457956 CET18885003285.31.47.24192.168.2.8
                Jan 24, 2025 07:56:57.574094057 CET18885003385.31.47.24192.168.2.8
                Jan 24, 2025 07:56:57.574163914 CET500331888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:57.585835934 CET500331888192.168.2.885.31.47.24
                Jan 24, 2025 07:56:57.590704918 CET18885003385.31.47.24192.168.2.8
                Jan 24, 2025 07:56:59.333178043 CET18885003385.31.47.24192.168.2.8
                Jan 24, 2025 07:56:59.333781004 CET500331888192.168.2.885.31.47.24
                • File
                • Registry
                • Network

                Click to dive into process behavior distribution

                Target ID:0
                Start time:01:52:15
                Start date:24/01/2025
                Path:C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe
                Wow64 process (32bit):false
                Commandline:"C:\Users\user\Desktop\1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exe"
                Imagebase:0x30000
                File size:36'864 bytes
                MD5 hash:70EAF49A98E12F4D4DE3C019C0BAAD11
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000000.1469935431.0000000000032000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000000.1469935431.0000000000032000.00000002.00000001.01000000.00000003.sdmp, Author: ditekSHen
                Reputation:low
                Has exited:false
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                Execution Graph

                Execution Coverage

                Dynamic/Packed Code Coverage

                Signature Coverage

                Execution Coverage:18.5%
                Dynamic/Decrypted Code Coverage:100%
                Signature Coverage:0%
                Total number of Nodes:3
                Total number of Limit Nodes:0
                Show Legend
                Hide Nodes/Edges
                execution_graph 3528 7ffb4b041be8 3529 7ffb4b041bf1 SetWindowsHookExW 3528->3529 3531 7ffb4b041cc1 3529->3531

                Executed Functions

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 30 7ffb4b046716-7ffb4b046723 31 7ffb4b04672e-7ffb4b0467f7 30->31 32 7ffb4b046725-7ffb4b04672d 30->32 36 7ffb4b046863 31->36 37 7ffb4b0467f9-7ffb4b046802 31->37 32->31 38 7ffb4b046865-7ffb4b04688a 36->38 37->36 39 7ffb4b046804-7ffb4b046810 37->39 45 7ffb4b04688c-7ffb4b046895 38->45 46 7ffb4b0468f6 38->46 40 7ffb4b046812-7ffb4b046824 39->40 41 7ffb4b046849-7ffb4b046861 39->41 43 7ffb4b046826 40->43 44 7ffb4b046828-7ffb4b04683b 40->44 41->38 43->44 44->44 47 7ffb4b04683d-7ffb4b046845 44->47 45->46 48 7ffb4b046897-7ffb4b0468a3 45->48 49 7ffb4b0468f8-7ffb4b0469a0 46->49 47->41 50 7ffb4b0468dc-7ffb4b0468f4 48->50 51 7ffb4b0468a5-7ffb4b0468b7 48->51 60 7ffb4b046a0e 49->60 61 7ffb4b0469a2-7ffb4b0469ac 49->61 50->49 52 7ffb4b0468bb-7ffb4b0468ce 51->52 53 7ffb4b0468b9 51->53 52->52 56 7ffb4b0468d0-7ffb4b0468d8 52->56 53->52 56->50 63 7ffb4b046a10-7ffb4b046a39 60->63 61->60 62 7ffb4b0469ae-7ffb4b0469bb 61->62 64 7ffb4b0469bd-7ffb4b0469cf 62->64 65 7ffb4b0469f4-7ffb4b046a0c 62->65 69 7ffb4b046a3b-7ffb4b046a46 63->69 70 7ffb4b046aa3 63->70 67 7ffb4b0469d1 64->67 68 7ffb4b0469d3-7ffb4b0469e6 64->68 65->63 67->68 68->68 71 7ffb4b0469e8-7ffb4b0469f0 68->71 69->70 72 7ffb4b046a48-7ffb4b046a56 69->72 73 7ffb4b046aa5-7ffb4b046b36 70->73 71->65 74 7ffb4b046a8f-7ffb4b046aa1 72->74 75 7ffb4b046a58-7ffb4b046a6a 72->75 81 7ffb4b046b3c-7ffb4b046b4b 73->81 74->73 76 7ffb4b046a6e-7ffb4b046a81 75->76 77 7ffb4b046a6c 75->77 76->76 79 7ffb4b046a83-7ffb4b046a8b 76->79 77->76 79->74 82 7ffb4b046b4d 81->82 83 7ffb4b046b53-7ffb4b046bb8 call 7ffb4b046bd4 81->83 82->83 90 7ffb4b046bbf-7ffb4b046bd3 83->90 91 7ffb4b046bba 83->91 91->90
                Memory Dump Source
                • Source File: 00000000.00000002.3937037404.00007FFB4B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B040000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffb4b040000_1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5597a612d19e1c8a386d49a34101d8321134c047b3b54b7ebfe20c0895429f07
                • Instruction ID: afcc3d0d7f21dc117172cace4e6ba6e038675255e48daac3bd934d0b6a21fcd7
                • Opcode Fuzzy Hash: 5597a612d19e1c8a386d49a34101d8321134c047b3b54b7ebfe20c0895429f07
                • Instruction Fuzzy Hash: ECF1A47090CA8D8FEBA8EF28C8557E937D1FF54311F0482AEE84DC7291DE7499458B82

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 92 7ffb4b0474c2-7ffb4b0474cf 93 7ffb4b0474d1-7ffb4b0474d9 92->93 94 7ffb4b0474da-7ffb4b0475a7 92->94 93->94 98 7ffb4b047613 94->98 99 7ffb4b0475a9-7ffb4b0475b2 94->99 100 7ffb4b047615-7ffb4b04763a 98->100 99->98 101 7ffb4b0475b4-7ffb4b0475c0 99->101 108 7ffb4b04763c-7ffb4b047645 100->108 109 7ffb4b0476a6 100->109 102 7ffb4b0475c2-7ffb4b0475d4 101->102 103 7ffb4b0475f9-7ffb4b047611 101->103 104 7ffb4b0475d6 102->104 105 7ffb4b0475d8-7ffb4b0475eb 102->105 103->100 104->105 105->105 107 7ffb4b0475ed-7ffb4b0475f5 105->107 107->103 108->109 111 7ffb4b047647-7ffb4b047653 108->111 110 7ffb4b0476a8-7ffb4b0476cd 109->110 117 7ffb4b04773b 110->117 118 7ffb4b0476cf-7ffb4b0476d9 110->118 112 7ffb4b04768c-7ffb4b0476a4 111->112 113 7ffb4b047655-7ffb4b047667 111->113 112->110 115 7ffb4b04766b-7ffb4b04767e 113->115 116 7ffb4b047669 113->116 115->115 119 7ffb4b047680-7ffb4b047688 115->119 116->115 121 7ffb4b04773d-7ffb4b04776b 117->121 118->117 120 7ffb4b0476db-7ffb4b0476e8 118->120 119->112 122 7ffb4b047721-7ffb4b047739 120->122 123 7ffb4b0476ea-7ffb4b0476fc 120->123 128 7ffb4b04776d-7ffb4b047778 121->128 129 7ffb4b0477db 121->129 122->121 124 7ffb4b0476fe 123->124 125 7ffb4b047700-7ffb4b047713 123->125 124->125 125->125 127 7ffb4b047715-7ffb4b04771d 125->127 127->122 128->129 130 7ffb4b04777a-7ffb4b047788 128->130 131 7ffb4b0477dd-7ffb4b0478b5 129->131 132 7ffb4b0477c1-7ffb4b0477d9 130->132 133 7ffb4b04778a-7ffb4b04779c 130->133 141 7ffb4b0478bb-7ffb4b0478ca 131->141 132->131 134 7ffb4b04779e 133->134 135 7ffb4b0477a0-7ffb4b0477b3 133->135 134->135 135->135 137 7ffb4b0477b5-7ffb4b0477bd 135->137 137->132 142 7ffb4b0478cc 141->142 143 7ffb4b0478d2-7ffb4b047934 call 7ffb4b047950 141->143 142->143 150 7ffb4b04793b-7ffb4b04794f 143->150 151 7ffb4b047936 143->151 151->150
                Memory Dump Source
                • Source File: 00000000.00000002.3937037404.00007FFB4B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B040000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffb4b040000_1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1b92a928fc298da19a366c4d89e55ab214930441c32499eba40099ab2e4b3c81
                • Instruction ID: 82c06bc7334a8a5bc5926793b2b15c30e71eaea8a2b0c89da52f09ff6b68e225
                • Opcode Fuzzy Hash: 1b92a928fc298da19a366c4d89e55ab214930441c32499eba40099ab2e4b3c81
                • Instruction Fuzzy Hash: 04E1A37090CA8E8FEBA9EF28C8557E977D1EF54311F14826ED84DC72A1CF74A8458B81

                Control-flow Graph

                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.3937037404.00007FFB4B040000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B040000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ffb4b040000_1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf.jbxd
                Similarity
                • API ID: HookWindows
                • String ID:
                • API String ID: 2559412058-0
                • Opcode ID: 21463c19499f72ae319cede3482d281650ed24791a6849403ae939440c58aa7e
                • Instruction ID: 952778c277bcdf8e32c8d31e5f2919b7db71c9c3fa3808cc843683007385c226
                • Opcode Fuzzy Hash: 21463c19499f72ae319cede3482d281650ed24791a6849403ae939440c58aa7e
                • Instruction Fuzzy Hash: 31411670A0CA5D8FDB1DEF6CD8066F97BE1EB59311F00427EE04DD3292CA65A81287C1