Edit tour

Windows Analysis Report
1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe

Overview

General Information

Sample name:1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe
Analysis ID:1598375
MD5:c68b61002017f7c4e1b631191bd8b73b
SHA1:e49b699e7bc47686123a2aab0447569c0934a8f4
SHA256:f29265a2b0ef4c66b0a5ae64621ba86f02f5ccdc52e48636925c1b1560aee7a4
Tags:base64-decodedexeuser-abuse_ch
Infos:

Detection

XWorm
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected XWorm
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Contains functionality to log keystrokes (.Net Source)
Found potential dummy code loops (likely to delay analysis)
Joe Sandbox ML detected suspicious sample
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Program does not show much activity (idle)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • cleanup
{
  "C2 url": [
    "85.31.47.24"
  ],
  "Port": 1888,
  "Aes key": "<123456789>",
  "SPL": "<Xwormmm>",
  "Install file": "USB.exe"
}
SourceRuleDescriptionAuthorStrings
1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeJoeSecurity_XWormYara detected XWormJoe Security
    1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exerat_win_xworm_v3Finds XWorm (version XClient, v3) samples based on characteristic stringsSekoia.io
    • 0x6417:$str01: $VB$Local_Port
    • 0x6408:$str02: $VB$Local_Host
    • 0x670c:$str03: get_Jpeg
    • 0x60c7:$str04: get_ServicePack
    • 0x7156:$str05: Select * from AntivirusProduct
    • 0x7354:$str06: PCRestart
    • 0x7368:$str07: shutdown.exe /f /r /t 0
    • 0x741a:$str08: StopReport
    • 0x73f0:$str09: StopDDos
    • 0x74f2:$str10: sendPlugin
    • 0x769e:$str12: -ExecutionPolicy Bypass -File "
    • 0x77c7:$str13: Content-length: 5235
    1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
    • 0x7a34:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
    • 0x7ad1:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
    • 0x7be6:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
    • 0x76e2:$cnc4: POST / HTTP/1.1
    SourceRuleDescriptionAuthorStrings
    00000000.00000000.1442608108.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_XWormYara detected XWormJoe Security
      00000000.00000000.1442608108.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
      • 0x7834:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0x78d1:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0x79e6:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0x74e2:$cnc4: POST / HTTP/1.1
      Process Memory Space: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe PID: 5548JoeSecurity_XWormYara detected XWormJoe Security
        SourceRuleDescriptionAuthorStrings
        0.0.1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe.df0000.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
          0.0.1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe.df0000.0.unpackrat_win_xworm_v3Finds XWorm (version XClient, v3) samples based on characteristic stringsSekoia.io
          • 0x6417:$str01: $VB$Local_Port
          • 0x6408:$str02: $VB$Local_Host
          • 0x670c:$str03: get_Jpeg
          • 0x60c7:$str04: get_ServicePack
          • 0x7156:$str05: Select * from AntivirusProduct
          • 0x7354:$str06: PCRestart
          • 0x7368:$str07: shutdown.exe /f /r /t 0
          • 0x741a:$str08: StopReport
          • 0x73f0:$str09: StopDDos
          • 0x74f2:$str10: sendPlugin
          • 0x769e:$str12: -ExecutionPolicy Bypass -File "
          • 0x77c7:$str13: Content-length: 5235
          0.0.1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe.df0000.0.unpackMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
          • 0x7a34:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
          • 0x7ad1:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
          • 0x7be6:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
          • 0x76e2:$cnc4: POST / HTTP/1.1
          No Sigma rule has matched
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-01-24T08:02:56.133476+010028531931Malware Command and Control Activity Detected192.168.2.85002185.31.47.241888TCP

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeAvira: detected
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeMalware Configuration Extractor: Xworm {"C2 url": ["85.31.47.24"], "Port": 1888, "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe"}
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeVirustotal: Detection: 73%Perma Link
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeReversingLabs: Detection: 84%
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeJoe Sandbox ML: detected
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeString decryptor: 85.31.47.24
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeString decryptor: 1888
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeString decryptor: <123456789>
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeString decryptor: <Xwormmm>
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeString decryptor: 21-01-2025
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeString decryptor: USB.exe
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

          Networking

          barindex
          Source: Network trafficSuricata IDS: 2855924 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.8:49727 -> 85.31.47.24:1888
          Source: Network trafficSuricata IDS: 2853193 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.8:50021 -> 85.31.47.24:1888
          Source: Malware configuration extractorURLs: 85.31.47.24
          Source: global trafficTCP traffic: 192.168.2.8:49704 -> 85.31.47.24:1888
          Source: Joe Sandbox ViewASN Name: CLOUDCOMPUTINGDE CLOUDCOMPUTINGDE
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: unknownTCP traffic detected without corresponding DNS query: 85.31.47.24
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe, 00000000.00000002.3893737939.00000000030E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

          Key, Mouse, Clipboard, Microphone and Screen Capturing

          barindex
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe, XLogger.cs.Net Code: KeyboardLayout

          System Summary

          barindex
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe, type: SAMPLEMatched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe, type: SAMPLEMatched rule: Detects AsyncRAT Author: ditekSHen
          Source: 0.0.1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe.df0000.0.unpack, type: UNPACKEDPEMatched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
          Source: 0.0.1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe.df0000.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
          Source: 00000000.00000000.1442608108.0000000000DF2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeCode function: 0_2_00007FFB4AE968E60_2_00007FFB4AE968E6
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeCode function: 0_2_00007FFB4AE976920_2_00007FFB4AE97692
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeCode function: 0_2_00007FFB4AE950BD0_2_00007FFB4AE950BD
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe, 00000000.00000000.1442623913.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameXClient.exe4 vs 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeBinary or memory string: OriginalFilenameXClient.exe4 vs 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe, type: SAMPLEMatched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe, type: SAMPLEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
          Source: 0.0.1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe.df0000.0.unpack, type: UNPACKEDPEMatched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
          Source: 0.0.1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe.df0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
          Source: 00000000.00000000.1442608108.0000000000DF2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe, Helper.csCryptographic APIs: 'TransformFinalBlock'
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe, Helper.csCryptographic APIs: 'TransformFinalBlock'
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe, AlgorithmAES.csCryptographic APIs: 'TransformFinalBlock'
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@0/1
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeMutant created: NULL
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeMutant created: \Sessions\1\BaseNamedObjects\3OrfQWNZWWIB9sG2
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeVirustotal: Detection: 73%
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeReversingLabs: Detection: 84%
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeSection loaded: avicap32.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeSection loaded: msvfw32.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

          Data Obfuscation

          barindex
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true)
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[1] { Pack[2] }}, (string[])null, (Type[])null, (bool[])null, true)
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe, Messages.cs.Net Code: Plugin System.AppDomain.Load(byte[])
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe, Messages.cs.Net Code: Memory System.AppDomain.Load(byte[])
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe, Messages.cs.Net Code: Memory
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeCode function: 0_2_00007FFB4AE91552 push E95EE836h; ret 0_2_00007FFB4AE91599
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeCode function: 0_2_00007FFB4AE900BD pushad ; iretd 0_2_00007FFB4AE900C1
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeCode function: 0_2_00007FFB4AE9168D push ebx; retf 0_2_00007FFB4AE916AA
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeMemory allocated: 1730000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeMemory allocated: 1B0E0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWindow / User API: threadDelayed 2593Jump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWindow / User API: threadDelayed 7232Jump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe TID: 4032Thread sleep time: -22136092888451448s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe TID: 3552Thread sleep count: 2593 > 30Jump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe TID: 3552Thread sleep count: 7232 > 30Jump to behavior
          Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: unknown FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: unknown FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: unknown FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: unknown FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: unknown FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: unknown FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: unknown FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: unknown FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeFile Volume queried: unknown FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe, 00000000.00000002.3895440420.000000001C050000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll~
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess information queried: ProcessInformationJump to behavior

          Anti Debugging

          barindex
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess Stats: CPU usage > 42% for more than 60s
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeProcess token adjusted: DebugJump to behavior
          Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeMemory allocated: page read and write | page guardJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeQueries volume information: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe, 00000000.00000002.3895440420.000000001C050000.00000004.00000020.00020000.00000000.sdmp, 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe, 00000000.00000002.3895440420.000000001C0B9000.00000004.00000020.00020000.00000000.sdmp, 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe, 00000000.00000002.3891511058.00000000012F8000.00000004.00000020.00020000.00000000.sdmp, 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe, 00000000.00000002.3895440420.000000001C099000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
          Source: C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

          Stealing of Sensitive Information

          barindex
          Source: Yara matchFile source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe, type: SAMPLE
          Source: Yara matchFile source: 0.0.1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe.df0000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.1442608108.0000000000DF2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe PID: 5548, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Source: Yara matchFile source: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe, type: SAMPLE
          Source: Yara matchFile source: 0.0.1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe.df0000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.1442608108.0000000000DF2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe PID: 5548, type: MEMORYSTR
          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
          Windows Management Instrumentation
          1
          DLL Side-Loading
          1
          DLL Side-Loading
          1
          Disable or Modify Tools
          1
          Input Capture
          221
          Security Software Discovery
          Remote Services1
          Input Capture
          1
          Encrypted Channel
          Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts232
          Virtualization/Sandbox Evasion
          LSASS Memory1
          Process Discovery
          Remote Desktop Protocol11
          Archive Collected Data
          1
          Non-Standard Port
          Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
          Deobfuscate/Decode Files or Information
          Security Account Manager232
          Virtualization/Sandbox Evasion
          SMB/Windows Admin SharesData from Network Shared Drive1
          Application Layer Protocol
          Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
          Obfuscated Files or Information
          NTDS1
          Application Window Discovery
          Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
          Software Packing
          LSA Secrets13
          System Information Discovery
          SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          DLL Side-Loading
          Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 1598375 Sample: 1737701404df2e7c825ea690fee... Startdate: 24/01/2025 Architecture: WINDOWS Score: 100 11 Suricata IDS alerts for network traffic 2->11 13 Found malware configuration 2->13 15 Malicious sample detected (through community Yara rule) 2->15 17 10 other signatures 2->17 5 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe 2 2->5         started        process3 dnsIp4 9 85.31.47.24, 1888, 49704, 49705 CLOUDCOMPUTINGDE Germany 5->9 19 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 5->19 21 Found potential dummy code loops (likely to delay analysis) 5->21 signatures5

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand
          SourceDetectionScannerLabelLink
          1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe74%VirustotalBrowse
          1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe84%ReversingLabsByteCode-MSIL.Spyware.AsyncRAT
          1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe100%AviraTR/Spy.Gen
          1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe100%Joe Sandbox ML
          No Antivirus matches
          No Antivirus matches
          No Antivirus matches
          SourceDetectionScannerLabelLink
          85.31.47.240%Avira URL Cloudsafe

          Download Network PCAP: filteredfull

          No contacted domains info
          NameMaliciousAntivirus DetectionReputation
          85.31.47.24true
          • Avira URL Cloud: safe
          unknown
          NameSourceMaliciousAntivirus DetectionReputation
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe, 00000000.00000002.3893737939.00000000030E1000.00000004.00000800.00020000.00000000.sdmpfalse
            high
            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs
            IPDomainCountryFlagASNASN NameMalicious
            85.31.47.24
            unknownGermany
            43659CLOUDCOMPUTINGDEtrue
            Joe Sandbox version:42.0.0 Malachite
            Analysis ID:1598375
            Start date and time:2025-01-24 07:58:38 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 6m 55s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:5
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Sample name:1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe
            Detection:MAL
            Classification:mal100.troj.spyw.evad.winEXE@1/0@0/1
            EGA Information:
            • Successful, ratio: 100%
            HCA Information:
            • Successful, ratio: 100%
            • Number of executed functions: 3
            • Number of non-executed functions: 1
            Cookbook Comments:
            • Found application associated with file extension: .exe
            • Override analysis time to 240000 for current running targets taking high CPU consumption
            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
            • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.45
            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
            • Not all processes where analyzed, report is missing behavior information
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.
            TimeTypeDescription
            01:59:48API Interceptor13458057x Sleep call for process: 1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe modified
            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            85.31.47.2417377014056a69536ab12b0f859a66de89b12706e344abb5fe3544307ca437beeb04f04531790.dat-decoded.exeGet hashmaliciousXWormBrowse
              1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeGet hashmaliciousXWormBrowse
                1737093845fa524ebf195ac8a9f4732d7ce215bdebbbcad650b27a4f718c7cf3432f4a94fc618.dat-decoded.exeGet hashmaliciousXWormBrowse
                  17370524479f15d0891d2a1787b99e1cc15981f0e6b8193a68e4b415d1a054aa4ccae688ea843.dat-decoded.exeGet hashmaliciousXWormBrowse
                    No context
                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    CLOUDCOMPUTINGDE17377014056a69536ab12b0f859a66de89b12706e344abb5fe3544307ca437beeb04f04531790.dat-decoded.exeGet hashmaliciousXWormBrowse
                    • 85.31.47.24
                    1737701404fa7085385bfb79cbd0d6f35547f75f57270f2f6ee97e206b79cdebcd0ddf2d49957.dat-decoded.exeGet hashmaliciousXWormBrowse
                    • 85.31.47.24
                    1737093845fa524ebf195ac8a9f4732d7ce215bdebbbcad650b27a4f718c7cf3432f4a94fc618.dat-decoded.exeGet hashmaliciousXWormBrowse
                    • 85.31.47.24
                    17370524479f15d0891d2a1787b99e1cc15981f0e6b8193a68e4b415d1a054aa4ccae688ea843.dat-decoded.exeGet hashmaliciousXWormBrowse
                    • 85.31.47.24
                    New Order Inquiry.exeGet hashmaliciousRemcosBrowse
                    • 80.76.51.19
                    file.exeGet hashmaliciousDarkVision RatBrowse
                    • 85.31.47.116
                    Inquiry List.docGet hashmaliciousDarkVision RatBrowse
                    • 85.31.47.116
                    same.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, Vidar, XWormBrowse
                    • 80.76.51.73
                    onlysteal.exeGet hashmaliciousDCRatBrowse
                    • 185.216.71.25
                    WC2SD38tcf.exeGet hashmaliciousStealcBrowse
                    • 185.216.71.4
                    No context
                    No context
                    No created / dropped files found
                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                    Entropy (8bit):5.61176229676162
                    TrID:
                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                    • Win32 Executable (generic) a (10002005/4) 49.75%
                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                    • Windows Screen Saver (13104/52) 0.07%
                    • Generic Win/DOS Executable (2004/3) 0.01%
                    File name:1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe
                    File size:36'864 bytes
                    MD5:c68b61002017f7c4e1b631191bd8b73b
                    SHA1:e49b699e7bc47686123a2aab0447569c0934a8f4
                    SHA256:f29265a2b0ef4c66b0a5ae64621ba86f02f5ccdc52e48636925c1b1560aee7a4
                    SHA512:d195c39f1c69e2ef8c92af14791b16059776488abb00b96ff2051140620161114333529041ff4df65522dea2c0efe7ba2d21ee131b2fb72a63d32bc6189088c5
                    SSDEEP:768:zL13A5Uno9RfHWa2B71eo8icHyEWbFb9YDOMhmQXvs:nxA5Uno9JHWXZeNicHyESFb9YDOMs6s
                    TLSH:89F24B48BBE04216D9ED6BF5697372020674EA13D917EB4E4CD485DB6F23BC48D013EA
                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...I..g................................. ........@.. ....................................@................................
                    Icon Hash:00928e8e8686b000
                    Entrypoint:0x40a5ee
                    Entrypoint Section:.text
                    Digitally signed:false
                    Imagebase:0x400000
                    Subsystem:windows gui
                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Time Stamp:0x678F9649 [Tue Jan 21 12:42:49 2025 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:
                    OS Version Major:4
                    OS Version Minor:0
                    File Version Major:4
                    File Version Minor:0
                    Subsystem Version Major:4
                    Subsystem Version Minor:0
                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                    Instruction
                    jmp dword ptr [00402000h]
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IMPORT0xa5940x57.text
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x4d8.rsrc
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xe0000xc.reloc
                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    .text0x20000x85f40x8600cc8ce7477fdbf6cc449fdc39c8f1f158False0.49897971082089554data5.747307780972704IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    .rsrc0xc0000x4d80x6002472af5ddbb53779b7381f16b8b9407bFalse0.3756510416666667data3.7216503306685733IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                    .reloc0xe0000xc0x200fd3ac7fbb8a34dc91e775b7c64e87bbcFalse0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                    NameRVASizeTypeLanguageCountryZLIB Complexity
                    RT_VERSION0xc0a00x244data0.4724137931034483
                    RT_MANIFEST0xc2e80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041
                    DLLImport
                    mscoree.dll_CorExeMain

                    Download Network PCAP: filteredfull

                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                    2025-01-24T08:00:48.253252+01002855924ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.84972785.31.47.241888TCP
                    2025-01-24T08:02:56.133476+01002853193ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.85002185.31.47.241888TCP
                    TimestampSource PortDest PortSource IPDest IP
                    Jan 24, 2025 07:59:45.279956102 CET497041888192.168.2.885.31.47.24
                    Jan 24, 2025 07:59:45.284833908 CET18884970485.31.47.24192.168.2.8
                    Jan 24, 2025 07:59:45.284924984 CET497041888192.168.2.885.31.47.24
                    Jan 24, 2025 07:59:45.500359058 CET497041888192.168.2.885.31.47.24
                    Jan 24, 2025 07:59:45.505199909 CET18884970485.31.47.24192.168.2.8
                    Jan 24, 2025 07:59:47.026345015 CET18884970485.31.47.24192.168.2.8
                    Jan 24, 2025 07:59:47.026417017 CET497041888192.168.2.885.31.47.24
                    Jan 24, 2025 07:59:49.648430109 CET497041888192.168.2.885.31.47.24
                    Jan 24, 2025 07:59:49.650837898 CET497051888192.168.2.885.31.47.24
                    Jan 24, 2025 07:59:49.653265953 CET18884970485.31.47.24192.168.2.8
                    Jan 24, 2025 07:59:49.656301022 CET18884970585.31.47.24192.168.2.8
                    Jan 24, 2025 07:59:49.656466007 CET497051888192.168.2.885.31.47.24
                    Jan 24, 2025 07:59:49.675688982 CET497051888192.168.2.885.31.47.24
                    Jan 24, 2025 07:59:49.680486917 CET18884970585.31.47.24192.168.2.8
                    Jan 24, 2025 07:59:51.378223896 CET18884970585.31.47.24192.168.2.8
                    Jan 24, 2025 07:59:51.378341913 CET497051888192.168.2.885.31.47.24
                    Jan 24, 2025 07:59:53.148478985 CET497051888192.168.2.885.31.47.24
                    Jan 24, 2025 07:59:53.149542093 CET497061888192.168.2.885.31.47.24
                    Jan 24, 2025 07:59:53.153264046 CET18884970585.31.47.24192.168.2.8
                    Jan 24, 2025 07:59:53.154341936 CET18884970685.31.47.24192.168.2.8
                    Jan 24, 2025 07:59:53.154416084 CET497061888192.168.2.885.31.47.24
                    Jan 24, 2025 07:59:53.171700954 CET497061888192.168.2.885.31.47.24
                    Jan 24, 2025 07:59:53.176597118 CET18884970685.31.47.24192.168.2.8
                    Jan 24, 2025 07:59:54.898118973 CET18884970685.31.47.24192.168.2.8
                    Jan 24, 2025 07:59:54.898297071 CET497061888192.168.2.885.31.47.24
                    Jan 24, 2025 07:59:56.883539915 CET497061888192.168.2.885.31.47.24
                    Jan 24, 2025 07:59:56.885277033 CET497111888192.168.2.885.31.47.24
                    Jan 24, 2025 07:59:56.888422966 CET18884970685.31.47.24192.168.2.8
                    Jan 24, 2025 07:59:56.890072107 CET18884971185.31.47.24192.168.2.8
                    Jan 24, 2025 07:59:56.890130043 CET497111888192.168.2.885.31.47.24
                    Jan 24, 2025 07:59:56.916830063 CET497111888192.168.2.885.31.47.24
                    Jan 24, 2025 07:59:56.921719074 CET18884971185.31.47.24192.168.2.8
                    Jan 24, 2025 07:59:58.635864019 CET18884971185.31.47.24192.168.2.8
                    Jan 24, 2025 07:59:58.635925055 CET497111888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:00.976793051 CET497111888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:00.978631973 CET497121888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:00.982108116 CET18884971185.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:00.983562946 CET18884971285.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:00.983676910 CET497121888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:00.999572039 CET497121888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:01.004962921 CET18884971285.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:02.729918957 CET18884971285.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:02.730036974 CET497121888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:05.398806095 CET497121888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:05.400667906 CET497131888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:05.403592110 CET18884971285.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:05.405440092 CET18884971385.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:05.405699015 CET497131888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:05.422368050 CET497131888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:05.427283049 CET18884971385.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:07.165049076 CET18884971385.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:07.165177107 CET497131888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:10.523411036 CET497131888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:10.524348021 CET497141888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:10.528227091 CET18884971385.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:10.529114008 CET18884971485.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:10.529306889 CET497141888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:10.545773983 CET497141888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:10.550623894 CET18884971485.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:12.254262924 CET18884971485.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:12.254441977 CET497141888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:14.867152929 CET497141888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:14.867883921 CET497151888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:14.871946096 CET18884971485.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:14.872761965 CET18884971585.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:14.872855902 CET497151888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:14.891019106 CET497151888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:14.895823956 CET18884971585.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:16.614048958 CET18884971585.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:16.614140987 CET497151888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:19.367746115 CET497151888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:19.368628025 CET497161888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:19.374197006 CET18884971585.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:19.374238968 CET18884971685.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:19.374325991 CET497161888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:19.392358065 CET497161888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:19.397181034 CET18884971685.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:21.114645004 CET18884971685.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:21.114809036 CET497161888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:22.976690054 CET497161888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:22.977395058 CET497171888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:22.981518030 CET18884971685.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:22.982209921 CET18884971785.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:22.982312918 CET497171888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:22.997556925 CET497171888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:23.002413034 CET18884971785.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:24.744388103 CET18884971785.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:24.744584084 CET497171888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:26.915661097 CET497171888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:26.917697906 CET497181888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:26.920650959 CET18884971785.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:26.922918081 CET18884971885.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:26.923002005 CET497181888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:26.968008995 CET497181888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:26.972860098 CET18884971885.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:28.661443949 CET18884971885.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:28.661545038 CET497181888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:29.939306021 CET497181888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:29.942094088 CET497191888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:29.944226027 CET18884971885.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:29.946979046 CET18884971985.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:29.947086096 CET497191888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:29.971880913 CET497191888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:29.976703882 CET18884971985.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:31.675745010 CET18884971985.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:31.675816059 CET497191888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:33.149893045 CET497191888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:33.154762030 CET18884971985.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:33.160187006 CET497211888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:33.165102005 CET18884972185.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:33.165206909 CET497211888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:33.203533888 CET497211888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:33.208424091 CET18884972185.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:34.894787073 CET18884972185.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:34.894860983 CET497211888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:36.257942915 CET497211888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:36.258734941 CET497221888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:36.262742996 CET18884972185.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:36.263520956 CET18884972285.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:36.263621092 CET497221888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:36.279833078 CET497221888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:36.284930944 CET18884972285.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:38.008325100 CET18884972285.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:38.008416891 CET497221888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:39.164824009 CET497221888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:39.167424917 CET497231888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:39.169789076 CET18884972285.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:39.172322989 CET18884972385.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:39.172406912 CET497231888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:39.199861050 CET497231888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:39.204682112 CET18884972385.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:40.897286892 CET18884972385.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:40.897464991 CET497231888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:41.023566008 CET497231888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:41.024292946 CET497241888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:41.028815031 CET18884972385.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:41.029217005 CET18884972485.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:41.029349089 CET497241888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:41.045540094 CET497241888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:41.050391912 CET18884972485.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:42.771161079 CET18884972485.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:42.772285938 CET497241888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:42.773611069 CET497241888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:42.775186062 CET497251888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:42.778455973 CET18884972485.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:42.779978991 CET18884972585.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:42.780158997 CET497251888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:42.800498962 CET497251888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:42.805350065 CET18884972585.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:44.546386003 CET18884972585.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:44.549237013 CET497251888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:44.670425892 CET497251888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:44.677623987 CET18884972585.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:44.739866018 CET497261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:44.746767998 CET18884972685.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:44.746857882 CET497261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:44.901875973 CET497261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:44.906801939 CET18884972685.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:46.510154963 CET18884972685.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:46.510229111 CET497261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:46.602045059 CET497261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:46.604554892 CET497271888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:46.606908083 CET18884972685.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:46.609419107 CET18884972785.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:46.609544992 CET497271888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:46.627940893 CET497271888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:46.632837057 CET18884972785.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:48.253252029 CET497271888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:48.258419037 CET18884972785.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:48.367351055 CET18884972785.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:48.367458105 CET497271888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:48.367595911 CET497271888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:48.369362116 CET497281888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:48.372376919 CET18884972785.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:48.374202013 CET18884972885.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:48.374303102 CET497281888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:48.413410902 CET497281888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:48.418435097 CET18884972885.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:48.477197886 CET497281888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:48.482156992 CET18884972885.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:48.492518902 CET497281888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:48.497422934 CET18884972885.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:50.113455057 CET18884972885.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:50.113607883 CET497281888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:53.540599108 CET497301888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:53.540599108 CET497281888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:53.545428991 CET18884973085.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:53.545444012 CET18884972885.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:53.545559883 CET497301888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:53.622155905 CET497301888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:53.626985073 CET18884973085.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:53.758158922 CET497301888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:53.763174057 CET18884973085.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:55.285397053 CET18884973085.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:55.285540104 CET497301888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:58.632781982 CET497301888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:58.633810043 CET497631888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:58.637578964 CET18884973085.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:58.638668060 CET18884976385.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:58.638783932 CET497631888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:58.675486088 CET497631888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:58.680326939 CET18884976385.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:58.726666927 CET497631888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:58.731493950 CET18884976385.31.47.24192.168.2.8
                    Jan 24, 2025 08:00:58.757961035 CET497631888192.168.2.885.31.47.24
                    Jan 24, 2025 08:00:58.762768984 CET18884976385.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:00.370398045 CET18884976385.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:00.372864008 CET497631888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:03.851963043 CET497631888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:03.853173018 CET497951888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:03.857275963 CET18884976385.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:03.858077049 CET18884979585.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:03.858156919 CET497951888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:03.904968023 CET497951888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:03.910218000 CET18884979585.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:05.599857092 CET18884979585.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:05.599967957 CET497951888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:08.929759026 CET497951888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:08.931628942 CET498201888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:08.934777975 CET18884979585.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:08.936628103 CET18884982085.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:08.936739922 CET498201888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:09.018476009 CET498201888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:09.023365974 CET18884982085.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:10.693912983 CET18884982085.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:10.694078922 CET498201888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:14.055543900 CET498201888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:14.061652899 CET18884982085.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:14.094506025 CET498491888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:14.099509001 CET18884984985.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:14.100701094 CET498491888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:14.377379894 CET498491888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:14.382177114 CET18884984985.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:15.852091074 CET18884984985.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:15.852199078 CET498491888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:19.758142948 CET498491888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:19.760992050 CET498771888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:19.764568090 CET18884984985.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:19.767134905 CET18884987785.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:19.767229080 CET498771888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:19.809732914 CET498771888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:19.815093040 CET18884987785.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:19.945610046 CET498771888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:19.952889919 CET18884987785.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:20.039369106 CET498771888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:20.044363022 CET18884987785.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:21.526781082 CET18884987785.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:21.526833057 CET498771888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:25.078321934 CET498771888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:25.080321074 CET499091888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:25.084677935 CET18884987785.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:25.086487055 CET18884990985.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:25.088567972 CET499091888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:25.172513008 CET499091888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:25.178736925 CET18884990985.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:26.817172050 CET18884990985.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:26.817317963 CET499091888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:30.211297989 CET499091888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:30.212362051 CET499431888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:30.216691971 CET18884990985.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:30.217649937 CET18884994385.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:30.218324900 CET499431888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:30.456469059 CET499431888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:30.461657047 CET18884994385.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:30.727255106 CET499431888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:30.732280016 CET18884994385.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:31.164361000 CET499431888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:31.170876980 CET18884994385.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:31.195719004 CET499431888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:31.202758074 CET18884994385.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:31.211298943 CET499431888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:31.219403982 CET18884994385.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:31.971014977 CET18884994385.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:31.971076012 CET499431888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:36.242423058 CET499431888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:36.244049072 CET499821888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:36.247549057 CET18884994385.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:36.249612093 CET18884998285.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:36.249859095 CET499821888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:36.436230898 CET499821888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:36.442089081 CET18884998285.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:38.009397030 CET18884998285.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:38.009454012 CET499821888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:41.464092016 CET499821888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:41.466339111 CET500071888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:41.468923092 CET18884998285.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:41.471198082 CET18885000785.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:41.471263885 CET500071888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:41.561291933 CET500071888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:41.566118002 CET18885000785.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:43.207993031 CET18885000785.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:43.208053112 CET500071888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:46.773746967 CET500071888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:46.776889086 CET500081888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:46.778811932 CET18885000785.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:46.781780005 CET18885000885.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:46.783679008 CET500081888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:47.252151012 CET500081888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:47.257085085 CET18885000885.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:48.521013975 CET18885000885.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:48.524374008 CET500081888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:52.320374966 CET500081888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:52.321455956 CET500091888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:52.326030970 CET18885000885.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:52.327168941 CET18885000985.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:52.327337980 CET500091888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:52.424213886 CET500091888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:52.431653976 CET18885000985.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:54.076628923 CET18885000985.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:54.076744080 CET500091888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:57.570493937 CET500091888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:57.573503971 CET500101888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:57.575331926 CET18885000985.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:57.578386068 CET18885001085.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:57.578452110 CET500101888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:57.617594004 CET500101888192.168.2.885.31.47.24
                    Jan 24, 2025 08:01:57.622586012 CET18885001085.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:59.302433968 CET18885001085.31.47.24192.168.2.8
                    Jan 24, 2025 08:01:59.302500963 CET500101888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:02.648479939 CET500101888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:02.650513887 CET500111888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:02.657351971 CET18885001085.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:02.659784079 CET18885001185.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:02.660358906 CET500111888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:02.726268053 CET500111888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:02.734189987 CET18885001185.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:04.398319960 CET18885001185.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:04.398437023 CET500111888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:07.804765940 CET500111888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:07.807205915 CET500121888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:07.809726954 CET18885001185.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:07.812021017 CET18885001285.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:07.812144041 CET500121888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:07.846630096 CET500121888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:07.851391077 CET18885001285.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:07.867456913 CET500121888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:07.872226954 CET18885001285.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:07.883112907 CET500121888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:07.888268948 CET18885001285.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:07.898699045 CET500121888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:07.906295061 CET18885001285.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:07.961329937 CET500121888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:07.966850042 CET18885001285.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:08.727027893 CET500121888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:08.732075930 CET18885001285.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:09.150352001 CET500121888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:09.155221939 CET18885001285.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:09.554603100 CET18885001285.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:09.554723978 CET500121888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:12.909408092 CET500121888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:12.911556005 CET500131888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:12.914370060 CET18885001285.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:12.916459084 CET18885001385.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:12.916538954 CET500131888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:12.976526976 CET500131888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:12.981504917 CET18885001385.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:13.023801088 CET500131888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:13.028623104 CET18885001385.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:14.646378994 CET18885001385.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:14.646598101 CET500131888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:18.107435942 CET500131888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:18.111028910 CET500141888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:18.114384890 CET18885001385.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:18.116884947 CET18885001485.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:18.116962910 CET500141888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:18.514758110 CET500141888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:18.519774914 CET18885001485.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:19.857270956 CET18885001485.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:19.857331038 CET500141888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:23.602036953 CET500141888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:23.604854107 CET500151888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:23.608201981 CET18885001485.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:23.610964060 CET18885001585.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:23.611017942 CET500151888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:23.670094013 CET500151888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:23.676321983 CET18885001585.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:23.742796898 CET500151888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:23.754292011 CET18885001585.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:23.946372032 CET500151888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:23.951165915 CET18885001585.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:23.961426020 CET500151888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:23.966298103 CET18885001585.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:24.086435080 CET500151888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:24.091216087 CET18885001585.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:25.353594065 CET18885001585.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:25.353655100 CET500151888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:29.337265015 CET500151888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:29.339133024 CET500161888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:29.342289925 CET18885001585.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:29.344016075 CET18885001685.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:29.344073057 CET500161888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:29.394659042 CET500161888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:29.399928093 CET18885001685.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:31.075309038 CET18885001685.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:31.075942993 CET500161888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:34.415045977 CET500161888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:34.416119099 CET500171888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:34.419910908 CET18885001685.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:34.421022892 CET18885001785.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:34.421571970 CET500171888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:34.694305897 CET500171888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:34.699186087 CET18885001785.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:36.179518938 CET18885001785.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:36.179579020 CET500171888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:40.055051088 CET500171888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:40.059988022 CET18885001785.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:40.062289953 CET500181888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:40.067969084 CET18885001885.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:40.068043947 CET500181888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:40.102241993 CET500181888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:40.107187033 CET18885001885.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:40.195916891 CET500181888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:40.200846910 CET18885001885.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:41.812266111 CET18885001885.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:41.812319040 CET500181888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:45.134310961 CET500181888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:45.137326956 CET500191888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:45.139100075 CET18885001885.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:45.142103910 CET18885001985.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:45.142309904 CET500191888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:45.335433960 CET500191888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:45.343311071 CET18885001985.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:45.430025101 CET500191888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:45.434812069 CET18885001985.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:46.893059015 CET18885001985.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:46.894301891 CET500191888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:50.641380072 CET500191888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:50.646198988 CET18885001985.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:50.679492950 CET500201888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:50.684288025 CET18885002085.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:50.684885979 CET500201888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:50.785823107 CET500201888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:50.791620970 CET18885002085.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:50.792542934 CET500201888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:50.798373938 CET18885002085.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:52.555269003 CET18885002085.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:52.555493116 CET500201888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:55.820564985 CET500201888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:55.824486017 CET500211888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:55.825510025 CET18885002085.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:55.829313993 CET18885002185.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:55.829375029 CET500211888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:55.873843908 CET500211888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:55.878797054 CET18885002185.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:55.930740118 CET500211888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:55.935663939 CET18885002185.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:55.945889950 CET500211888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:55.951955080 CET18885002185.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:55.977211952 CET500211888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:55.982373953 CET18885002185.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:56.133476019 CET500211888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:56.140274048 CET18885002185.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:56.148920059 CET500211888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:56.156505108 CET18885002185.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:56.195683956 CET500211888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:56.200850964 CET18885002185.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:56.211345911 CET500211888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:56.216422081 CET18885002185.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:56.227054119 CET500211888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:56.234358072 CET18885002185.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:56.258239031 CET500211888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:56.265283108 CET18885002185.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:56.273997068 CET500211888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:56.282141924 CET18885002185.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:56.320784092 CET500211888192.168.2.885.31.47.24
                    Jan 24, 2025 08:02:56.328912020 CET18885002185.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:57.617059946 CET18885002185.31.47.24192.168.2.8
                    Jan 24, 2025 08:02:57.617139101 CET500211888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:01.351861000 CET500211888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:01.353231907 CET500221888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:01.359771967 CET18885002185.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:01.361403942 CET18885002285.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:01.361512899 CET500221888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:01.393235922 CET500221888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:01.401057005 CET18885002285.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:01.414624929 CET500221888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:01.423403978 CET18885002285.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:03.102787971 CET18885002285.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:03.104238987 CET500221888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:06.449711084 CET500221888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:06.450267076 CET500231888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:06.454794884 CET18885002285.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:06.455238104 CET18885002385.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:06.456475019 CET500231888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:06.567543983 CET500231888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:06.572434902 CET18885002385.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:08.201486111 CET18885002385.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:08.203938007 CET500231888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:11.914355040 CET500231888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:11.916538954 CET500241888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:11.919393063 CET18885002385.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:11.921720028 CET18885002485.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:11.921942949 CET500241888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:12.112200022 CET500241888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:12.118102074 CET18885002485.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:13.670104980 CET18885002485.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:13.670222044 CET500241888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:17.141601086 CET500241888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:17.144720078 CET500251888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:17.146816015 CET18885002485.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:17.149923086 CET18885002585.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:17.149986982 CET500251888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:17.503118038 CET500251888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:17.508093119 CET18885002585.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:18.889714956 CET18885002585.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:18.889803886 CET500251888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:22.570816040 CET500251888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:22.574405909 CET500261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:22.577775955 CET18885002585.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:22.580940008 CET18885002685.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:22.581021070 CET500261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:22.621653080 CET500261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:22.628406048 CET18885002685.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:22.664582968 CET500261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:22.672436953 CET18885002685.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:22.680268049 CET500261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:22.688416958 CET18885002685.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:22.695878029 CET500261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:22.705039024 CET18885002685.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:22.711482048 CET500261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:22.720139980 CET18885002685.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:22.742741108 CET500261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:22.750638008 CET18885002685.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:22.758305073 CET500261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:22.763340950 CET18885002685.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:22.773833990 CET500261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:22.781316042 CET18885002685.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:22.806026936 CET500261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:22.811098099 CET18885002685.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:22.820785046 CET500261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:22.825925112 CET18885002685.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:22.867726088 CET500261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:22.872592926 CET18885002685.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:22.883687019 CET500261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:22.888654947 CET18885002685.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:22.899079084 CET500261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:22.904206991 CET18885002685.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:22.914757967 CET500261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:22.919883013 CET18885002685.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:22.930155039 CET500261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:22.935261965 CET18885002685.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:22.945888996 CET500261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:22.951452017 CET18885002685.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:22.961416006 CET500261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:22.966387033 CET18885002685.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:22.992679119 CET500261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:22.997634888 CET18885002685.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:23.008387089 CET500261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:23.013506889 CET18885002685.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:23.039484978 CET500261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:23.044475079 CET18885002685.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:23.055145979 CET500261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:23.060172081 CET18885002685.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:23.070786953 CET500261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:23.075697899 CET18885002685.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:24.323812962 CET18885002685.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:24.323888063 CET500261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:28.304922104 CET500261888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:28.308635950 CET500271888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:28.310054064 CET18885002685.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:28.313854933 CET18885002785.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:28.317177057 CET500271888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:28.439335108 CET500271888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:28.444350004 CET18885002785.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:28.555212975 CET500271888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:28.560342073 CET18885002785.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:30.054548025 CET18885002785.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:30.055143118 CET500271888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:33.501514912 CET500271888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:33.503985882 CET500281888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:33.506517887 CET18885002785.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:33.508862972 CET18885002885.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:33.508920908 CET500281888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:33.595410109 CET500281888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:33.600301027 CET18885002885.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:35.248569012 CET18885002885.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:35.248821020 CET500281888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:38.728781939 CET500281888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:38.728789091 CET500291888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:38.733711958 CET18885002885.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:38.733751059 CET18885002985.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:38.738234997 CET500291888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:38.843647957 CET500291888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:38.848592043 CET18885002985.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:40.486294985 CET18885002985.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:40.490515947 CET500291888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:48.727557898 CET500301888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:48.727560997 CET500291888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:48.737386942 CET18885002985.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:48.737437010 CET18885003085.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:48.737541914 CET500301888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:48.833353996 CET500301888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:48.842024088 CET18885003085.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:50.476121902 CET18885003085.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:50.476183891 CET500301888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:53.680166006 CET500301888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:53.681050062 CET500311888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:53.685144901 CET18885003085.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:53.685807943 CET18885003185.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:53.685879946 CET500311888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:53.702985048 CET500311888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:53.707802057 CET18885003185.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:55.438366890 CET18885003185.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:55.438437939 CET500311888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:57.305562019 CET500311888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:57.305568933 CET500321888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:57.310405970 CET18885003185.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:57.310857058 CET18885003285.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:57.311270952 CET500321888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:57.321927071 CET500321888192.168.2.885.31.47.24
                    Jan 24, 2025 08:03:57.327028990 CET18885003285.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:59.059160948 CET18885003285.31.47.24192.168.2.8
                    Jan 24, 2025 08:03:59.059838057 CET500321888192.168.2.885.31.47.24
                    Jan 24, 2025 08:04:06.461477995 CET500321888192.168.2.885.31.47.24
                    Jan 24, 2025 08:04:06.462430000 CET500331888192.168.2.885.31.47.24
                    Jan 24, 2025 08:04:06.466480970 CET18885003285.31.47.24192.168.2.8
                    Jan 24, 2025 08:04:06.467365980 CET18885003385.31.47.24192.168.2.8
                    Jan 24, 2025 08:04:06.467508078 CET500331888192.168.2.885.31.47.24
                    Jan 24, 2025 08:04:06.478348017 CET500331888192.168.2.885.31.47.24
                    Jan 24, 2025 08:04:06.483131886 CET18885003385.31.47.24192.168.2.8
                    Jan 24, 2025 08:04:08.198724031 CET18885003385.31.47.24192.168.2.8
                    Jan 24, 2025 08:04:08.198931932 CET500331888192.168.2.885.31.47.24
                    Jan 24, 2025 08:04:10.914392948 CET500331888192.168.2.885.31.47.24
                    Jan 24, 2025 08:04:10.914967060 CET500341888192.168.2.885.31.47.24
                    Jan 24, 2025 08:04:10.919394016 CET18885003385.31.47.24192.168.2.8
                    Jan 24, 2025 08:04:10.919965982 CET18885003485.31.47.24192.168.2.8
                    Jan 24, 2025 08:04:10.920043945 CET500341888192.168.2.885.31.47.24
                    Jan 24, 2025 08:04:10.930119991 CET500341888192.168.2.885.31.47.24
                    Jan 24, 2025 08:04:10.934998035 CET18885003485.31.47.24192.168.2.8
                    Jan 24, 2025 08:04:12.664495945 CET18885003485.31.47.24192.168.2.8
                    Jan 24, 2025 08:04:12.664587975 CET500341888192.168.2.885.31.47.24
                    Jan 24, 2025 08:04:17.883152008 CET500341888192.168.2.885.31.47.24
                    Jan 24, 2025 08:04:17.883836031 CET500351888192.168.2.885.31.47.24
                    Jan 24, 2025 08:04:17.888222933 CET18885003485.31.47.24192.168.2.8
                    Jan 24, 2025 08:04:17.888834953 CET18885003585.31.47.24192.168.2.8
                    Jan 24, 2025 08:04:17.888905048 CET500351888192.168.2.885.31.47.24
                    Jan 24, 2025 08:04:17.899965048 CET500351888192.168.2.885.31.47.24
                    Jan 24, 2025 08:04:17.904769897 CET18885003585.31.47.24192.168.2.8
                    Jan 24, 2025 08:04:19.636847019 CET18885003585.31.47.24192.168.2.8
                    Jan 24, 2025 08:04:19.636913061 CET500351888192.168.2.885.31.47.24
                    • File
                    • Registry
                    • Network

                    Click to dive into process behavior distribution

                    Target ID:0
                    Start time:01:59:37
                    Start date:24/01/2025
                    Path:C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Users\user\Desktop\1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95f759630.dat-decoded.exe"
                    Imagebase:0xdf0000
                    File size:36'864 bytes
                    MD5 hash:C68B61002017F7C4E1B631191BD8B73B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000000.1442608108.0000000000DF2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                    • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000000.1442608108.0000000000DF2000.00000002.00000001.01000000.00000003.sdmp, Author: ditekSHen
                    Reputation:low
                    Has exited:false
                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                    Execution Graph

                    Execution Coverage

                    Dynamic/Packed Code Coverage

                    Signature Coverage

                    Execution Coverage:19.2%
                    Dynamic/Decrypted Code Coverage:100%
                    Signature Coverage:0%
                    Total number of Nodes:3
                    Total number of Limit Nodes:0
                    Show Legend
                    Hide Nodes/Edges
                    execution_graph 3667 7ffb4ae91be8 3668 7ffb4ae91bf1 SetWindowsHookExW 3667->3668 3670 7ffb4ae91cc1 3668->3670

                    Executed Functions

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 183 7ffb4ae968e6-7ffb4ae968f3 184 7ffb4ae968f5-7ffb4ae968fd 183->184 185 7ffb4ae968fe-7ffb4ae969c7 183->185 184->185 189 7ffb4ae96a33 185->189 190 7ffb4ae969c9-7ffb4ae969d2 185->190 192 7ffb4ae96a35-7ffb4ae96a5a 189->192 190->189 191 7ffb4ae969d4-7ffb4ae969e0 190->191 193 7ffb4ae96a19-7ffb4ae96a31 191->193 194 7ffb4ae969e2-7ffb4ae969f4 191->194 198 7ffb4ae96ac6 192->198 199 7ffb4ae96a5c-7ffb4ae96a65 192->199 193->192 196 7ffb4ae969f6 194->196 197 7ffb4ae969f8-7ffb4ae96a0b 194->197 196->197 197->197 200 7ffb4ae96a0d-7ffb4ae96a15 197->200 202 7ffb4ae96ac8-7ffb4ae96b70 198->202 199->198 201 7ffb4ae96a67-7ffb4ae96a73 199->201 200->193 203 7ffb4ae96a75-7ffb4ae96a87 201->203 204 7ffb4ae96aac-7ffb4ae96ac4 201->204 213 7ffb4ae96bde 202->213 214 7ffb4ae96b72-7ffb4ae96b7c 202->214 205 7ffb4ae96a89 203->205 206 7ffb4ae96a8b-7ffb4ae96a9e 203->206 204->202 205->206 206->206 208 7ffb4ae96aa0-7ffb4ae96aa8 206->208 208->204 216 7ffb4ae96be0-7ffb4ae96c09 213->216 214->213 215 7ffb4ae96b7e-7ffb4ae96b8b 214->215 217 7ffb4ae96bc4-7ffb4ae96bdc 215->217 218 7ffb4ae96b8d-7ffb4ae96b9f 215->218 223 7ffb4ae96c73 216->223 224 7ffb4ae96c0b-7ffb4ae96c16 216->224 217->216 219 7ffb4ae96ba3-7ffb4ae96bb6 218->219 220 7ffb4ae96ba1 218->220 219->219 222 7ffb4ae96bb8-7ffb4ae96bc0 219->222 220->219 222->217 225 7ffb4ae96c75-7ffb4ae96d06 223->225 224->223 226 7ffb4ae96c18-7ffb4ae96c26 224->226 234 7ffb4ae96d0c-7ffb4ae96d1b 225->234 227 7ffb4ae96c28-7ffb4ae96c3a 226->227 228 7ffb4ae96c5f-7ffb4ae96c71 226->228 229 7ffb4ae96c3c 227->229 230 7ffb4ae96c3e-7ffb4ae96c51 227->230 228->225 229->230 230->230 232 7ffb4ae96c53-7ffb4ae96c5b 230->232 232->228 235 7ffb4ae96d23-7ffb4ae96d88 call 7ffb4ae96da4 234->235 236 7ffb4ae96d1d 234->236 243 7ffb4ae96d8a 235->243 244 7ffb4ae96d8f-7ffb4ae96da2 235->244 236->235 243->244
                    Memory Dump Source
                    • Source File: 00000000.00000002.3896065951.00007FFB4AE90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AE90000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ffb4ae90000_1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ad5ed8bf2e17005fe38d044c0d4bb9bc755f3b268b1d19f0b5be73217e5ec845
                    • Instruction ID: ac83cd9397b960600c19fdd49f04b6e30775cf0009b6225ed1a30f84aa7eed69
                    • Opcode Fuzzy Hash: ad5ed8bf2e17005fe38d044c0d4bb9bc755f3b268b1d19f0b5be73217e5ec845
                    • Instruction Fuzzy Hash: 6FF1D37090CA4D8FEBA8EF28C8557E977E5FF58310F1442AAE85DC7291DB3498458B82

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 245 7ffb4ae97692-7ffb4ae9769f 246 7ffb4ae976aa-7ffb4ae97777 245->246 247 7ffb4ae976a1-7ffb4ae976a9 245->247 251 7ffb4ae977e3 246->251 252 7ffb4ae97779-7ffb4ae97782 246->252 247->246 253 7ffb4ae977e5-7ffb4ae9780a 251->253 252->251 254 7ffb4ae97784-7ffb4ae97790 252->254 260 7ffb4ae97876 253->260 261 7ffb4ae9780c-7ffb4ae97815 253->261 255 7ffb4ae977c9-7ffb4ae977e1 254->255 256 7ffb4ae97792-7ffb4ae977a4 254->256 255->253 258 7ffb4ae977a6 256->258 259 7ffb4ae977a8-7ffb4ae977bb 256->259 258->259 259->259 262 7ffb4ae977bd-7ffb4ae977c5 259->262 264 7ffb4ae97878-7ffb4ae9789d 260->264 261->260 263 7ffb4ae97817-7ffb4ae97823 261->263 262->255 265 7ffb4ae97825-7ffb4ae97837 263->265 266 7ffb4ae9785c-7ffb4ae97874 263->266 271 7ffb4ae9790b 264->271 272 7ffb4ae9789f-7ffb4ae978a9 264->272 267 7ffb4ae97839 265->267 268 7ffb4ae9783b-7ffb4ae9784e 265->268 266->264 267->268 268->268 270 7ffb4ae97850-7ffb4ae97858 268->270 270->266 273 7ffb4ae9790d-7ffb4ae9793b 271->273 272->271 274 7ffb4ae978ab-7ffb4ae978b8 272->274 281 7ffb4ae979ab 273->281 282 7ffb4ae9793d-7ffb4ae97948 273->282 275 7ffb4ae978ba-7ffb4ae978cc 274->275 276 7ffb4ae978f1-7ffb4ae97909 274->276 277 7ffb4ae978ce 275->277 278 7ffb4ae978d0-7ffb4ae978e3 275->278 276->273 277->278 278->278 280 7ffb4ae978e5-7ffb4ae978ed 278->280 280->276 283 7ffb4ae979ad-7ffb4ae97a85 281->283 282->281 284 7ffb4ae9794a-7ffb4ae97958 282->284 294 7ffb4ae97a8b-7ffb4ae97a9a 283->294 285 7ffb4ae9795a-7ffb4ae9796c 284->285 286 7ffb4ae97991-7ffb4ae979a9 284->286 288 7ffb4ae9796e 285->288 289 7ffb4ae97970-7ffb4ae97983 285->289 286->283 288->289 289->289 291 7ffb4ae97985-7ffb4ae9798d 289->291 291->286 295 7ffb4ae97a9c 294->295 296 7ffb4ae97aa2-7ffb4ae97b04 call 7ffb4ae97b20 294->296 295->296 303 7ffb4ae97b06 296->303 304 7ffb4ae97b0b-7ffb4ae97b1e 296->304 303->304
                    Memory Dump Source
                    • Source File: 00000000.00000002.3896065951.00007FFB4AE90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AE90000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ffb4ae90000_1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1e6217db95a0e7dd2467eac259886f0c171b8fab3e93fe6df949578ff0c0e305
                    • Instruction ID: 8fce33ddfe1074971514c1f3f3b2dcf7f684084af686a610fcaf338e859fdd48
                    • Opcode Fuzzy Hash: 1e6217db95a0e7dd2467eac259886f0c171b8fab3e93fe6df949578ff0c0e305
                    • Instruction Fuzzy Hash: 17E1E5B090CA4D8FEBA8EF28C8557E977E5FF58310F2442AED85DC7291DE7498448782

                    Control-flow Graph

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.3896065951.00007FFB4AE90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AE90000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ffb4ae90000_1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95.jbxd
                    Similarity
                    • API ID: HookWindows
                    • String ID:
                    • API String ID: 2559412058-0
                    • Opcode ID: c742da96180528335adbf7eb7f082d34f4c932b4b8fafd3d3d3d6effdd5aa4a8
                    • Instruction ID: bdae07d37032af7df0c1513f2c3b9bb481a8c242ca62de14d702ba8d32cb2de4
                    • Opcode Fuzzy Hash: c742da96180528335adbf7eb7f082d34f4c932b4b8fafd3d3d3d6effdd5aa4a8
                    • Instruction Fuzzy Hash: E941187090CA4C8FDB58EF6CD8466F9BBE5FF59321F14027ED049C3292CA65A85287C1

                    Non-executed Functions

                    Memory Dump Source
                    • Source File: 00000000.00000002.3896065951.00007FFB4AE90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AE90000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ffb4ae90000_1737701404df2e7c825ea690fee7791c11c4d92b123d433c354b4b740f5cc170482f95.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: babd5ce262840fc9c73e360172f2e23df5b8462b48d20f4f08d697658bdf4c14
                    • Instruction ID: 256eacc84cb8e8056fc2c429b3ab491d38422ebaec228bc1a8d40136ece8e79e
                    • Opcode Fuzzy Hash: babd5ce262840fc9c73e360172f2e23df5b8462b48d20f4f08d697658bdf4c14
                    • Instruction Fuzzy Hash: C9C1E83190DB4C4FDB19EFA8D8466E9BBF5FF56320F1442AED049D3292CA746806CB91