Edit tour

Windows Analysis Report
XClient.exe

Overview

General Information

Sample name:XClient.exe
Analysis ID:1598395
MD5:50ec04534e38d67176441227c05aa05a
SHA1:11d09f5856a6945672b1ea9958564bfb4340afdc
SHA256:a30de15c722fcba44ba069647c3de78dd5d15834ffd9faad60a4569252f495f7
Tags:exeXWormuser-lontze7
Infos:

Detection

XWorm
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected XWorm
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Found potential dummy code loops (likely to delay analysis)
Joe Sandbox ML detected suspicious sample
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Program does not show much activity (idle)
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • XClient.exe (PID: 7444 cmdline: "C:\Users\user\Desktop\XClient.exe" MD5: 50EC04534E38D67176441227C05AA05A)
  • cleanup
{
  "C2 url": [
    "45.32.153.7",
    "127.0.0.1"
  ],
  "Port": 7000,
  "Aes key": "<123456789>",
  "SPL": "<Xwormmm>",
  "Install file": "USB.exe",
  "Version": "XWorm V5.6"
}
SourceRuleDescriptionAuthorStrings
XClient.exeJoeSecurity_XWormYara detected XWormJoe Security
    XClient.exerat_win_xworm_v3Finds XWorm (version XClient, v3) samples based on characteristic stringsSekoia.io
    • 0x58a9:$str01: $VB$Local_Port
    • 0x589a:$str02: $VB$Local_Host
    • 0x5ba0:$str03: get_Jpeg
    • 0x5552:$str04: get_ServicePack
    • 0x656e:$str05: Select * from AntivirusProduct
    • 0x676c:$str06: PCRestart
    • 0x6780:$str07: shutdown.exe /f /r /t 0
    • 0x6832:$str08: StopReport
    • 0x6808:$str09: StopDDos
    • 0x68fe:$str10: sendPlugin
    • 0x697e:$str11: OfflineKeylogger Not Enabled
    • 0x6ad6:$str12: -ExecutionPolicy Bypass -File "
    • 0x6bff:$str13: Content-length: 5235
    XClient.exeMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
    • 0x6ca8:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
    • 0x6d45:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
    • 0x6e5a:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
    • 0x6b1a:$cnc4: POST / HTTP/1.1
    SourceRuleDescriptionAuthorStrings
    00000001.00000000.1423823015.00000000001D2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_XWormYara detected XWormJoe Security
      00000001.00000000.1423823015.00000000001D2000.00000002.00000001.01000000.00000003.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
      • 0x6aa8:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0x6b45:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0x6c5a:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0x691a:$cnc4: POST / HTTP/1.1
      00000001.00000002.3874990132.0000000002501000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
        Process Memory Space: XClient.exe PID: 7444JoeSecurity_XWormYara detected XWormJoe Security
          SourceRuleDescriptionAuthorStrings
          1.0.XClient.exe.1d0000.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
            1.0.XClient.exe.1d0000.0.unpackrat_win_xworm_v3Finds XWorm (version XClient, v3) samples based on characteristic stringsSekoia.io
            • 0x58a9:$str01: $VB$Local_Port
            • 0x589a:$str02: $VB$Local_Host
            • 0x5ba0:$str03: get_Jpeg
            • 0x5552:$str04: get_ServicePack
            • 0x656e:$str05: Select * from AntivirusProduct
            • 0x676c:$str06: PCRestart
            • 0x6780:$str07: shutdown.exe /f /r /t 0
            • 0x6832:$str08: StopReport
            • 0x6808:$str09: StopDDos
            • 0x68fe:$str10: sendPlugin
            • 0x697e:$str11: OfflineKeylogger Not Enabled
            • 0x6ad6:$str12: -ExecutionPolicy Bypass -File "
            • 0x6bff:$str13: Content-length: 5235
            1.0.XClient.exe.1d0000.0.unpackMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
            • 0x6ca8:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
            • 0x6d45:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
            • 0x6e5a:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
            • 0x6b1a:$cnc4: POST / HTTP/1.1
            No Sigma rule has matched
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-24T08:07:30.048531+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:07:30.914465+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:07:41.440706+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:07:52.878086+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:08:00.916676+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:08:04.315296+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:08:15.807958+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:08:26.393952+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:08:30.932972+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:08:31.081945+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:08:31.183541+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:08:35.690874+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:08:39.346581+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:08:40.660775+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:08:41.346969+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:08:41.449047+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:08:41.879673+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:08:51.643997+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:08:51.784513+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:08:51.886792+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:08:51.989081+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:08:52.227779+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:08:57.597556+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:08:57.699195+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:09:00.951253+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:09:02.675855+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:09:02.815981+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:09:06.081686+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:09:06.940803+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:09:10.727929+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:09:22.159749+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:09:24.177720+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:09:24.279509+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:09:24.391060+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:09:24.698330+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:09:24.897164+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:09:29.924908+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:09:30.027152+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:09:30.475190+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:09:30.956257+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:09:36.003580+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:09:37.208039+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:09:48.648184+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:09:53.019459+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:09:56.425511+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:09:58.317527+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:00.954239+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:02.831485+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:02.927095+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:03.028742+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:07.538960+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:08.065989+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:08.171349+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:08.273478+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:08.441577+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:08.543429+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:08.645858+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:09.026440+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:19.412216+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:24.456226+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:24.563232+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:26.815862+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:30.050977+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:30.153971+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:30.955623+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:34.393940+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:35.269570+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:35.832229+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:40.237657+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:40.338247+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:45.136024+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:46.818947+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:50.128166+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:50.467909+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:53.504387+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:53.843447+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:53.943622+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:11:00.503710+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:11:00.604458+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:11:00.705749+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:11:00.956310+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:11:09.718139+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:11:10.753351+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:11:10.847853+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:11:15.535069+010028528701Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-24T08:07:30.892981+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:07:41.807143+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:07:52.880906+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:08:04.317034+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:08:15.810885+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:08:26.402174+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:08:31.084029+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:08:31.185566+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:08:35.698317+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:08:39.348766+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:08:40.662835+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:08:41.349704+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:08:41.451163+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:08:41.885014+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:08:51.646828+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:08:51.787072+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:08:51.889602+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:08:51.991245+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:08:52.232094+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:08:57.599580+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:08:57.710461+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:02.678283+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:02.818076+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:06.087111+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:06.943573+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:10.730277+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:22.162888+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:24.179903+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:24.291481+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:24.393133+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:24.496484+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:24.525872+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:24.598815+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:24.603790+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:24.700283+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:24.899682+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:29.927358+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:30.029480+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:30.131994+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:30.137006+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:30.240102+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:30.245110+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:30.250245+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:30.260101+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:30.548458+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:30.570364+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:30.590873+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:30.595672+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:30.608668+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:36.005827+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:37.220327+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:48.649873+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:53.025339+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:56.427782+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:09:58.319880+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:02.833989+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:02.929396+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:03.031050+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:07.550886+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:08.068716+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:08.173925+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:08.275119+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:08.376856+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:08.443218+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:08.545778+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:08.647581+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:08.821392+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:08.927013+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:09.028395+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:09.141526+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:09.158911+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:19.419014+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:24.459982+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:24.568452+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:24.659861+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:24.666921+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:24.760985+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:24.865688+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:24.872806+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:24.970851+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:24.979330+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:26.820528+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:30.053091+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:30.160298+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:30.263254+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:30.268247+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:30.363902+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:34.394768+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:35.277964+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:35.833224+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:40.238561+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:40.339159+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:40.442135+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:40.447111+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:45.139117+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:46.819637+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:50.128813+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:50.468583+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:53.505103+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:53.844107+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:10:53.944466+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:11:00.504795+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:11:00.605238+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:11:00.706565+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:11:09.726324+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:11:10.754383+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:11:10.848682+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:11:10.951701+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:11:10.957591+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:11:11.057507+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:11:11.066521+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            2025-01-24T08:11:15.536306+010028529231Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-24T08:07:30.914465+010028528741Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:08:00.916676+010028528741Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:08:30.932972+010028528741Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:09:00.951253+010028528741Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:09:30.956257+010028528741Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:00.954239+010028528741Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:10:30.955623+010028528741Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            2025-01-24T08:11:00.956310+010028528741Malware Command and Control Activity Detected45.32.153.77000192.168.2.849706TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-24T08:08:57.419620+010028531931Malware Command and Control Activity Detected192.168.2.84970645.32.153.77000TCP

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Source: XClient.exeAvira: detected
            Source: XClient.exeMalware Configuration Extractor: Xworm {"C2 url": ["45.32.153.7", "127.0.0.1"], "Port": 7000, "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}
            Source: XClient.exeVirustotal: Detection: 77%Perma Link
            Source: XClient.exeReversingLabs: Detection: 81%
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Source: XClient.exeJoe Sandbox ML: detected
            Source: XClient.exeString decryptor: 45.32.153.7,127.0.0.1
            Source: XClient.exeString decryptor: 7000
            Source: XClient.exeString decryptor: <123456789>
            Source: XClient.exeString decryptor: <Xwormmm>
            Source: XClient.exeString decryptor: XWorm V5.6
            Source: XClient.exeString decryptor: USB.exe
            Source: XClient.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: XClient.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

            Networking

            barindex
            Source: Network trafficSuricata IDS: 2855924 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.8:49706 -> 45.32.153.7:7000
            Source: Network trafficSuricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 45.32.153.7:7000 -> 192.168.2.8:49706
            Source: Network trafficSuricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.8:49706 -> 45.32.153.7:7000
            Source: Network trafficSuricata IDS: 2852874 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 : 45.32.153.7:7000 -> 192.168.2.8:49706
            Source: Network trafficSuricata IDS: 2853193 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.8:49706 -> 45.32.153.7:7000
            Source: Malware configuration extractorURLs: 45.32.153.7
            Source: Malware configuration extractorURLs: 127.0.0.1
            Source: global trafficTCP traffic: 192.168.2.8:49706 -> 45.32.153.7:7000
            Source: Joe Sandbox ViewASN Name: AS-CHOOPAUS AS-CHOOPAUS
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: unknownTCP traffic detected without corresponding DNS query: 45.32.153.7
            Source: XClient.exe, 00000001.00000002.3874990132.0000000002501000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

            System Summary

            barindex
            Source: XClient.exe, type: SAMPLEMatched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
            Source: XClient.exe, type: SAMPLEMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: 1.0.XClient.exe.1d0000.0.unpack, type: UNPACKEDPEMatched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
            Source: 1.0.XClient.exe.1d0000.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: 00000001.00000000.1423823015.00000000001D2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: C:\Users\user\Desktop\XClient.exeProcess Stats: CPU usage > 49%
            Source: C:\Users\user\Desktop\XClient.exeCode function: 1_2_00007FFB4B366CF21_2_00007FFB4B366CF2
            Source: C:\Users\user\Desktop\XClient.exeCode function: 1_2_00007FFB4B365F461_2_00007FFB4B365F46
            Source: C:\Users\user\Desktop\XClient.exeCode function: 1_2_00007FFB4B3622C01_2_00007FFB4B3622C0
            Source: C:\Users\user\Desktop\XClient.exeCode function: 1_2_00007FFB4B36471D1_2_00007FFB4B36471D
            Source: XClient.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: XClient.exe, type: SAMPLEMatched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
            Source: XClient.exe, type: SAMPLEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: 1.0.XClient.exe.1d0000.0.unpack, type: UNPACKEDPEMatched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
            Source: 1.0.XClient.exe.1d0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: 00000001.00000000.1423823015.00000000001D2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: XClient.exe, Helper.csCryptographic APIs: 'TransformFinalBlock'
            Source: XClient.exe, Helper.csCryptographic APIs: 'TransformFinalBlock'
            Source: XClient.exe, AlgorithmAES.csCryptographic APIs: 'TransformFinalBlock'
            Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@0/2
            Source: C:\Users\user\Desktop\XClient.exeMutant created: NULL
            Source: C:\Users\user\Desktop\XClient.exeMutant created: \Sessions\1\BaseNamedObjects\gKaTRNX0dSePJPR6
            Source: XClient.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: XClient.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Users\user\Desktop\XClient.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: XClient.exeVirustotal: Detection: 77%
            Source: XClient.exeReversingLabs: Detection: 81%
            Source: C:\Users\user\Desktop\XClient.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeSection loaded: avicap32.dllJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeSection loaded: msvfw32.dllJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
            Source: XClient.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: XClient.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

            Data Obfuscation

            barindex
            Source: XClient.exe, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true)
            Source: XClient.exe, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
            Source: XClient.exe, Messages.cs.Net Code: Plugin System.AppDomain.Load(byte[])
            Source: XClient.exe, Messages.cs.Net Code: Memory System.AppDomain.Load(byte[])
            Source: XClient.exe, Messages.cs.Net Code: Memory
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Source: C:\Users\user\Desktop\XClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
            Source: C:\Users\user\Desktop\XClient.exeMemory allocated: 900000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeMemory allocated: 1A500000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\XClient.exeWindow / User API: threadDelayed 7218Jump to behavior
            Source: C:\Users\user\Desktop\XClient.exeWindow / User API: threadDelayed 2636Jump to behavior
            Source: C:\Users\user\Desktop\XClient.exe TID: 7592Thread sleep time: -1844674407370954s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\XClient.exe TID: 7596Thread sleep count: 7218 > 30Jump to behavior
            Source: C:\Users\user\Desktop\XClient.exe TID: 7596Thread sleep count: 2636 > 30Jump to behavior
            Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
            Source: C:\Users\user\Desktop\XClient.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: XClient.exe, 00000001.00000002.3874200647.000000000068D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

            Anti Debugging

            barindex
            Source: C:\Users\user\Desktop\XClient.exeProcess Stats: CPU usage > 42% for more than 60s
            Source: C:\Users\user\Desktop\XClient.exeProcess token adjusted: DebugJump to behavior
            Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
            Source: C:\Users\user\Desktop\XClient.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeQueries volume information: C:\Users\user\Desktop\XClient.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\XClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
            Source: XClient.exe, 00000001.00000002.3874200647.000000000068D000.00000004.00000020.00020000.00000000.sdmp, XClient.exe, 00000001.00000002.3876738859.000000001B475000.00000004.00000020.00020000.00000000.sdmp, XClient.exe, 00000001.00000002.3874200647.0000000000639000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
            Source: C:\Users\user\Desktop\XClient.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

            Stealing of Sensitive Information

            barindex
            Source: Yara matchFile source: XClient.exe, type: SAMPLE
            Source: Yara matchFile source: 1.0.XClient.exe.1d0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000001.00000000.1423823015.00000000001D2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.3874990132.0000000002501000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: XClient.exe PID: 7444, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Source: Yara matchFile source: XClient.exe, type: SAMPLE
            Source: Yara matchFile source: 1.0.XClient.exe.1d0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000001.00000000.1423823015.00000000001D2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.3874990132.0000000002501000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: XClient.exe PID: 7444, type: MEMORYSTR
            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
            Windows Management Instrumentation
            1
            DLL Side-Loading
            1
            DLL Side-Loading
            1
            Disable or Modify Tools
            OS Credential Dumping221
            Security Software Discovery
            Remote Services11
            Archive Collected Data
            1
            Encrypted Channel
            Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts232
            Virtualization/Sandbox Evasion
            LSASS Memory232
            Virtualization/Sandbox Evasion
            Remote Desktop ProtocolData from Removable Media1
            Non-Standard Port
            Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
            Deobfuscate/Decode Files or Information
            Security Account Manager1
            Application Window Discovery
            SMB/Windows Admin SharesData from Network Shared Drive1
            Application Layer Protocol
            Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
            Software Packing
            NTDS13
            System Information Discovery
            Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            DLL Side-Loading
            LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 1598395 Sample: XClient.exe Startdate: 24/01/2025 Architecture: WINDOWS Score: 100 13 Suricata IDS alerts for network traffic 2->13 15 Found malware configuration 2->15 17 Malicious sample detected (through community Yara rule) 2->17 19 9 other signatures 2->19 5 XClient.exe 2 2->5         started        process3 dnsIp4 9 45.32.153.7, 49706, 7000 AS-CHOOPAUS United States 5->9 11 127.0.0.1 unknown unknown 5->11 21 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 5->21 23 Found potential dummy code loops (likely to delay analysis) 5->23 signatures5

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand
            SourceDetectionScannerLabelLink
            XClient.exe78%VirustotalBrowse
            XClient.exe82%ReversingLabsByteCode-MSIL.Spyware.AsyncRAT
            XClient.exe100%AviraHEUR/AGEN.1305769
            XClient.exe100%Joe Sandbox ML
            No Antivirus matches
            No Antivirus matches
            No Antivirus matches
            SourceDetectionScannerLabelLink
            45.32.153.70%Avira URL Cloudsafe

            Download Network PCAP: filteredfull

            No contacted domains info
            NameMaliciousAntivirus DetectionReputation
            45.32.153.7true
            • Avira URL Cloud: safe
            unknown
            127.0.0.1false
              high
              NameSourceMaliciousAntivirus DetectionReputation
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameXClient.exe, 00000001.00000002.3874990132.0000000002501000.00000004.00000800.00020000.00000000.sdmpfalse
                high
                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs
                IPDomainCountryFlagASNASN NameMalicious
                45.32.153.7
                unknownUnited States
                20473AS-CHOOPAUStrue
                IP
                127.0.0.1
                Joe Sandbox version:42.0.0 Malachite
                Analysis ID:1598395
                Start date and time:2025-01-24 08:06:11 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 6m 16s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:6
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:XClient.exe
                Detection:MAL
                Classification:mal100.troj.evad.winEXE@1/0@0/2
                EGA Information:Failed
                HCA Information:
                • Successful, ratio: 99%
                • Number of executed functions: 62
                • Number of non-executed functions: 1
                Cookbook Comments:
                • Found application associated with file extension: .exe
                • Override analysis time to 240000 for current running targets taking high CPU consumption
                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                • Excluded IPs from analysis (whitelisted): 20.12.23.50
                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                • Execution Graph export aborted for target XClient.exe, PID 7444 because it is empty
                • Not all processes where analyzed, report is missing behavior information
                TimeTypeDescription
                02:07:15API Interceptor13689056x Sleep call for process: XClient.exe modified
                No context
                No context
                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                AS-CHOOPAUShttps://metameaskloginr.webflow.io/Get hashmaliciousUnknownBrowse
                • 155.138.141.200
                l.jsGet hashmaliciousUnknownBrowse
                • 149.248.58.85
                l.jsGet hashmaliciousUnknownBrowse
                • 149.248.58.85
                rad59AD5.dllGet hashmaliciousUnknownBrowse
                • 149.248.58.85
                rad59AD5.dllGet hashmaliciousUnknownBrowse
                • 149.248.58.85
                http://jlolaw.comGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                • 137.220.56.63
                ti.co.exeGet hashmaliciousI2PRATBrowse
                • 216.128.184.123
                lolz.exeGet hashmaliciousXmrigBrowse
                • 192.248.189.11
                codes.jsGet hashmaliciousAgentTeslaBrowse
                • 45.63.94.214
                http://rock.levie.com.vnGet hashmaliciousUnknownBrowse
                • 45.63.66.114
                No context
                No context
                No created / dropped files found
                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Entropy (8bit):5.594736817688781
                TrID:
                • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                • Win32 Executable (generic) a (10002005/4) 49.75%
                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                • Windows Screen Saver (13104/52) 0.07%
                • Generic Win/DOS Executable (2004/3) 0.01%
                File name:XClient.exe
                File size:33'280 bytes
                MD5:50ec04534e38d67176441227c05aa05a
                SHA1:11d09f5856a6945672b1ea9958564bfb4340afdc
                SHA256:a30de15c722fcba44ba069647c3de78dd5d15834ffd9faad60a4569252f495f7
                SHA512:b87fc16cdb5b1eab83b28476fe47bb5cd46fcbe6a6d2f8e9c87e24cb2aa71c43f8ed6c069cbe06e020d35fc4fe889f5d9c50a3636f5d278549c5232ff7cb15d4
                SSDEEP:384:RlRmhGD91SluSWhnHHxzLmYV3Tm2eaFObpzRApkFTBLTsOZwpGd2v99IkuisNVFn:zRPD9OQhx/BV3Tw42pzVFE9jsOjh5bK
                TLSH:5BE23B4877E44712DAEEAFB12DF362061270D517E813EF9E0CE485EA2B67AC047407E6
                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....l.g.................x............... ........@.. ....................................@................................
                Icon Hash:00928e8e8686b000
                Entrypoint:0x40979e
                Entrypoint Section:.text
                Digitally signed:false
                Imagebase:0x400000
                Subsystem:windows gui
                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Time Stamp:0x67916C82 [Wed Jan 22 22:09:06 2025 UTC]
                TLS Callbacks:
                CLR (.Net) Version:
                OS Version Major:4
                OS Version Minor:0
                File Version Major:4
                File Version Minor:0
                Subsystem Version Major:4
                Subsystem Version Minor:0
                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                Instruction
                jmp dword ptr [00402000h]
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                NameVirtual AddressVirtual Size Is in Section
                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IMPORT0x97440x57.text
                IMAGE_DIRECTORY_ENTRY_RESOURCE0xa0000x4d8.rsrc
                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                IMAGE_DIRECTORY_ENTRY_BASERELOC0xc0000xc.reloc
                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                .text0x20000x77a40x7800ad3ca8ca98043fea55b63aabc9e9b915False0.5018229166666667data5.745585962266651IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                .rsrc0xa0000x4d80x600afbb984503128042cc38bf70e5e337f4False0.375data3.7203482473352403IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                .reloc0xc0000xc0x200fbad57bc563b9a0d7654c19529129cc5False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                NameRVASizeTypeLanguageCountryZLIB Complexity
                RT_VERSION0xa0a00x244data0.4724137931034483
                RT_MANIFEST0xa2e80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041
                DLLImport
                mscoree.dll_CorExeMain

                Download Network PCAP: filteredfull

                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                2025-01-24T08:07:29.856079+01002855924ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:07:30.048531+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:07:30.892981+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:07:30.914465+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:07:30.914465+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:07:41.440706+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:07:41.807143+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:07:52.878086+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:07:52.880906+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:08:00.916676+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:08:00.916676+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:08:04.315296+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:08:04.317034+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:08:15.807958+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:08:15.810885+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:08:26.393952+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:08:26.402174+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:08:30.932972+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:08:30.932972+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:08:31.081945+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:08:31.084029+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:08:31.183541+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:08:31.185566+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:08:35.690874+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:08:35.698317+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:08:39.346581+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:08:39.348766+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:08:40.660775+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:08:40.662835+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:08:41.346969+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:08:41.349704+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:08:41.449047+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:08:41.451163+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:08:41.879673+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:08:41.885014+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:08:51.643997+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:08:51.646828+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:08:51.784513+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:08:51.787072+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:08:51.886792+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:08:51.889602+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:08:51.989081+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:08:51.991245+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:08:52.227779+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:08:52.232094+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:08:57.419620+01002853193ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:08:57.597556+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:08:57.599580+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:08:57.699195+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:08:57.710461+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:00.951253+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:09:00.951253+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:09:02.675855+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:09:02.678283+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:02.815981+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:09:02.818076+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:06.081686+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:09:06.087111+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:06.940803+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:09:06.943573+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:10.727929+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:09:10.730277+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:22.159749+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:09:22.162888+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:24.177720+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:09:24.179903+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:24.279509+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:09:24.291481+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:24.391060+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:09:24.393133+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:24.496484+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:24.525872+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:24.598815+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:24.603790+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:24.698330+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:09:24.700283+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:24.897164+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:09:24.899682+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:29.924908+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:09:29.927358+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:30.027152+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:09:30.029480+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:30.131994+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:30.137006+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:30.240102+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:30.245110+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:30.250245+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:30.260101+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:30.475190+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:09:30.548458+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:30.570364+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:30.590873+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:30.595672+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:30.608668+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:30.956257+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:09:30.956257+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:09:36.003580+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:09:36.005827+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:37.208039+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:09:37.220327+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:48.648184+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:09:48.649873+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:53.019459+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:09:53.025339+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:56.425511+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:09:56.427782+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:09:58.317527+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:09:58.319880+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:00.954239+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:00.954239+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:02.831485+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:02.833989+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:02.927095+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:02.929396+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:03.028742+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:03.031050+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:07.538960+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:07.550886+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:08.065989+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:08.068716+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:08.171349+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:08.173925+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:08.273478+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:08.275119+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:08.376856+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:08.441577+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:08.443218+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:08.543429+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:08.545778+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:08.645858+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:08.647581+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:08.821392+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:08.927013+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:09.026440+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:09.028395+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:09.141526+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:09.158911+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:19.412216+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:19.419014+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:24.456226+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:24.459982+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:24.563232+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:24.568452+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:24.659861+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:24.666921+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:24.760985+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:24.865688+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:24.872806+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:24.970851+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:24.979330+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:26.815862+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:26.820528+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:30.050977+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:30.053091+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:30.153971+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:30.160298+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:30.263254+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:30.268247+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:30.363902+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:30.955623+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:30.955623+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:34.393940+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:34.394768+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:35.269570+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:35.277964+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:35.832229+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:35.833224+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:40.237657+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:40.238561+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:40.338247+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:40.339159+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:40.442135+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:40.447111+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:45.136024+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:45.139117+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:46.818947+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:46.819637+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:50.128166+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:50.128813+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:50.467909+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:50.468583+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:53.504387+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:53.505103+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:53.843447+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:53.844107+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:10:53.943622+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:10:53.944466+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:11:00.503710+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:11:00.504795+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:11:00.604458+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:11:00.605238+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:11:00.705749+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:11:00.706565+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:11:00.956310+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:11:00.956310+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:11:09.718139+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:11:09.726324+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:11:10.753351+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:11:10.754383+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:11:10.847853+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:11:10.848682+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:11:10.951701+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:11:10.957591+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:11:11.057507+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:11:11.066521+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                2025-01-24T08:11:15.535069+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes145.32.153.77000192.168.2.849706TCP
                2025-01-24T08:11:15.536306+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970645.32.153.77000TCP
                TimestampSource PortDest PortSource IPDest IP
                Jan 24, 2025 08:07:18.170712948 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:07:18.175642014 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:07:18.175817966 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:07:18.384052992 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:07:18.388927937 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:07:29.856079102 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:07:29.860848904 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:07:30.048531055 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:07:30.091336012 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:07:30.892981052 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:07:30.897891045 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:07:30.914464951 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:07:30.966306925 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:07:41.247926950 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:07:41.296756029 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:07:41.440706015 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:07:41.483330965 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:07:41.807142973 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:07:41.811939001 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:07:52.685282946 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:07:52.690144062 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:07:52.878086090 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:07:52.880906105 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:07:52.886029959 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:00.916676044 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:00.966169119 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:04.122785091 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:04.127672911 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:04.315295935 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:04.317034006 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:04.321885109 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:15.560509920 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:15.565407038 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:15.807957888 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:15.810884953 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:15.815891027 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:26.201369047 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:26.206275940 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:26.393951893 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:26.402173996 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:26.408255100 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:30.888631105 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:30.894184113 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:30.932971954 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:30.950901985 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:30.955887079 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:31.081944942 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:31.084028959 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:31.088891029 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:31.183541059 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:31.185565948 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:31.190450907 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:35.498009920 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:35.502959013 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:35.690874100 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:35.698317051 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:35.703279018 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:39.154087067 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:39.158893108 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:39.346580982 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:39.348766088 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:39.353648901 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:40.466792107 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:40.471859932 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:40.660774946 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:40.662834883 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:40.667654991 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:41.154179096 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:41.159132957 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:41.185204029 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:41.190460920 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:41.346968889 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:41.349704027 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:41.354528904 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:41.449047089 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:41.451163054 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:41.455960989 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:41.686897039 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:41.691751957 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:41.879673004 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:41.885014057 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:41.889796019 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:51.451474905 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:51.456247091 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:51.591799021 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:51.596707106 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:51.607386112 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:51.612262964 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:51.638603926 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:51.643492937 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:51.643996954 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:51.646827936 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:51.696731091 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:51.784512997 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:51.787071943 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:51.792021036 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:51.886791945 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:51.889601946 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:51.894515038 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:51.966602087 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:51.971595049 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:51.989080906 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:51.991245031 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:52.036675930 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:52.227778912 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:52.232094049 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:52.237001896 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:57.405009985 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:57.409894943 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:57.419620037 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:57.424761057 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:57.597556114 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:57.599580050 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:57.604564905 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:57.699194908 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:08:57.710460901 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:08:57.715301037 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:00.951252937 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:00.997507095 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:02.482880116 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:02.487842083 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:02.622740984 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:02.628117085 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:02.675854921 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:02.678282976 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:02.683116913 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:02.815980911 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:02.818075895 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:02.822870970 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:05.888874054 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:05.893930912 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:06.081686020 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:06.087110996 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:06.091974020 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:06.748084068 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:06.752973080 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:06.940803051 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:06.943572998 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:06.948334932 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:10.534846067 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:10.539781094 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:10.727929115 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:10.730277061 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:10.735131979 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:21.966681957 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:21.971612930 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:22.159749031 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:22.162888050 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:22.168977022 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:23.982283115 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:23.987155914 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:23.997891903 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:24.002825975 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:24.044770002 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:24.049813986 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:24.107333899 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:24.112329960 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:24.122797966 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:24.127710104 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:24.138622999 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:24.143429995 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:24.170073986 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:24.174953938 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:24.177720070 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:24.179903030 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:24.228775978 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:24.228827000 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:24.233654976 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:24.279509068 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:24.291481018 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:24.296384096 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:24.391060114 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:24.393132925 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:24.400388956 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:24.435480118 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:24.440473080 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:24.494266033 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:24.496484041 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:24.503396988 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:24.525871992 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:24.532737017 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:24.532773018 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:24.539525032 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:24.595937014 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:24.598814964 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:24.603739023 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:24.603790045 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:24.608648062 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:24.686826944 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:24.691761971 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:24.698329926 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:24.700283051 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:24.752811909 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:24.897164106 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:24.899682045 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:24.904597044 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:29.732382059 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:29.737335920 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:29.763766050 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:29.768773079 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:29.794836044 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:29.799810886 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:29.810461044 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:29.815689087 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:29.826100111 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:29.831012011 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:29.841665983 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:29.846570015 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:29.857351065 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:29.862303972 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:29.872968912 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:29.877876997 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:29.888609886 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:29.893527031 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:29.904280901 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:29.909154892 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:29.924907923 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:29.927357912 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:29.972696066 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:29.972740889 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:29.977623940 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:29.997901917 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:30.002892971 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:30.027152061 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:30.029479980 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:30.080732107 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:30.080781937 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:30.085649014 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:30.129003048 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:30.131994009 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:30.136956930 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:30.137006044 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:30.141938925 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:30.231578112 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:30.240102053 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:30.245064020 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:30.245110035 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:30.250178099 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:30.250245094 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:30.255202055 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:30.255249977 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:30.260054111 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:30.260101080 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:30.265064955 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:30.339669943 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:30.388207912 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:30.475189924 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:30.528815985 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:30.548458099 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:30.553400993 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:30.570363998 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:30.575268984 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:30.590873003 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:30.595632076 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:30.595671892 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:30.600539923 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:30.608668089 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:30.613513947 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:30.956257105 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:30.997570992 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:35.810688972 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:35.815651894 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:36.003580093 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:36.005826950 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:36.010699987 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:37.014868975 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:37.020070076 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:37.208039045 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:37.220326900 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:37.226181030 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:48.451042891 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:48.460242987 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:48.648184061 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:48.649873018 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:48.654836893 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:52.826260090 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:52.831188917 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:53.019459009 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:53.025338888 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:53.030239105 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:56.232424974 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:56.237301111 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:56.425510883 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:56.427782059 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:56.432615995 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:58.122939110 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:58.127968073 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:58.317527056 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:09:58.319880009 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:09:58.326908112 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:00.954238892 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:01.002954006 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:02.638636112 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:02.643677950 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:02.669749975 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:02.675379038 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:02.732259989 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:02.737160921 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:02.831485033 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:02.833988905 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:02.839070082 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:02.927094936 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:02.929395914 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:02.936427116 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:03.028742075 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:03.031049967 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:03.037256956 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:07.343336105 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:07.348556042 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:07.538959980 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:07.550885916 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:07.557240963 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:07.873119116 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:07.881288052 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:07.904258013 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:07.910414934 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:07.966758966 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:07.973052979 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:07.982419968 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:07.988626003 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:07.998081923 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:08.004940033 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.013957977 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:08.020631075 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.065989017 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.068716049 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:08.076788902 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.094520092 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:08.099296093 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.171349049 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.173924923 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:08.178785086 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.273478031 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.275119066 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:08.280107975 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.310488939 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:08.315393925 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.326138973 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:08.331034899 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.342039108 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:08.347084999 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.374603033 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.376856089 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:08.428745031 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.428802967 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:08.437011957 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.441576958 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.443217993 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:08.494102001 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.494155884 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:08.499344110 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.513561010 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:08.518834114 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.529247999 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:08.535088062 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.543428898 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.545778036 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:08.592724085 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.592783928 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:08.597664118 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.645858049 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.647581100 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:08.652546883 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.685410976 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:08.691169024 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.716694117 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:08.722011089 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.747113943 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.747945070 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:08.802009106 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.806303978 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:08.811599016 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.817517042 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.821392059 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:08.873019934 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.878221035 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:08.883106947 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.921015024 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.927012920 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:08.932173967 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:08.935256958 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:08.940207005 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:09.026439905 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:09.028394938 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:09.033755064 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:09.130995035 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:09.141525984 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:09.146955013 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:09.158910990 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:09.166929007 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:19.219047070 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:19.224016905 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:19.412215948 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:19.419013977 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:19.423871994 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:24.263684988 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:24.268691063 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:24.294898033 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:24.299829006 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:24.326201916 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:24.331151009 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:24.341794968 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:24.346756935 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:24.357398987 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:24.362263918 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:24.388612032 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:24.393466949 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:24.404150009 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:24.409208059 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:24.456226110 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:24.459981918 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:24.464822054 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:24.482292891 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:24.487128973 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:24.529196978 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:24.534212112 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:24.545066118 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:24.563231945 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:24.563285112 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:24.568413973 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:24.568451881 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:24.619910002 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:24.657867908 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:24.659861088 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:24.665976048 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:24.666920900 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:24.671717882 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:24.759352922 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:24.760984898 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:24.765896082 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:24.765959024 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:24.770764112 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:24.860393047 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:24.865688086 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:24.870491028 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:24.872806072 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:24.877660990 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:24.965220928 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:24.970850945 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:24.975701094 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:24.979330063 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:24.984138966 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:26.622980118 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:26.628128052 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:26.815861940 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:26.820528030 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:26.825351000 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:29.857450962 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:29.862399101 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:29.873076916 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:29.878946066 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:29.888739109 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:29.898083925 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:29.904364109 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:29.909950972 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:29.966772079 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:29.973192930 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:29.982398987 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:29.988316059 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:29.998066902 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:30.002989054 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:30.050976992 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:30.053091049 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:30.057965040 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:30.153970957 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:30.160298109 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:30.168952942 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:30.261847019 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:30.263253927 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:30.268146038 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:30.268246889 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:30.273835897 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:30.363018990 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:30.363902092 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:30.368964911 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:30.369076014 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:30.374222040 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:30.955622911 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:30.997847080 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:34.201296091 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:34.206227064 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:34.393939972 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:34.394768000 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:34.399600029 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:35.076042891 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:35.081587076 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:35.269570112 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:35.277964115 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:35.282862902 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:35.638963938 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:35.645768881 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:35.832228899 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:35.833224058 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:35.841723919 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:40.044826031 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:40.052719116 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:40.060487032 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:40.065378904 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:40.076075077 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:40.081011057 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:40.091703892 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:40.096484900 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:40.237657070 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:40.238560915 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:40.243699074 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:40.338247061 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:40.339159012 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:40.343978882 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:40.439011097 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:40.442135096 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:40.447072029 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:40.447110891 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:40.451944113 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:44.942935944 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:44.951010942 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:45.136023998 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:45.139117002 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:45.144165039 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:46.497999907 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:46.631217003 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:46.818947077 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:46.819637060 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:46.824585915 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:49.935481071 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:49.940378904 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:50.128165960 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:50.128813028 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:50.134844065 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:50.263851881 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:50.270806074 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:50.467909098 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:50.468583107 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:50.473397970 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:53.311053991 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:53.316355944 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:53.504386902 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:53.505103111 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:53.511003971 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:53.579047918 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:53.584103107 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:53.671165943 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:53.676342010 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:53.843446970 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:53.844106913 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:53.851057053 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:53.943622112 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:10:53.944466114 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:10:53.949316025 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:00.310880899 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:11:00.315867901 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:00.373003006 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:11:00.377945900 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:00.404367924 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:11:00.409209013 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:00.503710032 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:00.504795074 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:11:00.509794950 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:00.604458094 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:00.605237961 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:11:00.610173941 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:00.705749035 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:00.706564903 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:11:00.711705923 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:00.956310034 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:01.013566971 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:11:09.423132896 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:11:09.428008080 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:09.718138933 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:09.726324081 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:11:09.731276035 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:10.560693979 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:11:10.565642118 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:10.591782093 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:11:10.596673965 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:10.607341051 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:11:10.612323999 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:10.622988939 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:11:10.627840996 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:10.654243946 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:11:10.659143925 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:10.701116085 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:11:10.705997944 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:10.753350973 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:10.754383087 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:11:10.800815105 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:10.847852945 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:10.848681927 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:11:10.853516102 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:10.948133945 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:10.951700926 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:11:10.956593037 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:10.957591057 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:11:10.962467909 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:11.051168919 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:11.057507038 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:11:11.062422037 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:11.066520929 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:11:11.071377039 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:15.342312098 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:11:15.347408056 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:15.535068989 CET70004970645.32.153.7192.168.2.8
                Jan 24, 2025 08:11:15.536305904 CET497067000192.168.2.845.32.153.7
                Jan 24, 2025 08:11:15.541215897 CET70004970645.32.153.7192.168.2.8
                050100150200s020406080100

                Click to jump to process

                050100150200s0.00102030MB

                Click to jump to process

                • File
                • Registry
                • Network

                Click to dive into process behavior distribution

                Target ID:1
                Start time:02:07:09
                Start date:24/01/2025
                Path:C:\Users\user\Desktop\XClient.exe
                Wow64 process (32bit):false
                Commandline:"C:\Users\user\Desktop\XClient.exe"
                Imagebase:0x1d0000
                File size:33'280 bytes
                MD5 hash:50EC04534E38D67176441227C05AA05A
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000001.00000000.1423823015.00000000001D2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000001.00000000.1423823015.00000000001D2000.00000002.00000001.01000000.00000003.sdmp, Author: ditekSHen
                • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000001.00000002.3874990132.0000000002501000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                Reputation:low
                Has exited:false
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                Executed Functions

                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID: $ #6K$(#6K
                • API String ID: 0-4082626433
                • Opcode ID: 599243504caa5412c4e527f030cab29648c7470060bda4eed81d709c3e599851
                • Instruction ID: 1291e2d90af306c1fb7b0c48de57ee6d5ffe78ef2d1c17e9ac3d86e020227d5f
                • Opcode Fuzzy Hash: 599243504caa5412c4e527f030cab29648c7470060bda4eed81d709c3e599851
                • Instruction Fuzzy Hash: 188294A0B1C91A8BEAA4FF3DC59577972D2EF99300F5045BDD50EC32D6DE28E8028B45
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 219f801ab10cbdc4751c1d9a978fcb87a45be34d8e1dee6f6be1719f30996f9b
                • Instruction ID: c1e9739c05e21b05de73ba148f6d56ad5007f52a66f38c4da5892207393130f6
                • Opcode Fuzzy Hash: 219f801ab10cbdc4751c1d9a978fcb87a45be34d8e1dee6f6be1719f30996f9b
                • Instruction Fuzzy Hash: 9BF1817090CA8D8FEBA9EF28C8557E977D1FB54350F04827EE84DC7291DB34A9458B81
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6b3090d0e40dc0371dc8309b75aa65c4089902832abec4dc0b9706fd3c50a7cc
                • Instruction ID: ed4eb3faaa39997d0c8bb0a596bf6d5b7eb5c4da5206143af8a7b9d0f53372c5
                • Opcode Fuzzy Hash: 6b3090d0e40dc0371dc8309b75aa65c4089902832abec4dc0b9706fd3c50a7cc
                • Instruction Fuzzy Hash: 4EE1B27090CA4E8FEBA9EF2CC8557E977D1FB54350F04826EE84DC7291DE78A8458B81
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID: x%K
                • API String ID: 0-2017488993
                • Opcode ID: a4446ec813575eed6c0a3a73dc26b84287b83b5bbd93fa1900286570dd47a6a2
                • Instruction ID: a7b664acf056974880ab6b8b6e3a31b24c36e8db7d00a4c61c76d5da47017402
                • Opcode Fuzzy Hash: a4446ec813575eed6c0a3a73dc26b84287b83b5bbd93fa1900286570dd47a6a2
                • Instruction Fuzzy Hash: EF5103B190C6498FDB68EF7CC859AB87BE0EF55310F0481BED04DC71A2DB68A4468B51
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID: LT_H
                • API String ID: 0-3726063308
                • Opcode ID: 2a4c5429b38dc3804e14336a0eefe77d21fe32930687c4f332cf411af1c7e059
                • Instruction ID: c27f3dee0b47d136ff02687c3b755497b701f8598a75404f7088dfd9a6c33804
                • Opcode Fuzzy Hash: 2a4c5429b38dc3804e14336a0eefe77d21fe32930687c4f332cf411af1c7e059
                • Instruction Fuzzy Hash: 8F2150B1B08A094FEF95FF3CC4596BD77E2EF98301B50407AD90DD32A2EE28A8418741
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID: d
                • API String ID: 0-2564639436
                • Opcode ID: 0801e60ac3907c4cd4fc935c69d9a8bd9d4d591123936b66fab7cc0e9939c151
                • Instruction ID: 1f13ff0dd3a2ba198687904f872de410fba62b944bdccd7e64b50d664281d546
                • Opcode Fuzzy Hash: 0801e60ac3907c4cd4fc935c69d9a8bd9d4d591123936b66fab7cc0e9939c151
                • Instruction Fuzzy Hash: B721C271C0C25A8FEB11AFB8C8096E9BBE0EF55310F0541BED99DD71A2DA2C584587A2
                Strings
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID: x%K
                • API String ID: 0-2017488993
                • Opcode ID: 27b62b9ac53268b316afd8426a570bb60f92a9dd0f3e0b75c688a345e8d3cd2f
                • Instruction ID: 5157c0b594bb2177b3d8c3d894b84b8ba0ef2640fc635e507bae7e384a667b1c
                • Opcode Fuzzy Hash: 27b62b9ac53268b316afd8426a570bb60f92a9dd0f3e0b75c688a345e8d3cd2f
                • Instruction Fuzzy Hash: B72154E190C54A8BEB64FF3CCDA95A03B90FF61314F4A80BEC54DC71E2DA68A4028B50
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 46d0a5707e0775054541a0654cfeb25b6452a5f4dd262db19c832756190663b6
                • Instruction ID: d776960dd63b4e5fd0355f6817c2032e3ed1842a1660ce9fe835ae05ac2c97e3
                • Opcode Fuzzy Hash: 46d0a5707e0775054541a0654cfeb25b6452a5f4dd262db19c832756190663b6
                • Instruction Fuzzy Hash: 0A9169D2D0D6C98FF769AFBDD9152B93FA0EF51210B4480BED988C71E3DC1899098355
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 73a5b5cf989b6d4bb282539190c9e8a0364529a7f645f56c6fbbae6877888da5
                • Instruction ID: 712487166a7526c0082d698ec42eed1aa33749a050373ee34901665ff90626dc
                • Opcode Fuzzy Hash: 73a5b5cf989b6d4bb282539190c9e8a0364529a7f645f56c6fbbae6877888da5
                • Instruction Fuzzy Hash: 42C15CA1A1CE854FE769AB3C88592B97BD1FF95350F0441BDD48EC32D3DD285C068791
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 17f1843542bfbc763699468763faba0c659273a56277d70679d3a0558a957912
                • Instruction ID: 022298f88472567c80c3443972aecad0bfae2e4e13ee7a70e0e21d63fb8fb07c
                • Opcode Fuzzy Hash: 17f1843542bfbc763699468763faba0c659273a56277d70679d3a0558a957912
                • Instruction Fuzzy Hash: 85C1D6B1A1C9598FE7A9FF3CC4986A477D1FB6C318B4046BDD44EC72A5CE24B8018B81
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 048d74f1f3640980e738a12fe1102c7ca4f255dda853104c43509052305285b9
                • Instruction ID: 04250cf3f76b9abf16e29fefbfe4b1d63420aedbc4f32debed395cb73c251cc6
                • Opcode Fuzzy Hash: 048d74f1f3640980e738a12fe1102c7ca4f255dda853104c43509052305285b9
                • Instruction Fuzzy Hash: 60B129A1A1C9494FE7A9EB3CC4592B97BD2FF98350F04417DE54EC32D6DE28AC028791
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1f8960043b9902e553ccfbb06f0c31e1ca89a41316de8f6f3757060c607095e7
                • Instruction ID: b0942d8e2e9085d2437d6e30dfa2cb710fb0c3455c2b28daf70c790ebd750809
                • Opcode Fuzzy Hash: 1f8960043b9902e553ccfbb06f0c31e1ca89a41316de8f6f3757060c607095e7
                • Instruction Fuzzy Hash: 4DB15BA1A1CE894FE7A9AB3C88592B97BD1FF99350F4441BDE44EC32D2DD285C028781
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e0ed90a5044c20da0ca7b9569c9a4f624bd68d639e3287780384e7b5f4a66104
                • Instruction ID: f0a6774ab38d69ad4fcbff428ad461961d6dd7cb24ef7bf83d3c7cf6f7e7ee6c
                • Opcode Fuzzy Hash: e0ed90a5044c20da0ca7b9569c9a4f624bd68d639e3287780384e7b5f4a66104
                • Instruction Fuzzy Hash: 1EB1D57050CA8D8FEB69EF28C8557E93BD1EF55350F04826EE84DC7292CE7498458B82
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 30e35f678bf4fb31ba2d2c38bf66b6c78473f0c88d878d20942004350543faed
                • Instruction ID: 1d002f0b46e8fecf92745b61f50adf967e93bcc12a31a0877322fdf9f5a3b04b
                • Opcode Fuzzy Hash: 30e35f678bf4fb31ba2d2c38bf66b6c78473f0c88d878d20942004350543faed
                • Instruction Fuzzy Hash: B041CFB1D1DA8D8FDB82EB78C8956A97BF0FF05300F4045EBD809C7192EA38A9458B55
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d8c6fcbb31baed27b15727a4103ec85b2979e790d3adf1b0ec74054ef7949f65
                • Instruction ID: 172111ab778c01f1bb0eebc2feac35c4d6c546845f61113c23c440a9d1fccbdf
                • Opcode Fuzzy Hash: d8c6fcbb31baed27b15727a4103ec85b2979e790d3adf1b0ec74054ef7949f65
                • Instruction Fuzzy Hash: 458125B1D1DA4A4FE7A9FF3CC9492A5BBD1FF59310F0441BED548C31A2DE28A8068391
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8af0236953649be73f358f4b4de96f3618b2bda274c3036017d8492b723185b5
                • Instruction ID: 9299da1e3b24f1765f1468c06e3dd03fcd1ea4b502793d1db96ef5ff938d0f73
                • Opcode Fuzzy Hash: 8af0236953649be73f358f4b4de96f3618b2bda274c3036017d8492b723185b5
                • Instruction Fuzzy Hash: 9A71F5B1A1C9484FDBA9FB38D8996F97BE1EF59310F0441BAE10DD32A2CD28AC418751
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 02929db23f4d2998d2bb878bfd5e31134aa3c9d444dff4e7cc24199929bdf6f9
                • Instruction ID: 1fdbab92b36b8ebb138e981524caaad0cef02d82032c58a48154e7f9933ff2e7
                • Opcode Fuzzy Hash: 02929db23f4d2998d2bb878bfd5e31134aa3c9d444dff4e7cc24199929bdf6f9
                • Instruction Fuzzy Hash: 5871E66054F7C54FE353A738E858AA57F91AF83225F0D81FEE088CA4B3DA994817C752
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 874fce18058b361af9aa90f53d0fa5554fdd9e029a260adeafa4ca4390c8742d
                • Instruction ID: 6fdd1af2d23c3267ef1f0dd0911dc3f3fe3892c154a6d6cd450cf16a6a300b10
                • Opcode Fuzzy Hash: 874fce18058b361af9aa90f53d0fa5554fdd9e029a260adeafa4ca4390c8742d
                • Instruction Fuzzy Hash: D861A3B1A189194FDBA8FB7CC4996BDB7E1EF98310F14417AE50ED32A2DE24AC418750
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d1cbb808fe4035a48d1f0e661851f25064a1f099bf71b89cd659d62af9fe516a
                • Instruction ID: 93e1cc3c836ec95f6a0645f2c0e8796f48cb32c7561fa0be0c13f4714ad7a041
                • Opcode Fuzzy Hash: d1cbb808fe4035a48d1f0e661851f25064a1f099bf71b89cd659d62af9fe516a
                • Instruction Fuzzy Hash: 9361E77194DA8D9FD796EF78C8955E97BF0FF0A310B0401ABD448C71A3DB28A846CB51
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 763f9c9a3abdaa3cfd1686052f0f501e2f517a38e165d0c34fe4757f9a51a814
                • Instruction ID: 832c22edc75b3c98908e6f3e95313a6aa4c250da55e07eaa776ee3a885bfcbac
                • Opcode Fuzzy Hash: 763f9c9a3abdaa3cfd1686052f0f501e2f517a38e165d0c34fe4757f9a51a814
                • Instruction Fuzzy Hash: 4A6191A0B1C9158BF795BB7CC896769B3D2FFA8B00F5005B9D409C3296DD38B8428762
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: db70ed8bd6be3a8a5690240d4a8e4877fb641b64de147214cc8eb24c5d7f765b
                • Instruction ID: 5af478e55bc30b8e0b2858fad7a959894bbde4c4c04932ef050e9e6ba7eaad08
                • Opcode Fuzzy Hash: db70ed8bd6be3a8a5690240d4a8e4877fb641b64de147214cc8eb24c5d7f765b
                • Instruction Fuzzy Hash: 2C5138A1B1D94A4FE7A5FB7DC4AA1B8BBD2FF88214B8044BDE40EC31D6DD6868018750
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 321dfd0de51620b2167f48fef6aa49a745fad4cadefa85e2f860801ff9873939
                • Instruction ID: 7c34e2a6e914a8e4d3ef6915a2ce3d69afbabaee1b904ddaed70012cb70c22de
                • Opcode Fuzzy Hash: 321dfd0de51620b2167f48fef6aa49a745fad4cadefa85e2f860801ff9873939
                • Instruction Fuzzy Hash: C7517270918A1D8FDB58EF68D8557EDBBF1FF98310F1082AAD44DD3252DA34A846CB81
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f84bec5d53ee84bd891af814de672d8a3e8d2bc421bf27a399292ee5c7c50f22
                • Instruction ID: f62b4aeba064135e4fd3de3bb2d57f04f0d55ca946d5c27f03696be871092405
                • Opcode Fuzzy Hash: f84bec5d53ee84bd891af814de672d8a3e8d2bc421bf27a399292ee5c7c50f22
                • Instruction Fuzzy Hash: 4C31F8D6A0DAD60EE713BA7D98551F93F60EF96210B0941F7D588C70E3DC082C068395
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c43c7f361719d4ed121e6b1d76f10f9c58d819d6288e1657f39e7568b5cc40bb
                • Instruction ID: 3964f3348cad4521e9b1cc68c994981794738317f1f5fcc8e82f225b28f394a5
                • Opcode Fuzzy Hash: c43c7f361719d4ed121e6b1d76f10f9c58d819d6288e1657f39e7568b5cc40bb
                • Instruction Fuzzy Hash: 28513AA2B1D6850FF355BB7CD8962B97BD1EF8A214F0841FAE44DC71A3DD1898468340
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f1ad46ac6315e1ddb3d851477f8c367e6d9d9ce1c0ce02fc182e11c94b8d8f3d
                • Instruction ID: 1fbe3006c35df12c356ce73f9ddaff25a0f56f465335bd228b7f310041ff6554
                • Opcode Fuzzy Hash: f1ad46ac6315e1ddb3d851477f8c367e6d9d9ce1c0ce02fc182e11c94b8d8f3d
                • Instruction Fuzzy Hash: A9519471908A1C8FDB69EF68D845BE9BBF1FF59310F0082AAD40DD3252DE3469858F81
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dc8fae8601d7e9c83971e75a38873cdfef81df0a8a235b6554292d7bd440b4c3
                • Instruction ID: 9d9ec70f9f1a7b67bc366b00691d961fda25b7e1a48e5835348ec02c2881ae92
                • Opcode Fuzzy Hash: dc8fae8601d7e9c83971e75a38873cdfef81df0a8a235b6554292d7bd440b4c3
                • Instruction Fuzzy Hash: 77513DB1A0D68C4FD765FB38C8552A97BE0FF56324F0542BED549C7193EA28A8068741
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7b483441c542b50f88c8536bb6e6c0e14c4225cc93117c1554178f6886258fb5
                • Instruction ID: c8e9c0ae1a993540e5cf3e20ce9609fb70bdcbfec3683df150c2dc197cadc8cf
                • Opcode Fuzzy Hash: 7b483441c542b50f88c8536bb6e6c0e14c4225cc93117c1554178f6886258fb5
                • Instruction Fuzzy Hash: 9A21F696A0DAD60EE753BA7D98561FD3FA0EF57210B0841FBD588C70E3DC182C068392
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b264b3769b60bcc65109b07bc840a3662f943ce68263d34185312c1aa802ccb2
                • Instruction ID: 97fa4f0f7c2e4eee3c5d39286d7f0eb0c0e671e233bbbccb48927c6b1f83b6ce
                • Opcode Fuzzy Hash: b264b3769b60bcc65109b07bc840a3662f943ce68263d34185312c1aa802ccb2
                • Instruction Fuzzy Hash: 60512574D0DAC64FEB5AAB7884522A57FE1EF12310F1842EDD099C71E3DE2CA852C752
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c7529c150e008c8f80fe29cce3cafba2e2e44b94e838b5c9ca2fe1226390d9fd
                • Instruction ID: a7682dbf0bf15e04a7c5327ae75a0538e59f982a1d06b549f7f10159ae67cc26
                • Opcode Fuzzy Hash: c7529c150e008c8f80fe29cce3cafba2e2e44b94e838b5c9ca2fe1226390d9fd
                • Instruction Fuzzy Hash: E7414AA1F1D9490FE7A5BB3CD84767977C2EF85311B0440BDE88DC32A6DD68AC428355
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c7bbdb3193b6ce0ef0d4656f07c8df48c2b03380d7da476a9e2ecccb96ab5d95
                • Instruction ID: 4d6b344238e11237dc774e4663522c7fc61467cccdcd79559c3b55d77ab1e24d
                • Opcode Fuzzy Hash: c7bbdb3193b6ce0ef0d4656f07c8df48c2b03380d7da476a9e2ecccb96ab5d95
                • Instruction Fuzzy Hash: 791106A2A0DED90FE763BA7D98561F97FA0EF96200B0801FBD548C30A3D9146C068392
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cdf9968a238f8ecce008f14a36193d4a48a280e8f47c0d3a696762c460d48468
                • Instruction ID: c3527efcc6ffd29f6609eda074b1b00e71d35733dd90d6211e191736eb192e37
                • Opcode Fuzzy Hash: cdf9968a238f8ecce008f14a36193d4a48a280e8f47c0d3a696762c460d48468
                • Instruction Fuzzy Hash: 205171B450CA5C8FDB99EF68D899BA97BE0FF55311F00417ED10AC36A2CB75A841CB41
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e0bdaf6493e258c58275a5e9e7ee824f4738b602e988887b82ac4f72398d9296
                • Instruction ID: 869b9e35a80e57701572d5fab30ce670e02ee0c14848b9245cfbd93edbaaf968
                • Opcode Fuzzy Hash: e0bdaf6493e258c58275a5e9e7ee824f4738b602e988887b82ac4f72398d9296
                • Instruction Fuzzy Hash: 9211E3A1A0DE990FE762BB7C98561BD7FA0EF86200B0401F7E548C31A3D9146C058392
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b551d1371200b07dc401583963f42d24808715c81a7493a0270bb6113f6e9f94
                • Instruction ID: 21d5a5536bc0df9c11b6b4f9119efed2a93d2788730ff59e786befb66a3238a9
                • Opcode Fuzzy Hash: b551d1371200b07dc401583963f42d24808715c81a7493a0270bb6113f6e9f94
                • Instruction Fuzzy Hash: C6510BB190CA994FD766EF3CC8946657BE1FF5A314F1402BDD05AC71E2CA28AC41CB81
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f58037143b2cf422fe36a509c24002ea0b03e8fba79eec98612bb6eb889290a2
                • Instruction ID: 9b2706694bd5b58285e9fb7722a1fb88f1b69627a53284e6eff1d20f0c96ebc8
                • Opcode Fuzzy Hash: f58037143b2cf422fe36a509c24002ea0b03e8fba79eec98612bb6eb889290a2
                • Instruction Fuzzy Hash: 2B41F9A170DA890FE796AB7C98662757FD2DF8A215F0801FFE44DC7293CD189C068351
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c75418101f58b920e7169c8ceb48abaf0625fb4d04d662f88f8dc23ec856b7f3
                • Instruction ID: d97cdf105cc36887d09b7d934db502aae2371c1add15d7a950885cd052f0f012
                • Opcode Fuzzy Hash: c75418101f58b920e7169c8ceb48abaf0625fb4d04d662f88f8dc23ec856b7f3
                • Instruction Fuzzy Hash: 0641E6A1B1DA5D5FEB81BBBCD84A7BD77D5FB98710F0002BAE40CC3292DE2898414791
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a6e8efea0c38e2b1cc98dc64c2915291a75e1e71e6731a8fa9b9d79ba159d5f7
                • Instruction ID: f9da42ebee4a1dbb527908b972ee889b2a6ce12502d88664804c47a4ba9f3a13
                • Opcode Fuzzy Hash: a6e8efea0c38e2b1cc98dc64c2915291a75e1e71e6731a8fa9b9d79ba159d5f7
                • Instruction Fuzzy Hash: 66412AB1A0C64C4FDBA5FF38C8556A97BE1FF5A310F0505BEE449C7193EA28E8468781
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 44a709c550dde1c6fcd355bc1ef317f4c074e4b735cdd16479d9dcae6937b536
                • Instruction ID: 892fa45e88f29316f3a85fc930e681199ded1f7396ac4ac702f2cccd3afbc1b6
                • Opcode Fuzzy Hash: 44a709c550dde1c6fcd355bc1ef317f4c074e4b735cdd16479d9dcae6937b536
                • Instruction Fuzzy Hash: 9601F1A5A0CD5D0EEBA2FA6C98462BD77A1FB98241B4441B6E508C3192DA146D0187C2
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bdd252c46273a4b3bab2c570498eefb23625fd9c8a33baed9b8eb62fd40645b4
                • Instruction ID: 7fa223a60adcd56d04f956bef5d990b8e631974d6566d19edcb5f13b39b135a5
                • Opcode Fuzzy Hash: bdd252c46273a4b3bab2c570498eefb23625fd9c8a33baed9b8eb62fd40645b4
                • Instruction Fuzzy Hash: FA417FB4908A1C8FDBA8FF28D499BA977E0FB54301F00417EE10AC36A1CB75E8418B41
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 22a8b5324b7cccda0f7589478003b6f20476bc608950b046ff858ebbd64057bb
                • Instruction ID: 988553424528a5136d9f34d8b778d391df977285cd5e72f9c10f28f178558add
                • Opcode Fuzzy Hash: 22a8b5324b7cccda0f7589478003b6f20476bc608950b046ff858ebbd64057bb
                • Instruction Fuzzy Hash: C831E5A1F1891D5FEB84BBBDD84A7BD77D5FB98721F00027AE40DC3292EE2898414791
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 214bbdc595740d9ce80c93f422492f019872343a38edb4cc794de6025fa1824f
                • Instruction ID: b040a0641eca72e85e9d685ba23176e513e3bbfbadf1ea23131c8ec673d057cc
                • Opcode Fuzzy Hash: 214bbdc595740d9ce80c93f422492f019872343a38edb4cc794de6025fa1824f
                • Instruction Fuzzy Hash: 384136B291C68A8FE351AF78DC651E97FF1EF89210F4441FBD248D70A3DD2818468351
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0d8e88b1c52e200ca52c743fec119e4b49e166d4d35578728780b7ea0632703f
                • Instruction ID: 3cc673347d413fbc07c367f4a5bbbef0b6a433d9374063db4ce205e3e14fd548
                • Opcode Fuzzy Hash: 0d8e88b1c52e200ca52c743fec119e4b49e166d4d35578728780b7ea0632703f
                • Instruction Fuzzy Hash: 8E31B6A1B1DA490FE799FB3CD89A779A6C2EB9D315F0401BEE44DC3293DD589C418341
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1de39cf0dabf70ad5bd60c79862e19a97c05729cec2925d33d1c24a0c4faaf4a
                • Instruction ID: 1b3427b02321ee7a22c80f36b702c4df77845791ec96886bc3ed18ac581b9b2c
                • Opcode Fuzzy Hash: 1de39cf0dabf70ad5bd60c79862e19a97c05729cec2925d33d1c24a0c4faaf4a
                • Instruction Fuzzy Hash: 51418E70E0890A8FEB98EB79C0556B9B7E1FF54310F5451BDD11ED3292CE28A841CB41
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 364ad24ad1eb3d401379f6845a5d10cc629b67380ab95ec187ae4f9d4dc166ba
                • Instruction ID: dbfdc64b199142b5feb0b2cbcfcaeb4924e29703dda95361676bffd31105244c
                • Opcode Fuzzy Hash: 364ad24ad1eb3d401379f6845a5d10cc629b67380ab95ec187ae4f9d4dc166ba
                • Instruction Fuzzy Hash: C04130B0A299199FDB98FF7CD8456BC73E2FF88305F404579D50DD32A6DE24A8418740
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 456a923fddfecc9a5bbe2ff7187d9e3516692135be3497d615568a05f4bb35d2
                • Instruction ID: dc7094644316ef3a379fdf31eb676cbf9aa1e184bd7a14826b18cb6d57c24873
                • Opcode Fuzzy Hash: 456a923fddfecc9a5bbe2ff7187d9e3516692135be3497d615568a05f4bb35d2
                • Instruction Fuzzy Hash: D43113B1A0D6084FEBA4FB78C8567B977D1FF59324F1045BEE44DC3193DA28A8428785
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 86faaae24c6c1f76971134642b58eb4671ec63f1a03fdb40094f2b37e7f00eba
                • Instruction ID: fc52c07af64cfe99404259498f0347dc3be6ab56849e080ce8a3468ad5fb4f9a
                • Opcode Fuzzy Hash: 86faaae24c6c1f76971134642b58eb4671ec63f1a03fdb40094f2b37e7f00eba
                • Instruction Fuzzy Hash: D941D4B4E1DA4A8FEB85FFB8C8A56E97BA1FF88300F5045B9D049C3296DD3868018751
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bed1d00ffe5caf4466e718b47615443241c5456e0c5d3c4aaa582240d7e86fad
                • Instruction ID: 6c0a18f2b78e6ed1ee32851ec67a23758591f70358607e7e092cf7749a4d3394
                • Opcode Fuzzy Hash: bed1d00ffe5caf4466e718b47615443241c5456e0c5d3c4aaa582240d7e86fad
                • Instruction Fuzzy Hash: 24312BA0A1DA994FEB81BB78C8167A97BD5EF59710F5002FAE40CC71D3DD3CA8418352
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 87fc7ee313a84fea0f595ea15b841b840195320f2ce6b9ebf421fafdba16d692
                • Instruction ID: b3f2b693f8d1d5126f2d43f8bde64f703fe458ede91fd9c3f950cf116e819e6f
                • Opcode Fuzzy Hash: 87fc7ee313a84fea0f595ea15b841b840195320f2ce6b9ebf421fafdba16d692
                • Instruction Fuzzy Hash: 5831E1B0D18A4D8FDB91EF78C8956E97BF0FF44300F4045BBE808C3192EA38A9458B85
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a96c5cfe38644d874183b3015dc98cfcfbc3bafa206274d469e4a0c419668249
                • Instruction ID: 0e53a9a272e0e3044773bba1ecc8b9eda754ba2232c6ce7d6086b1d35ad5df8d
                • Opcode Fuzzy Hash: a96c5cfe38644d874183b3015dc98cfcfbc3bafa206274d469e4a0c419668249
                • Instruction Fuzzy Hash: 9031823150DB888FD756DBA8C885AE9BFF0EF56320F0482AFD089C75A2D764A409CB51
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bbc2e7c3eafa6153ca3e43a4d6c1f4293903523cbb4534afa104cb6319d657a5
                • Instruction ID: 3421866608d1488e388f98cf62274f299af4c2f00882431e2039b27f5bf923d8
                • Opcode Fuzzy Hash: bbc2e7c3eafa6153ca3e43a4d6c1f4293903523cbb4534afa104cb6319d657a5
                • Instruction Fuzzy Hash: 842183A1B199494FEB95FA7CD4996BDBBD1EB9C311B04007AE80DD3296DD24AC428780
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f4189e10e4c398e322738f7b84fb065ac06d07c4c68760c16a06d2d66e4ed296
                • Instruction ID: 28e0bee2474bba5dc3aae023e607e939ebd1897c22998961164f1eebc5807082
                • Opcode Fuzzy Hash: f4189e10e4c398e322738f7b84fb065ac06d07c4c68760c16a06d2d66e4ed296
                • Instruction Fuzzy Hash: C42109A0A1D95D5BEB81BB7CC8567A977D5EB59700F5002FAE40DC31C3DD38681187A2
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: eceda9d717e11b0e0b0ee91fab756eb04427512f985b64fe407b1f7543dddaa4
                • Instruction ID: 9413c230b90fbe839f03051d84f52351df8b5746b65dba8d35cedff1b55ea979
                • Opcode Fuzzy Hash: eceda9d717e11b0e0b0ee91fab756eb04427512f985b64fe407b1f7543dddaa4
                • Instruction Fuzzy Hash: 39212BA1E0DA424BF36ABF7EC59617936A2AF81310F5490BDE10DC71E3DD2CAC124395
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e9c7a55df5c917f4d7c9eef1674125457b3ba9a9a845b73e2d9f85c414dd949f
                • Instruction ID: 40153a6970476f9f1c15dae3eb54ca290de10c09d1dc5fd44069e7783c2c122c
                • Opcode Fuzzy Hash: e9c7a55df5c917f4d7c9eef1674125457b3ba9a9a845b73e2d9f85c414dd949f
                • Instruction Fuzzy Hash: 72219071B1D91D4FEB85FB68D886AF9B7D6EF99320F04007AE80DC3296DD24A8528744
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9d4320e7ed98b2a09428eb2971e8b2c1b92af9bd12c136ce75c6366bea32702b
                • Instruction ID: 113c2f2ffa9db104b2efcd2fa1a2fa95dd92f112a0527356b9a0b844e22f77a6
                • Opcode Fuzzy Hash: 9d4320e7ed98b2a09428eb2971e8b2c1b92af9bd12c136ce75c6366bea32702b
                • Instruction Fuzzy Hash: BD1104A291DA991FE3A2AB3CDC552A53FE0EF5A210B0841FBD048C71A3CD1878058782
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d62015eaad583ebebb6f817233bae6cda9af8b20593c0d83b3538b0028d75be2
                • Instruction ID: 3c6a13b2355d32c06cce4286be4d43e2acf498fb0261959052d687026197930e
                • Opcode Fuzzy Hash: d62015eaad583ebebb6f817233bae6cda9af8b20593c0d83b3538b0028d75be2
                • Instruction Fuzzy Hash: AC117F90B1D81987F9C5B7BDE9563BDA1C6EFD8B00F6441B5E409C32E6DC78AC024263
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cb491cf50db8bb2ce6b75a624d1fbf2ec0dfe0b9977145e69fcb9cd0618c190e
                • Instruction ID: fb6e7b2ccd6ad16b23a84fa9f8fdcd96468edc932bb9c501ca369edc565852b1
                • Opcode Fuzzy Hash: cb491cf50db8bb2ce6b75a624d1fbf2ec0dfe0b9977145e69fcb9cd0618c190e
                • Instruction Fuzzy Hash: 4F11296190D58A0FE752AFB8C9156F63FE1DFAA204F0442BAD589C75A3CD1C99058351
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c8bdb1b78f4cd8402bac221e6b93cbd7ad46b04d8404fea822d0d7dbda8252f5
                • Instruction ID: ff694b6db9cb6a628da5663511ed8da463b0430010fbee798f5d3db13478c0ac
                • Opcode Fuzzy Hash: c8bdb1b78f4cd8402bac221e6b93cbd7ad46b04d8404fea822d0d7dbda8252f5
                • Instruction Fuzzy Hash: F70126F1D0CACC4FE799EF3888E92E93FE0FBA5200F4440AFC08AD65A2DA7414418700
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3d1576748c35fc8777a1937cddba28ed40f27645869f0fe9e4bbcdc10acda48e
                • Instruction ID: b1be7437feadb6155c29c2033f6183390f5a7e46b49c1aaac21d520d288e5988
                • Opcode Fuzzy Hash: 3d1576748c35fc8777a1937cddba28ed40f27645869f0fe9e4bbcdc10acda48e
                • Instruction Fuzzy Hash: 7D01C470A1C50E5AEBA4BE7DC5463BA76A1EBAC305F408239DA4EC3295DD18A9404785
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 04b90e4aef65357be58b1b9366c7743d3e97376cefdd102c02d2151643e8934b
                • Instruction ID: 77ca182ad057fd5a5f731b2962f1981e499acf9dfc0a9e77681aaf889622ce8b
                • Opcode Fuzzy Hash: 04b90e4aef65357be58b1b9366c7743d3e97376cefdd102c02d2151643e8934b
                • Instruction Fuzzy Hash: FEF02E35828B8C8FDB41BF35C8011AA7B64FB65314F00068FF81DC31A1EB20DA68CB82
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6318354fdecb4536ef72f0c732bc7bc2491d8be9e04135cd8d26c3ac06a0443d
                • Instruction ID: f93b9229ff2fce9b44ffe3d06043e5a71ce4b994e2c17b53d3a4eace0e85fa60
                • Opcode Fuzzy Hash: 6318354fdecb4536ef72f0c732bc7bc2491d8be9e04135cd8d26c3ac06a0443d
                • Instruction Fuzzy Hash: EE014991E1EA864FF7A9BB7DC06A2782AD1AF81300F1490FDD54AC69E3DD1CAC518341
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4936097e7dea8b3f83e81bf37dc20999428679edf80b196b404fa9ebaa8272a3
                • Instruction ID: b96b05c3d316e71fbd1f2b0e8ea4c919ef4fbbadb0de27b09ca9bb0f371b9fc7
                • Opcode Fuzzy Hash: 4936097e7dea8b3f83e81bf37dc20999428679edf80b196b404fa9ebaa8272a3
                • Instruction Fuzzy Hash: 7BF0AFB0D4C8024AE2A6FF3EC68167876A2AF94310F509578D61DC32E6CE38FC618691
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 122a167118628095e9e3838ee0b23f4ad21d2273f4908b7407e60cadbea06546
                • Instruction ID: ec69074ceaf012ef7460efe8a58a8029cbac56276f9393e974bfc2c7f9179862
                • Opcode Fuzzy Hash: 122a167118628095e9e3838ee0b23f4ad21d2273f4908b7407e60cadbea06546
                • Instruction Fuzzy Hash: A3D0C240C5E2C20AEB0B37BA0D825907F508A031A0B4942D2D444C70E3D88D18AA4272
                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3e0c544feb7b0450905c7629e639d65c5f417c0546f558584081fb43a54f7d0b
                • Instruction ID: d438e476fa31e5ea963b1fcdd0d44cd0857142e968c1bd50df53926e4f35c48d
                • Opcode Fuzzy Hash: 3e0c544feb7b0450905c7629e639d65c5f417c0546f558584081fb43a54f7d0b
                • Instruction Fuzzy Hash: 73D022C0D1D04106C328373E8DCA1A47B10AFA9214FDC01A8E08805102F88E06A3C248

                Non-executed Functions

                Memory Dump Source
                • Source File: 00000001.00000002.3877710999.00007FFB4B360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B360000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_1_2_7ffb4b360000_XClient.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8fa50070907220e312c38300d2af958720a555b26239be923e0f490ab4d856f2
                • Instruction ID: d7ae5cb35ce58cf62651c05c49dabe1bbc7b64dbcde01fd5a209948df9d522be
                • Opcode Fuzzy Hash: 8fa50070907220e312c38300d2af958720a555b26239be923e0f490ab4d856f2
                • Instruction Fuzzy Hash: 4FC1D63190CB4C4FDB19EBACD8456E9BBE1EF56321F0442AFD049D3292DA746806CB91