Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe

Overview

General Information

Sample name:1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe
Analysis ID:1518290
MD5:5e460456a6586d424dde3b82365f6113
SHA1:a7930e9c81dc7afdb0fb597f6be3d5e7a8275538
SHA256:f19f39a1030833ec381965932d4e3a827264130e622dd4da2bdad7d98f36764a
Tags:base64-decodedexeuser-abuse_ch
Infos:

Detection

XWorm
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
Yara detected XWorm
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Program does not show much activity (idle)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: Xworm

{"C2 url": ["135.224.23.113"], "Port": "5555", "Aes key": "<Xwormmm>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeJoeSecurity_XWormYara detected XWormJoe Security
    1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
    • 0x6c7c:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
    • 0x6d19:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
    • 0x6e2e:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
    • 0x6aee:$cnc4: POST / HTTP/1.1

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000000.2038999360.0000000000A62000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_XWormYara detected XWormJoe Security
      00000000.00000000.2038999360.0000000000A62000.00000002.00000001.01000000.00000003.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
      • 0x6a7c:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0x6b19:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0x6c2e:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0x68ee:$cnc4: POST / HTTP/1.1
      00000000.00000002.4483157673.0000000002E71000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
        Process Memory Space: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe PID: 5064JoeSecurity_XWormYara detected XWormJoe Security

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.0.1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe.a60000.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
            0.0.1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe.a60000.0.unpackMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
            • 0x6c7c:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
            • 0x6d19:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
            • 0x6e2e:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
            • 0x6aee:$cnc4: POST / HTTP/1.1

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-09-25T15:12:18.929351+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:12:26.161967+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:12:40.165270+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:12:48.879945+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:12:54.150157+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:13:08.145362+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:13:11.801620+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:13:13.488608+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:13:16.006488+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:13:18.947050+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:13:19.076284+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:13:19.174653+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:13:21.087447+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:13:26.221600+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:13:29.381776+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:13:34.593001+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:13:42.954676+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:13:44.739428+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:13:44.804729+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:13:44.840361+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:13:44.888175+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:13:45.210348+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:13:45.210437+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:13:48.884872+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:13:51.676845+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:13:55.304096+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:13:55.401568+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:13:58.676296+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:12.677135+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:12.784133+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:18.887036+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:21.714146+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:23.941445+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:24.720520+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:28.680542+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:31.531608+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:31.568887+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:32.092324+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:32.561384+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:34.729533+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:34.777053+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:34.779673+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:34.785277+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:36.607168+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:37.801099+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:37.811252+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:39.454187+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:47.503316+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:47.753250+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:47.788878+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:47.820452+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:48.104097+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:48.203602+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:48.313340+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:48.877705+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:54.423306+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:56.880320+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:15:04.082001+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:15:04.132928+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:15:04.148474+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:15:04.180995+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:15:14.364312+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:15:18.887923+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:15:19.110412+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:15:19.254134+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:15:19.378474+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:15:29.914605+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:15:30.590346+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:15:30.707996+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:15:30.838594+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:15:36.025500+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:15:36.357551+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:15:36.364759+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:15:36.478131+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:15:36.598653+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:15:36.714698+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:15:41.724472+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:15:41.747453+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:15:48.891862+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:15:55.784595+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:16:02.135206+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:16:02.440865+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:16:02.538420+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:16:08.366094+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:16:09.395514+020028528701Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-09-25T15:12:26.165363+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:12:40.167999+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:12:54.151947+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:13:08.147777+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:13:11.803321+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:13:13.490866+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:13:16.018930+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:13:19.078512+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:13:19.176269+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:13:21.089363+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:13:26.233280+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:13:29.396543+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:13:29.515287+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:13:29.523748+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:13:34.595691+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:13:42.956756+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:13:44.742387+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:13:44.886976+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:13:44.892442+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:13:44.987375+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:13:45.215519+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:13:51.683447+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:13:55.306035+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:13:55.405259+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:13:55.505252+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:13:55.510776+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:13:55.515869+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:13:55.523737+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:13:55.529325+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:13:55.535715+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:13:58.678595+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:14:12.687685+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:14:12.786880+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:14:21.716450+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:14:23.943978+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:14:24.723199+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:14:28.697617+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:14:31.533733+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:14:32.100875+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:14:32.567716+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:14:34.738989+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:14:36.612732+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:14:37.803109+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:14:37.843018+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:14:39.456145+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:14:47.506152+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:14:47.755085+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:14:47.881754+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:14:47.972125+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:14:48.205154+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:14:48.315048+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:14:54.425191+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:14:56.883120+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:15:04.130457+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:15:04.135641+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:15:04.155860+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:15:04.182602+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:15:04.227858+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:15:04.274428+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:15:14.365827+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:15:19.263754+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:15:19.381271+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:15:30.133883+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:15:30.595288+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:15:30.711825+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:15:30.841824+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:15:36.030447+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:15:36.360831+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:15:36.479437+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:15:36.600957+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:15:36.719556+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:15:41.726311+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:15:41.749009+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:15:41.867565+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:15:41.880121+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:15:55.787114+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:16:02.158308+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:16:02.442801+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:16:02.545067+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:16:08.367230+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            2024-09-25T15:16:09.398544+020028529231Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-09-25T15:12:18.929351+020028528741Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:12:48.879945+020028528741Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:13:18.947050+020028528741Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:13:48.884872+020028528741Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:18.887036+020028528741Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:14:48.877705+020028528741Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:15:18.887923+020028528741Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:15:19.110412+020028528741Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            2024-09-25T15:15:48.891862+020028528741Malware Command and Control Activity Detected135.224.23.1135555192.168.2.549704TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-09-25T15:14:12.570078+020028531931Malware Command and Control Activity Detected192.168.2.549704135.224.23.1135555TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeAvira: detected
            Found malware configuration
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeMalware Configuration Extractor: Xworm {"C2 url": ["135.224.23.113"], "Port": "5555", "Aes key": "<Xwormmm>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeJoe Sandbox ML: detected
            Sample uses string decryption to hide its real strings
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeString decryptor: 135.224.23.113
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeString decryptor: 5555
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeString decryptor: <123456789>
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeString decryptor: <Xwormmm>
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeString decryptor: XWorm V5.6
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeString decryptor: USB.exe
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 135.224.23.113:5555 -> 192.168.2.5:49704
            Source: Network trafficSuricata IDS: 2852874 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 : 135.224.23.113:5555 -> 192.168.2.5:49704
            Source: Network trafficSuricata IDS: 2855924 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.5:49704 -> 135.224.23.113:5555
            Source: Network trafficSuricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.5:49704 -> 135.224.23.113:5555
            Source: Network trafficSuricata IDS: 2853193 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.5:49704 -> 135.224.23.113:5555
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: 135.224.23.113
            Source: global trafficTCP traffic: 192.168.2.5:49704 -> 135.224.23.113:5555
            Source: Joe Sandbox ViewASN Name: LUCENT-CIOUS LUCENT-CIOUS
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: unknownTCP traffic detected without corresponding DNS query: 135.224.23.113
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe, 00000000.00000002.4483157673.0000000002E71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe, type: SAMPLEMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: 0.0.1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe.a60000.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: 00000000.00000000.2038999360.0000000000A62000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess Stats: CPU usage > 49%
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeCode function: 0_2_00007FF848F36CF20_2_00007FF848F36CF2
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeCode function: 0_2_00007FF848F35F460_2_00007FF848F35F46
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeCode function: 0_2_00007FF848F320400_2_00007FF848F32040
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe, 00000000.00000000.2038999360.0000000000A62000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameghhghg.exe4 vs 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeBinary or memory string: OriginalFilenameghhghg.exe4 vs 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe, type: SAMPLEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: 0.0.1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe.a60000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: 00000000.00000000.2038999360.0000000000A62000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe, Helper.csCryptographic APIs: 'TransformFinalBlock'
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe, Helper.csCryptographic APIs: 'TransformFinalBlock'
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe, AlgorithmAES.csCryptographic APIs: 'TransformFinalBlock'
            Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@0/1
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeMutant created: NULL
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeMutant created: \Sessions\1\BaseNamedObjects\mR0UgXYus56nykvx
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeSection loaded: avicap32.dllJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeSection loaded: msvfw32.dllJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

            Data Obfuscation

            barindex
            .NET source code contains method to dynamically call methods (often used by packers)
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true)
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
            .NET source code contains potential unpacker
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe, Messages.cs.Net Code: Plugin System.AppDomain.Load(byte[])
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe, Messages.cs.Net Code: Memory System.AppDomain.Load(byte[])
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe, Messages.cs.Net Code: Memory
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeCode function: 0_2_00007FF848F37555 push ebx; iretd 0_2_00007FF848F3756A
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeMemory allocated: 1090000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeMemory allocated: 1AE70000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeWindow / User API: threadDelayed 8918Jump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeWindow / User API: threadDelayed 933Jump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe TID: 4088Thread sleep time: -3689348814741908s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe TID: 4956Thread sleep count: 8918 > 30Jump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe TID: 4956Thread sleep count: 933 > 30Jump to behavior
            Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe, 00000000.00000002.4482180005.0000000000FB9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

            Anti Debugging

            barindex
            Found potential dummy code loops (likely to delay analysis)
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess Stats: CPU usage > 42% for more than 60s
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeProcess token adjusted: DebugJump to behavior
            Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeQueries volume information: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
            Source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe, 00000000.00000002.4484556389.000000001BC35000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
            Source: C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

            Stealing of Sensitive Information

            barindex
            Yara detected XWorm
            Source: Yara matchFile source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe, type: SAMPLE
            Source: Yara matchFile source: 0.0.1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe.a60000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000000.2038999360.0000000000A62000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.4483157673.0000000002E71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe PID: 5064, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected XWorm
            Source: Yara matchFile source: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe, type: SAMPLE
            Source: Yara matchFile source: 0.0.1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe.a60000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000000.2038999360.0000000000A62000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.4483157673.0000000002E71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe PID: 5064, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
            Windows Management Instrumentation            		1
            DLL Side-Loading            		1
            DLL Side-Loading            		1
            Disable or Modify Tools            		OS Credential Dumping221
            Security Software Discovery            		Remote Services11
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts232
            Virtualization/Sandbox Evasion            		LSASS Memory232
            Virtualization/Sandbox Evasion            		Remote Desktop ProtocolData from Removable Media1
            Non-Standard Port            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
            Deobfuscate/Decode Files or Information            		Security Account Manager1
            Application Window Discovery            		SMB/Windows Admin SharesData from Network Shared Drive1
            Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Obfuscated Files or Information            		NTDS13
            System Information Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
            Software Packing            		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe100%AviraHEUR/AGEN.1305769
            1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            135.224.23.1130%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            No contacted domains info

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            135.224.23.113true
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe, 00000000.00000002.4483157673.0000000002E71000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            135.224.23.113
            		unknownUnited States
            		10455LUCENT-CIOUStrue

            General Information

            Joe Sandbox version:41.0.0 Charoite
            Analysis ID:1518290
            Start date and time:2024-09-25 15:11:11 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 6m 9s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:5
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe
            Detection:MAL
            Classification:mal100.troj.evad.winEXE@1/0@0/1
            EGA Information:Failed
            HCA Information:
            • Successful, ratio: 99%
            • Number of executed functions: 50
            • Number of non-executed functions: 0
            Cookbook Comments:
            • Found application associated with file extension: .exe
            • Override analysis time to 240000 for current running targets taking high CPU consumption

            Warnings

            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
            • Execution Graph export aborted for target 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe, PID 5064 because it is empty
            • VT rate limit hit for: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe

            Simulations

            Behavior and APIs

            TimeTypeDescription
            09:12:10API Interceptor13574019x Sleep call for process: 1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe modified

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            135.224.23.113TM3utH2CsU.exeGet hashmaliciousPureLog Stealer, XWormBrowse

              Domains

              No context

              ASNs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              LUCENT-CIOUSTM3utH2CsU.exeGet hashmaliciousPureLog Stealer, XWormBrowse
              • 135.224.23.113
              SecuriteInfo.com.Linux.Siggen.9999.13221.8731.elfGet hashmaliciousUnknownBrowse
              • 135.225.246.112
              mdfh8nJQAy.elfGet hashmaliciousMirai, MoobotBrowse
              • 135.87.80.52
              SecuriteInfo.com.Linux.Siggen.9999.8163.26295.elfGet hashmaliciousMiraiBrowse
              • 135.237.36.212
              tmNB51skaY.elfGet hashmaliciousMiraiBrowse
              • 135.242.130.152
              QvTbUiFWlo.elfGet hashmaliciousMiraiBrowse
              • 152.148.171.251
              SecuriteInfo.com.Linux.Siggen.9999.11579.20419.elfGet hashmaliciousMiraiBrowse
              • 135.90.159.82
              SecuriteInfo.com.Linux.Siggen.9999.21530.5221.elfGet hashmaliciousMiraiBrowse
              • 135.239.42.142
              sh4.elfGet hashmaliciousMirai, MoobotBrowse
              • 135.89.245.17
              sh4.elfGet hashmaliciousUnknownBrowse
              • 135.117.193.133

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              No created / dropped files found

              Static File Info

              General

              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Entropy (8bit):5.590165988673767
              TrID:
              • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
              • Win32 Executable (generic) a (10002005/4) 49.75%
              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
              • Windows Screen Saver (13104/52) 0.07%
              • Generic Win/DOS Executable (2004/3) 0.01%
              File name:1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe
              File size:33'280 bytes
              MD5:5e460456a6586d424dde3b82365f6113
              SHA1:a7930e9c81dc7afdb0fb597f6be3d5e7a8275538
              SHA256:f19f39a1030833ec381965932d4e3a827264130e622dd4da2bdad7d98f36764a
              SHA512:265f8aabe0c18c8d903493cae22779c10f3c486084f598b776d2200a382a855e15fa507af5e38cdd5f9b935eec4bd7d636dfbdb405713c24ecd51702ac90ea32
              SSDEEP:768:TVa+vNtg+PBy3Tw4e1dVFE9j/OjhJfbk:zvNtgwy3U4epFE9j/OjTA
              TLSH:81E23A4877D44722DAFEAFB129F362061670D517E813EF6E0CE485E62B67AC047407EA
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.................x..........n.... ........@.. ....................................@................................

              File Icon

              Icon Hash:00928e8e8686b000

              Static PE Info

              General

              Entrypoint:0x40976e
              Entrypoint Section:.text
              Digitally signed:false
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Time Stamp:0x66F3A2D7 [Wed Sep 25 05:42:47 2024 UTC]
              TLS Callbacks:
              CLR (.Net) Version:
              OS Version Major:4
              OS Version Minor:0
              File Version Major:4
              File Version Minor:0
              Subsystem Version Major:4
              Subsystem Version Minor:0
              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

              Entrypoint Preview

              Instruction
              jmp dword ptr [00402000h]
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al

              Data Directories

              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0x97180x53.text
              IMAGE_DIRECTORY_ENTRY_RESOURCE0xa0000x4d8.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0xc0000xc.reloc
              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

              Sections

              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x20000x77740x78006ae2b5aae5010c25f998d9a0b0199f83False0.5010416666666667data5.741189311374185IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              .rsrc0xa0000x4d80x600f1b557a6818d9f758f7d836b8b8c5070False0.373046875data3.7171466095684083IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .reloc0xc0000xc0x2003ee5eb55d2c84cad34ece42377c6f250False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

              Resources

              NameRVASizeTypeLanguageCountryZLIB Complexity
              RT_VERSION0xa0a00x244data0.4689655172413793
              RT_MANIFEST0xa2e80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041

              Imports

              DLLImport
              mscoree.dll_CorExeMain

              Network Behavior

              Suricata IDS Alerts

              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
              2024-09-25T15:12:18.929351+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:12:18.929351+02002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:12:26.028199+02002855924ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:12:26.161967+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:12:26.165363+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:12:40.165270+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:12:40.167999+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:12:48.879945+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:12:48.879945+02002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:12:54.150157+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:12:54.151947+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:13:08.145362+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:13:08.147777+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:13:11.801620+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:13:11.803321+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:13:13.488608+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:13:13.490866+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:13:16.006488+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:13:16.018930+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:13:18.947050+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:13:18.947050+02002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:13:19.076284+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:13:19.078512+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:13:19.174653+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:13:19.176269+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:13:21.087447+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:13:21.089363+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:13:26.221600+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:13:26.233280+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:13:29.381776+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:13:29.396543+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:13:29.515287+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:13:29.523748+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:13:34.593001+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:13:34.595691+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:13:42.954676+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:13:42.956756+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:13:44.739428+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:13:44.742387+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:13:44.804729+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:13:44.840361+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:13:44.886976+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:13:44.888175+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:13:44.892442+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:13:44.987375+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:13:45.210348+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:13:45.210437+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:13:45.215519+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:13:48.884872+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:13:48.884872+02002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:13:51.676845+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:13:51.683447+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:13:55.304096+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:13:55.306035+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:13:55.401568+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:13:55.405259+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:13:55.505252+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:13:55.510776+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:13:55.515869+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:13:55.523737+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:13:55.529325+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:13:55.535715+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:13:58.676296+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:13:58.678595+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:14:12.570078+02002853193ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:14:12.677135+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:12.687685+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:14:12.784133+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:12.786880+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:14:18.887036+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:18.887036+02002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:21.714146+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:21.716450+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:14:23.941445+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:23.943978+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:14:24.720520+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:24.723199+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:14:28.680542+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:28.697617+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:14:31.531608+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:31.533733+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:14:31.568887+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:32.092324+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:32.100875+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:14:32.561384+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:32.567716+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:14:34.729533+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:34.738989+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:14:34.777053+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:34.779673+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:34.785277+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:36.607168+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:36.612732+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:14:37.801099+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:37.803109+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:14:37.811252+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:37.843018+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:14:39.454187+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:39.456145+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:14:47.503316+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:47.506152+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:14:47.753250+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:47.755085+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:14:47.788878+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:47.820452+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:47.881754+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:14:47.972125+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:14:48.104097+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:48.203602+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:48.205154+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:14:48.313340+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:48.315048+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:14:48.877705+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:48.877705+02002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:54.423306+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:54.425191+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:14:56.880320+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:14:56.883120+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:15:04.082001+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:15:04.130457+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:15:04.132928+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:15:04.135641+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:15:04.148474+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:15:04.155860+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:15:04.180995+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:15:04.182602+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:15:04.227858+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:15:04.274428+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:15:14.364312+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:15:14.365827+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:15:18.887923+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:15:18.887923+02002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:15:19.110412+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:15:19.110412+02002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:15:19.254134+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:15:19.263754+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:15:19.378474+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:15:19.381271+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:15:29.914605+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:15:30.133883+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:15:30.590346+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:15:30.595288+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:15:30.707996+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:15:30.711825+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:15:30.838594+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:15:30.841824+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:15:36.025500+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:15:36.030447+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:15:36.357551+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:15:36.360831+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:15:36.364759+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:15:36.478131+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:15:36.479437+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:15:36.598653+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:15:36.600957+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:15:36.714698+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:15:36.719556+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:15:41.724472+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:15:41.726311+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:15:41.747453+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:15:41.749009+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:15:41.867565+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:15:41.880121+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:15:48.891862+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:15:48.891862+02002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:15:55.784595+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:15:55.787114+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:16:02.135206+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:16:02.158308+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:16:02.440865+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:16:02.442801+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:16:02.538420+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:16:02.545067+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:16:08.366094+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:16:08.367230+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP
              2024-09-25T15:16:09.395514+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1135.224.23.1135555192.168.2.549704TCP
              2024-09-25T15:16:09.398544+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549704135.224.23.1135555TCP

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Sep 25, 2024 15:12:11.826401949 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:12:11.831624031 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:12:11.831763983 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:12:12.035377026 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:12:12.040365934 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:12:18.929351091 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:12:18.974709988 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:12:26.028198957 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:12:26.033248901 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:12:26.161967039 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:12:26.165363073 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:12:26.204065084 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:12:40.022628069 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:12:40.047605991 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:12:40.165270090 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:12:40.167999029 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:12:40.173135996 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:12:48.879945040 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:12:48.927742958 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:12:54.021908045 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:12:54.027005911 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:12:54.150156975 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:12:54.151947021 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:12:54.162301064 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:08.021835089 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:08.030101061 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:08.145361900 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:08.147777081 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:08.154638052 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:11.679099083 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:11.684174061 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:11.801620007 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:11.803320885 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:11.808212996 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:13.365822077 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:13.371007919 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:13.488607883 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:13.490865946 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:13.496119022 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:15.882204056 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:15.888916969 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:16.006488085 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:16.018929958 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:16.023987055 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:18.756522894 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:18.947050095 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:18.947139978 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:18.947732925 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:18.952786922 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:19.076283932 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:19.078511953 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:19.083565950 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:19.174653053 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:19.176269054 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:19.184463978 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:20.959470987 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:20.966739893 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:21.087446928 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:21.089363098 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:21.097001076 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:26.084291935 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:26.101941109 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:26.221600056 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:26.233279943 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:26.238919973 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:29.240554094 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:29.245817900 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:29.256154060 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:29.261110067 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:29.271615028 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:29.276845932 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:29.381776094 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:29.396543026 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:29.417665958 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:29.509154081 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:29.515286922 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:29.523379087 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:29.523747921 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:29.540951014 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:34.349920034 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:34.469717979 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:34.593000889 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:34.595690966 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:34.606893063 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:42.740438938 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:42.836788893 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:42.954675913 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:42.956756115 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:42.961740971 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:44.615444899 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:44.620776892 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:44.677968979 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:44.683655977 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:44.693527937 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:44.699426889 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:44.709245920 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:44.714195013 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:44.739428043 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:44.742387056 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:44.790759087 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:44.790827990 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:44.797626972 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:44.802886963 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:44.804728985 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:44.840361118 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:44.840455055 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:44.886734962 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:44.886976004 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:44.888175011 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:44.892396927 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:44.892441988 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:44.897495985 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:44.985771894 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:44.987375021 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:45.210347891 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:45.210437059 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:45.210447073 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:45.210521936 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:45.211210012 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:45.215460062 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:45.215518951 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:45.220472097 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:48.884871960 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:48.927614927 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:51.553854942 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:51.558928013 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:51.676845074 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:51.683446884 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:51.688393116 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:54.974939108 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:55.187246084 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:55.187315941 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:55.192161083 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:55.193720102 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:55.198493958 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:55.304095984 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:55.306035042 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:55.310946941 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:55.401567936 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:55.405258894 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:55.410114050 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:55.501024008 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:55.505251884 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:55.510118008 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:55.510776043 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:55.515625000 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:55.515868902 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:55.520730972 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:55.523736954 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:55.529119015 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:55.529325008 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:55.534127951 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:55.535715103 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:55.540611029 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:58.553930044 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:58.558873892 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:58.676295996 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:13:58.678595066 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:13:58.683403015 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:12.554120064 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:12.560333967 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:12.570077896 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:12.574903965 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:12.677134991 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:12.687685013 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:12.692485094 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:12.784132957 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:12.786880016 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:12.791682959 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:18.887036085 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:18.943326950 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:21.490515947 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:21.596364021 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:21.714145899 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:21.716449976 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:21.721393108 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:23.818756104 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:23.823718071 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:23.941445112 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:23.943978071 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:23.949058056 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:24.256002903 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:24.600414991 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:24.720520020 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:24.723198891 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:24.730736971 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:28.538619995 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:28.553742886 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:28.680541992 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:28.697617054 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:28.714787006 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:31.099754095 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:31.123471975 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:31.531608105 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:31.533732891 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:31.568886995 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:31.568938017 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:31.580564976 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:31.927963018 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:31.961098909 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:32.092324018 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:32.100874901 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:32.122071981 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:32.412288904 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:32.417368889 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:32.561383963 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:32.567715883 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:32.630017996 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:33.631032944 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:33.641491890 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:34.729532957 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:34.738989115 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:34.777053118 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:34.779673100 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:34.779716015 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:34.781661987 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:34.785276890 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:34.785990000 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:34.788929939 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:36.052834988 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:36.318144083 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:36.560102940 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:36.560117960 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:36.607167959 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:36.612731934 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:36.617815018 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:37.459146976 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:37.472091913 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:37.474745035 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:37.497306108 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:37.801099062 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:37.803108931 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:37.811252117 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:37.842964888 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:37.843018055 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:37.860661030 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:39.224755049 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:39.293333054 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:39.454186916 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:39.456145048 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:39.497178078 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:47.380860090 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:47.385796070 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:47.503315926 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:47.506151915 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:47.510992050 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:47.630966902 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:47.635828972 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:47.662134886 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:47.667040110 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:47.677701950 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:47.682605028 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:47.693327904 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:47.698100090 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:47.709075928 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:47.714003086 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:47.724630117 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:47.729504108 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:47.740197897 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:47.745214939 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:47.753249884 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:47.755084991 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:47.788877964 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:47.788944006 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:47.820451975 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:47.820518017 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:47.870346069 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:47.870410919 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:47.875277042 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:47.879405022 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:47.881753922 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:47.910773039 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:47.910844088 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:47.962393999 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:47.962461948 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:47.967773914 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:47.970031023 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:47.972125053 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:48.007304907 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:48.007370949 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:48.058315992 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:48.058373928 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:48.104096889 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:48.104159117 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:48.154355049 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:48.154411077 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:48.160661936 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:48.203602076 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:48.205153942 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:48.210226059 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:48.313339949 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:48.315047979 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:48.319998980 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:48.877705097 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:48.927504063 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:54.177791119 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:54.306186914 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:54.423305988 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:54.425190926 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:54.430077076 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:56.757703066 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:56.762661934 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:56.880320072 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:14:56.883120060 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:14:56.887928009 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:03.959041119 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:03.963970900 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:03.990247011 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:03.997148991 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:04.005851030 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:04.012593031 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:04.037313938 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:04.042234898 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:04.052751064 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:04.057744026 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:04.082000971 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:04.084752083 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:04.130389929 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:04.130456924 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:04.132927895 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:04.135581017 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:04.135641098 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:04.141254902 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:04.148473978 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:04.155859947 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:04.180994987 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:04.182601929 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:04.226207972 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:04.227858067 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:04.274360895 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:04.274427891 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:04.279325008 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:14.242038965 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:14.247051001 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:14.364311934 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:14.365827084 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:14.370680094 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:18.887923002 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:19.110411882 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:19.110523939 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:19.130830050 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:19.136497974 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:19.254133940 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:19.256094933 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:19.260973930 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:19.263753891 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:19.268604040 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:19.378473997 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:19.381270885 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:19.386125088 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:29.756233931 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:29.761264086 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:29.914604902 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:29.961837053 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:30.133882999 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:30.166960001 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:30.318392038 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:30.481154919 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:30.481215000 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:30.518615007 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:30.590346098 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:30.595288038 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:30.600816965 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:30.707995892 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:30.711824894 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:30.746972084 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:30.838593960 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:30.841824055 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:30.847289085 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:35.771631002 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:35.904793978 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:35.904916048 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:35.928339958 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:36.025500059 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:36.030447006 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:36.036036015 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:36.147084951 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:36.357551098 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:36.357659101 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:36.360759974 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:36.360831022 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:36.364758968 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:36.364825964 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:36.367944002 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:36.478131056 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:36.479437113 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:36.528680086 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:36.598653078 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:36.600956917 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:36.622273922 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:36.714698076 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:36.719556093 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:36.731132984 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:41.583956957 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:41.594603062 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:41.615164042 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:41.621287107 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:41.646617889 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:41.653693914 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:41.662040949 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:41.667011023 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:41.724472046 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:41.726310968 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:41.738176107 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:41.747452974 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:41.749008894 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:41.798593044 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:41.838047028 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:41.867564917 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:41.880039930 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:41.880120993 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:41.893959045 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:48.891861916 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:48.945595026 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:55.662029028 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:55.666969061 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:55.784595013 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:15:55.787113905 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:15:55.792022943 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:16:02.010262966 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:16:02.015459061 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:16:02.135205984 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:16:02.158308029 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:16:02.163228989 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:16:02.318320990 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:16:02.323359013 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:16:02.333842039 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:16:02.338680029 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:16:02.440865040 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:16:02.442800999 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:16:02.447737932 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:16:02.538419962 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:16:02.545067072 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:16:02.549957991 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:16:08.240164042 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:16:08.247661114 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:16:08.366094112 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:16:08.367229939 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:16:08.372103930 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:16:09.271346092 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:16:09.277709007 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:16:09.395514011 CEST555549704135.224.23.113192.168.2.5
              Sep 25, 2024 15:16:09.398544073 CEST497045555192.168.2.5135.224.23.113
              Sep 25, 2024 15:16:09.403453112 CEST555549704135.224.23.113192.168.2.5

              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              Click to dive into process behavior distribution

              System Behavior

              General

              Target ID:0
              Start time:09:12:03
              Start date:25/09/2024
              Path:C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe
              Wow64 process (32bit):false
              Commandline:"C:\Users\user\Desktop\1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c0928072d74511.dat-decoded.exe"
              Imagebase:0xa60000
              File size:33'280 bytes
              MD5 hash:5E460456A6586D424DDE3B82365F6113
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000000.2038999360.0000000000A62000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
              • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000000.2038999360.0000000000A62000.00000002.00000001.01000000.00000003.sdmp, Author: ditekSHen
              • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000002.4483157673.0000000002E71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
              Reputation:low
              Has exited:false

              Disassembly

              Reset < >

                Executed Functions

                Function 00007FF848F32040 Relevance: 2.3, Strings: 1, Instructions: 1001COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID: 0-3916222277
                • Opcode ID: fa21320a561e055e2079f17f2e8131f47e183c8fa35df8f52ea460cf79fac320
                • Instruction ID: c26b20268f324a7b699988e00910db3665d9e8b307c4eb05c8772f8593324824
                • Opcode Fuzzy Hash: fa21320a561e055e2079f17f2e8131f47e183c8fa35df8f52ea460cf79fac320
                • Instruction Fuzzy Hash: 4D628B30F1D91A8FEA94FB28845667973D2EF99380F90457AD40EC36C6DF39E8428785
                Function 00007FF848F35F46 Relevance: .5, Instructions: 477COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 631e8af4e4b9f34d90eb46759a35cce951615e3793788ccef655429ead39453a
                • Instruction ID: 2f80113b185b3f0510e736c96c018f86fc31c9d3f128ea3b3d9fc3f2a8708c41
                • Opcode Fuzzy Hash: 631e8af4e4b9f34d90eb46759a35cce951615e3793788ccef655429ead39453a
                • Instruction Fuzzy Hash: AAF1953090CA8D8FEBA8EF28D8557E977D1FF55350F04426EE84DC7291CB38A9458B85
                Function 00007FF848F36CF2 Relevance: .5, Instructions: 463COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 76de5a77e9c8b8e35f2dfb4faafe923b01f27868ea0f7c51aea59981732eb32c
                • Instruction ID: 2799675805719706c3f903f7ee91430133828dec2edabd09fa51b296d7421e55
                • Opcode Fuzzy Hash: 76de5a77e9c8b8e35f2dfb4faafe923b01f27868ea0f7c51aea59981732eb32c
                • Instruction Fuzzy Hash: 96E1A23090CA8E8FEBA8EF28C8557E977D1EF54350F14426EE84DC7295DF78A8448B85
                Function 00007FF848F30550 Relevance: 1.5, Strings: 1, Instructions: 235COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID: xH
                • API String ID: 0-4016803164
                • Opcode ID: 49c5d71a2c6fae40b6dcbb6890a85e171f14106ea7a12f6991c420adbcf905bc
                • Instruction ID: f8e808f9b32a93f1d914232bb364888c38ffff8783417b862e8467d06925c1bd
                • Opcode Fuzzy Hash: 49c5d71a2c6fae40b6dcbb6890a85e171f14106ea7a12f6991c420adbcf905bc
                • Instruction Fuzzy Hash: 9F710331D0D6498FE758FB28C8156B97BE1EF95350F04427BE00DC72D2DF28A8868791
                Function 00007FF848F3148D Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID: xH
                • API String ID: 0-4016803164
                • Opcode ID: de7457cf77df62adadeb79087e978a286e6b8f4076fa0ab6bd1284a01742f13e
                • Instruction ID: 257effe80acab0d13c76443ef73c600e5260e8735c299040e33dad1d3d4efdc3
                • Opcode Fuzzy Hash: de7457cf77df62adadeb79087e978a286e6b8f4076fa0ab6bd1284a01742f13e
                • Instruction Fuzzy Hash: C021D371C0D54ACFE754FB24C8652B477A0EF563A4F9841B6E40DCB1C2DF29A8868794
                Function 00007FF848F37EB1 Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID: d
                • API String ID: 0-2564639436
                • Opcode ID: 958317c443c812bd5f6b23a1094b5ebb73ecd9174bd1b757b5287e0d3f8556fa
                • Instruction ID: 03ded6c6967eb1d3c13a199792e0de495ba835515f24afeab99c0d51e716168f
                • Opcode Fuzzy Hash: 958317c443c812bd5f6b23a1094b5ebb73ecd9174bd1b757b5287e0d3f8556fa
                • Instruction Fuzzy Hash: F421A431C0CA9A8FEB00ABB4D8596E9BBE0FF45360F0501BBD45DD71D2DB2C584587A5
                Function 00007FF848F30758 Relevance: .4, Instructions: 392COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 75bdc68ea3f60cbb3f0a1fb931dd1f19ee35f1b78ce372fa00333ecce0c6403e
                • Instruction ID: 15b1fd2f4296e57f546d6e43b4287cf55d588d30e712a092e763226b0ec37412
                • Opcode Fuzzy Hash: 75bdc68ea3f60cbb3f0a1fb931dd1f19ee35f1b78ce372fa00333ecce0c6403e
                • Instruction Fuzzy Hash: 18C10470E1C9598FE799FB2894A867977E1FB99394F40067AD00EC36D2CF38E8418781
                Function 00007FF848F3237D Relevance: .4, Instructions: 385COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 109a410dd1dadddacabebd2f18c7e8b1df0fd321a2e0f90b94d7fdd32bbbc096
                • Instruction ID: 956062b59b40ec91b5438333d74a76be476ccd89772072d209121cd89f836eb6
                • Opcode Fuzzy Hash: 109a410dd1dadddacabebd2f18c7e8b1df0fd321a2e0f90b94d7fdd32bbbc096
                • Instruction Fuzzy Hash: 90C16671F1C98A4FE799A73C54292B97BE2FF94791F04017AD04EC32C7DE28A8468385
                Function 00007FF848F36906 Relevance: .3, Instructions: 336COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f3813fd32017d673312650b4abf5c9404e416b290b3a731ee879a815dfaca8bc
                • Instruction ID: b4ceafbfc5be844cc8c4bf0c04b7d7cbd6bb42a09c2b1d0ca0249e3bbf94350f
                • Opcode Fuzzy Hash: f3813fd32017d673312650b4abf5c9404e416b290b3a731ee879a815dfaca8bc
                • Instruction Fuzzy Hash: 70B1E53050CA8D4FEB68EF28D8557E93BD1FF55350F14826EE84DC7292CB3898458B86
                Function 00007FF848F38609 Relevance: .3, Instructions: 277COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ad6805319ebf82f9372f61f2337f35c7ef4e522c0d0f54088a9ee217e97d213e
                • Instruction ID: 6cb5286e3c55e3a3b642a6b9af3f6c075ee5c15abc0a31916e5136c38306ebcb
                • Opcode Fuzzy Hash: ad6805319ebf82f9372f61f2337f35c7ef4e522c0d0f54088a9ee217e97d213e
                • Instruction Fuzzy Hash: A1810631E2DA4A4FE798F73888562A57BD1FF45391F9402BAD40DC71C2EF2CA8468395
                Function 00007FF848F38B4D Relevance: .3, Instructions: 256COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5b987b3337a441dea53491151cbfd06f6eb6f6470731c153480bff5dd48c508e
                • Instruction ID: 391c8de2bcd3329adccfbfce5b9ffb5383a4b126a768974e991aa5fd2d276108
                • Opcode Fuzzy Hash: 5b987b3337a441dea53491151cbfd06f6eb6f6470731c153480bff5dd48c508e
                • Instruction Fuzzy Hash: 5371E131A1C9594FDB98EB38D859AF9B7E1EF59351F44017AE00ED32D2CE2CA882C745
                Function 00007FF848F327C5 Relevance: .2, Instructions: 237COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 166a7ba16e45a5aa283a95ccc660b87e60267f60f8c57f42bd57c8b923a14297
                • Instruction ID: 9d01c63804d10412acdaa76a694a742c94e5851eb350198183c0d46899e27390
                • Opcode Fuzzy Hash: 166a7ba16e45a5aa283a95ccc660b87e60267f60f8c57f42bd57c8b923a14297
                • Instruction Fuzzy Hash: 0271D33072E9459FE784F76C846677AB3E2FF98345F640676D009C32D6DE2CA84187A2
                Function 00007FF848F37708 Relevance: .2, Instructions: 236COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b259f6eeb0b4a509f1bf2a186b8f69515cdd434c24720f8417351b20ddaf5e38
                • Instruction ID: d16d370286b3a20b368304e29b3823bbc23febff3fb945cc410d1cdec69dfbd0
                • Opcode Fuzzy Hash: b259f6eeb0b4a509f1bf2a186b8f69515cdd434c24720f8417351b20ddaf5e38
                • Instruction Fuzzy Hash: D831D272D0EAD64FE752B73C6C650E93FA0EF52250B0901F7D088CB1D3EB1818468396
                Function 00007FF848F38BA0 Relevance: .2, Instructions: 230COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b51dd5f47887f3c8f45e3db1e6e51a646bd19e311714b99b84534fe8adb546f4
                • Instruction ID: 424f84a15aa89395caa7d70807ec86857860c6eb4138e8b07d5aa8c4e797f75d
                • Opcode Fuzzy Hash: b51dd5f47887f3c8f45e3db1e6e51a646bd19e311714b99b84534fe8adb546f4
                • Instruction Fuzzy Hash: CB618231A189194FEB98FB68D459ABDB7E1EF98350F54017AE40ED32D2CE38A8418785
                Function 00007FF848F37718 Relevance: .2, Instructions: 229COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5eb962bfe326c355bc850270b08bce1a099d638165de48dd1a64a5af17fe38bc
                • Instruction ID: 6d28228c641afaf6bc71d2b900c59947738fb968c9eedf3ce91ce38682b058cc
                • Opcode Fuzzy Hash: 5eb962bfe326c355bc850270b08bce1a099d638165de48dd1a64a5af17fe38bc
                • Instruction Fuzzy Hash: 96319072D1EAD64FE752B73C6C650EA7FA0EF56650B0901F7D088CB1D3EB18184A8396
                Function 00007FF848F37728 Relevance: .2, Instructions: 218COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5ce5108f2b0646c3bdc470bf02de3dc9369e0cf3e7df3e45b7dbe3d189c7ef24
                • Instruction ID: 46d30825bc91e40dbc36483d6b964d47ba1f1fc8128797bafd8b2c71a0c50b45
                • Opcode Fuzzy Hash: 5ce5108f2b0646c3bdc470bf02de3dc9369e0cf3e7df3e45b7dbe3d189c7ef24
                • Instruction Fuzzy Hash: 5131B172D1EAD54FE752B73C68650EA7FA0EF56250B0901F7D088CB1D3EB181C498396
                Function 00007FF848F37F9D Relevance: .2, Instructions: 214COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 10d00299d3161222d077fab8c262475c84b1e7d283c1542e9377908164fcd8c5
                • Instruction ID: 71b3c0f592a04002c476e5e150471751b25d8922516de404c9be4f7080e7541c
                • Opcode Fuzzy Hash: 10d00299d3161222d077fab8c262475c84b1e7d283c1542e9377908164fcd8c5
                • Instruction Fuzzy Hash: D2517270918A1C8FDB58EF68D8457EDBBF1FF58311F10426AD44DD3292CB34A8468B81
                Function 00007FF848F30925 Relevance: .2, Instructions: 213COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f1d45ebaa4c2a778080dfd09317589e5b65afbaca5a8cb909b6032d8d4eb87b2
                • Instruction ID: c8b615c2300d57942306fd8c74ceda1d4e18d7fd45ed19023ad05e61afe5947f
                • Opcode Fuzzy Hash: f1d45ebaa4c2a778080dfd09317589e5b65afbaca5a8cb909b6032d8d4eb87b2
                • Instruction Fuzzy Hash: 5351D331F1E98A5FDB98F77894691BD7BE1FF88250B8005BBE40EC32C6DE2859058794
                Function 00007FF848F37738 Relevance: .2, Instructions: 211COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 840aa5dbc4f3569884228587226864129bd0ce323105b624d2fd4b38f3b69801
                • Instruction ID: b14d9e08d688d566e5dc3b9349343c19e6013b30aa0c87dbadc18fe0a034bd25
                • Opcode Fuzzy Hash: 840aa5dbc4f3569884228587226864129bd0ce323105b624d2fd4b38f3b69801
                • Instruction Fuzzy Hash: 1021F372D1EAD94FE752B73C6C660AA7FA0EF56250B0901F7E088C70D3EB181C098396
                Function 00007FF848F388C1 Relevance: .2, Instructions: 206COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7eb577c5debb92b6dc4afe6c6917c78b16353d3ec41ff68326e9c8365a30b84b
                • Instruction ID: 6ea723dbd3bfe5f1de455c202f3e3c20d062b75b6e16e72ec21b36573ce5ead8
                • Opcode Fuzzy Hash: 7eb577c5debb92b6dc4afe6c6917c78b16353d3ec41ff68326e9c8365a30b84b
                • Instruction Fuzzy Hash: 6B519030A2D959AFEB88FB28D8556B9B7E1FF48740F840176E40DD32D6DF38A8419741
                Function 00007FF848F37748 Relevance: .2, Instructions: 206COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d771f5086aec112b2cd27a6b823c04f1cb9b1b8046fbdb37053ac0063575cfdb
                • Instruction ID: f916ad105d57f05767539f3739dd3412a168d26fd56084cf0b2b4cc5370a0399
                • Opcode Fuzzy Hash: d771f5086aec112b2cd27a6b823c04f1cb9b1b8046fbdb37053ac0063575cfdb
                • Instruction Fuzzy Hash: FB212572D1EAD98FD742B73C68261AA7FB0EF56640B0901F3E048C71D7DA185C098392
                Function 00007FF848F31908 Relevance: .2, Instructions: 203COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a1cf1206a04d0a192f500adee956a047334cb132cd86aaa14c8b930711e76a04
                • Instruction ID: 3f17bba5d7aed4e3eb0cfc4becefa48c3239a4ebdb5a449818d738df3757d6b2
                • Opcode Fuzzy Hash: a1cf1206a04d0a192f500adee956a047334cb132cd86aaa14c8b930711e76a04
                • Instruction Fuzzy Hash: B7611630D0D68A4FEB4AE73444216A9BFE1EF56390F1802BAD059C71D3CF6C6886C765
                Function 00007FF848F37758 Relevance: .2, Instructions: 199COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1d281d041b7f68e59736c80da9c9d90f7e35f6fd9b01cf4a672865630160012f
                • Instruction ID: cc0be286001e10be9d6fd06ee3187d8b9742a25d06b92bce87e68e5b64184ea5
                • Opcode Fuzzy Hash: 1d281d041b7f68e59736c80da9c9d90f7e35f6fd9b01cf4a672865630160012f
                • Instruction Fuzzy Hash: 6F210272D1EAE98FD742F73C68660AA7FB0EF56650B0901F3E048C71D3EA181C098392
                Function 00007FF848F3383C Relevance: .2, Instructions: 197COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3d83c4a66055a40eaeafa28676b8c0e78331dc6aabd28bc4aad343a51a4e7f61
                • Instruction ID: 5c16d403fe53623df0fbefd44a53869fd31ae709710e21e5b1d2a87a53b6a926
                • Opcode Fuzzy Hash: 3d83c4a66055a40eaeafa28676b8c0e78331dc6aabd28bc4aad343a51a4e7f61
                • Instruction Fuzzy Hash: 70517F31908A1C8FDB58EB58D845BE9BBF1FB59310F0082AAD44DE3252CF34A9848F81
                Function 00007FF848F305A0 Relevance: .2, Instructions: 180COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a497e7d052362e24c7c520a693e7aae432b73f4d9fb3a0ab5c90f705076b064e
                • Instruction ID: 5ff507828f0e3fb93b760dc5b044d1ef152a72dd6b1aa018d7c109a232665846
                • Opcode Fuzzy Hash: a497e7d052362e24c7c520a693e7aae432b73f4d9fb3a0ab5c90f705076b064e
                • Instruction Fuzzy Hash: 2D415731F1D94A4FE394F73C945A67977D2EB85790F0804BAE84DC32D6DE18AC828785
                Function 00007FF848F31660 Relevance: .2, Instructions: 163COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7c8d67b3a03d3ef4d87e944676790744434d17bb85d0a659d871e45f40620506
                • Instruction ID: c5fbb5055222285f8972a0960df0821b83e851792d416c6221e0f270e7832b52
                • Opcode Fuzzy Hash: 7c8d67b3a03d3ef4d87e944676790744434d17bb85d0a659d871e45f40620506
                • Instruction Fuzzy Hash: 1B51B374A0CA4D8FEB98FB68D469BB977E0FB15311F04017EE40AC3691DB759885CB80
                Function 00007FF848F31FA5 Relevance: .2, Instructions: 163COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 28d944ac7265eaa3d44b834c66bd270eb74d315914ba1dae8d001a6521f56c6e
                • Instruction ID: 13a4f3710b3ff9b8c8f6d9c4a1d123a18a2463f505f53cb08f5d3f62660f5ef7
                • Opcode Fuzzy Hash: 28d944ac7265eaa3d44b834c66bd270eb74d315914ba1dae8d001a6521f56c6e
                • Instruction Fuzzy Hash: AC515872E0DA894FE755F77898162B9BBE0FF96750F1401BBD048C71C7EB28A8468385
                Function 00007FF848F30B5E Relevance: .2, Instructions: 160COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8a0494f2282537fcda920c82432a8ad842d1326b209df191e0cece5e8b24bd33
                • Instruction ID: a43dc593e2c68dd6e77e84808e6ec10000992d4deed6f9bb661576815ed4ff37
                • Opcode Fuzzy Hash: 8a0494f2282537fcda920c82432a8ad842d1326b209df191e0cece5e8b24bd33
                • Instruction Fuzzy Hash: 7A412520B1EA891FE389E73C5829279BBD1EF9A655F0801FBE44DC72D3CE185C068351
                Function 00007FF848F304C8 Relevance: .1, Instructions: 138COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 02a9c66186ee08195612b80e2bc641a96852f646002175382f5bf6f8736ced3c
                • Instruction ID: 72840b85b06d41a2ab5e87c35a6a254c557e2783524cb10dfd9305c464780c6e
                • Opcode Fuzzy Hash: 02a9c66186ee08195612b80e2bc641a96852f646002175382f5bf6f8736ced3c
                • Instruction Fuzzy Hash: AD31DF31B1D94D5FE788FB2C986A379A6C2EB98755F0406BAE40EC32D7DE289C418341
                Function 00007FF848F30E11 Relevance: .1, Instructions: 132COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 613047ecf02ed6964decf409e63fac899aac6cb4f8b351020539c979af3c2817
                • Instruction ID: 02777ed571b21e63975af61bd82ed2aa314f3b36a745235f971d15f1c7090c9e
                • Opcode Fuzzy Hash: 613047ecf02ed6964decf409e63fac899aac6cb4f8b351020539c979af3c2817
                • Instruction Fuzzy Hash: 8B31B021F2A90A9FE784B7BC581A3B9B6D2FF98791F040277E40DD3296DE2898414351
                Function 00007FF848F30CC1 Relevance: .1, Instructions: 121COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8e471ac62ff867e2c611cd1b968a0f4a0864928e1c19937dea0763ec5da70011
                • Instruction ID: d0488ef1325244952ba1471bf10b4f391a0d5a0e2d76b32194a40be808bdaa02
                • Opcode Fuzzy Hash: 8e471ac62ff867e2c611cd1b968a0f4a0864928e1c19937dea0763ec5da70011
                • Instruction Fuzzy Hash: 2D41B030E1994A9FEB85FB7888656B97BB1FF88340F90057AD409D32C6DE2C68058790
                Function 00007FF848F30E30 Relevance: .1, Instructions: 116COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 514b7a9f33c2c36bc90d0fe545207c62cc6d9ae6c2d121a9c4506047089be5bc
                • Instruction ID: 1e526846b253bcdb9e8a2eea4c84c95ba4f693be7273bba247bd9bd7c18ba7d6
                • Opcode Fuzzy Hash: 514b7a9f33c2c36bc90d0fe545207c62cc6d9ae6c2d121a9c4506047089be5bc
                • Instruction Fuzzy Hash: 4231B121F2AD0E9FE784B7BC581A3BDB6D2FB98B91F100277E40DD3286DE2898414751
                Function 00007FF848F39679 Relevance: .1, Instructions: 114COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b0df857eea399672aa25f8125efdaaf01a26ccfe53b2562272b82da2c4950d70
                • Instruction ID: cd9b89cec73a216a28f7f4b4525a4be9924d23b0fe4a148124bad1ffc8332de3
                • Opcode Fuzzy Hash: b0df857eea399672aa25f8125efdaaf01a26ccfe53b2562272b82da2c4950d70
                • Instruction Fuzzy Hash: 9331B631B0D6588FDB94F73888567BA77E1FF99360F5501BAD409C71D2DB38A8428781
                Function 00007FF848F381C9 Relevance: .1, Instructions: 102COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ce1a25b1463f45f4d3e24e97b7e2eaa91bd43657717fc8861078249ae6ff1500
                • Instruction ID: 8704df9e04240ea900efdb054c0b986516937c36088eb1b6ce534c2e56cf5523
                • Opcode Fuzzy Hash: ce1a25b1463f45f4d3e24e97b7e2eaa91bd43657717fc8861078249ae6ff1500
                • Instruction Fuzzy Hash: 5C31F630A1CE899FDB86FB38C4965A97BE1FF16351B4402A7D049C72D6DB38B885C781
                Function 00007FF848F3AB05 Relevance: .1, Instructions: 101COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fba2856beb5acb96dc361d8a817dff21024c8627422ec0e2bd2d9cce08baa9e8
                • Instruction ID: dd11feb9a09df184066280347779d619dc26e049f4d13d770abae76bf05f49b3
                • Opcode Fuzzy Hash: fba2856beb5acb96dc361d8a817dff21024c8627422ec0e2bd2d9cce08baa9e8
                • Instruction Fuzzy Hash: 3E31903140D7489FCB15DBA8C885AE9BBF0FB56320F0482AFD089C3552D764A449CB51
                Function 00007FF848F384C5 Relevance: .1, Instructions: 99COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0c662ab2442089f3e92996a1ed6080ffe5a7f5e6150204bbc522f0dfaeb8a0dc
                • Instruction ID: 9e49d57ec102bea746a20634345603446488ea4ff1ab4faa58118d940d0909ea
                • Opcode Fuzzy Hash: 0c662ab2442089f3e92996a1ed6080ffe5a7f5e6150204bbc522f0dfaeb8a0dc
                • Instruction Fuzzy Hash: 4031CD32D1D58AAFE785A7649C632FA7BB1FF453A0F8441BBD009875D2DF1C29028395
                Function 00007FF848F38362 Relevance: .1, Instructions: 96COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 49693664f57a93087dd2a8f405e8bb5bee119c5a44f5b417b6aef8b7335421e6
                • Instruction ID: eb0acbb48d6ca75be3a1dadfc0b08ec11f6b0c0a77a14a97e10d03c0059edf1d
                • Opcode Fuzzy Hash: 49693664f57a93087dd2a8f405e8bb5bee119c5a44f5b417b6aef8b7335421e6
                • Instruction Fuzzy Hash: 44318D71B189099FEF84FB6890592BD77E2EF98351F84013AD40DD3396DF39A8418744
                Function 00007FF848F3A911 Relevance: .1, Instructions: 80COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8a185d1ceb2163850ce27ec30ddda6d58dc706030960bc667133efbe59e45b38
                • Instruction ID: f8f5da86ba091794f67f214b315c413f54d9a82a4659b5aeb6b6abc5d55ae1bd
                • Opcode Fuzzy Hash: 8a185d1ceb2163850ce27ec30ddda6d58dc706030960bc667133efbe59e45b38
                • Instruction Fuzzy Hash: 7421D520A2E95A9FE745B77C58267B977D1FF58740F9402B6E00CC32C3DE2C684583A6
                Function 00007FF848F38662 Relevance: .1, Instructions: 78COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e7d060c400d0c04dbb3f077c1ad710033dc0cfa203482aac95238db8e2f8ee45
                • Instruction ID: 2d8c6802971e567c180450138f0e20097352a2e4afa7a5ba9867fc842e1dcabe
                • Opcode Fuzzy Hash: e7d060c400d0c04dbb3f077c1ad710033dc0cfa203482aac95238db8e2f8ee45
                • Instruction Fuzzy Hash: AB116071E2990A5FE748FB2898592B47391FF543A1F50467AC01AC31C6DF2DA84A8295
                Function 00007FF848F32A6A Relevance: .1, Instructions: 74COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b5bbc200019f0c244b4656a3222d941430347d45f856e0e36bd742ffc1b95664
                • Instruction ID: a29fad8584ed0d876b1ea31c0b7750858922bb21ac72efa35c8e9e3a5e6ec31b
                • Opcode Fuzzy Hash: b5bbc200019f0c244b4656a3222d941430347d45f856e0e36bd742ffc1b95664
                • Instruction Fuzzy Hash: 3411632072B9099BF984B3AD64163BAB2D3EFE8340F640536E40CC32D7DD5CAC4142A6
                Function 00007FF848F313D5 Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0eaf38e08e34c0fda414e2adf217e2b7c19433b4d1583eb0d61cbf7313109e97
                • Instruction ID: 690e8b7dd1008ea6c984b715d350c1e1299a4aacb0704d86ce45f27a8baa4ccf
                • Opcode Fuzzy Hash: 0eaf38e08e34c0fda414e2adf217e2b7c19433b4d1583eb0d61cbf7313109e97
                • Instruction Fuzzy Hash: D221D531E0D6529FF795B77884162B836A1EF923D0F540177E409C72C3DF2CA8568359
                Function 00007FF848F312C1 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 41b85237ed074e1a6543a0ab2c7d9304fe720a079a814cce78958ae2faaccd65
                • Instruction ID: 735f1a776038465648c6510a02ed3461bfc03188f1e30e22905126b16b173ece
                • Opcode Fuzzy Hash: 41b85237ed074e1a6543a0ab2c7d9304fe720a079a814cce78958ae2faaccd65
                • Instruction Fuzzy Hash: FB11D6B1D0C6CD8FE78DEB3898B92B97FE0EBA5200F8401AFD449E7692DA3500858741
                Function 00007FF848F39562 Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 48367eda4894a28d15fa02e9e399ad6742e903a3accadc28e6abaf1b125d1468
                • Instruction ID: 3b63e4a7b97b0da13a2eecc45cd162cf1947d33695aeececca1f3573060c6270
                • Opcode Fuzzy Hash: 48367eda4894a28d15fa02e9e399ad6742e903a3accadc28e6abaf1b125d1468
                • Instruction Fuzzy Hash: E5118E2590F6CA4FD753737418220E9BFA0AF43290F4904FBD089CB9E3DA0E150AC346
                Function 00007FF848F37DF1 Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3553091494eb4d899b53036e0bc8126a2ed66f58b1289cc17880c24ae2020f38
                • Instruction ID: f94807f70dfccd623f3b9fbfc0d0c3bc2e46ffcce1809b2a5a8b025133b842ba
                • Opcode Fuzzy Hash: 3553091494eb4d899b53036e0bc8126a2ed66f58b1289cc17880c24ae2020f38
                • Instruction Fuzzy Hash: C2012272D09A9D4FDB45EBB8885A1FD7BF0FF19201F0001BBD008D71D2EB2899408782
                Function 00007FF848F3AA69 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c8f09e12159a250325ef90a50b5e2636a0fe9105444953b0dffda23895452566
                • Instruction ID: 34cb808f8e810b97c8c057ccf7fc2f8d9dfa0c12b19a516855bcdf217c3a54aa
                • Opcode Fuzzy Hash: c8f09e12159a250325ef90a50b5e2636a0fe9105444953b0dffda23895452566
                • Instruction Fuzzy Hash: D0F0AF31B1DC1A8FFB98F76841062BA73D2EB88781F40513AD84EC32C2DF28A8814748
                Function 00007FF848F3135D Relevance: .0, Instructions: 38COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d6876c7d5330d52a2e9e4edfb3b7eaba1c32c709e1040f62362e8ca6e4ad58c5
                • Instruction ID: e1ce57897bf0a53b5a6116d0f7cb03898b21b3afb468fdfcc63941dd73dca9ee
                • Opcode Fuzzy Hash: d6876c7d5330d52a2e9e4edfb3b7eaba1c32c709e1040f62362e8ca6e4ad58c5
                • Instruction Fuzzy Hash: AA01F430E1E6968FF7A5B778446A27C2AE1EFA1380F4400BBE409C26C7DF5CA8858345
                Function 00007FF848F3143B Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 859ef9c3094fded374cf6ef091758f4a010b0eff8e7a98ee7e0a2ebd49f4411e
                • Instruction ID: 13c700d5128d8d01938f8d8c0e32af32065cfe5c7c35c86a68b5b4f9d2ba33e3
                • Opcode Fuzzy Hash: 859ef9c3094fded374cf6ef091758f4a010b0eff8e7a98ee7e0a2ebd49f4411e
                • Instruction Fuzzy Hash: FEF0CD30D0C512CFF351F728C04167872A2EFA6390F500236E40DC22C2CF38B8A68799
                Function 00007FF848F39615 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 728cd614fb5ab371ca4d0e109b056a934ed79d2b7e435a819140240b38e1c33d
                • Instruction ID: a32055f76f3764e031d95bb9cfdd0fbd28483bc9c4bcb673a90f906aa7620b1c
                • Opcode Fuzzy Hash: 728cd614fb5ab371ca4d0e109b056a934ed79d2b7e435a819140240b38e1c33d
                • Instruction Fuzzy Hash: FCE04F71D5D7DA4ED753772448150E9BF60EE53240F4901EBE498C64D3E6591628C392
                Function 00007FF848F31284 Relevance: .0, Instructions: 26COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d3a69c24d03fe2419b12964640b2c55154c9858e49e85f76b03d40ea01294cf5
                • Instruction ID: f8bad8707e1957237572334ab7f8efc0f1513f25d874b051fcc48e264f34dea7
                • Opcode Fuzzy Hash: d3a69c24d03fe2419b12964640b2c55154c9858e49e85f76b03d40ea01294cf5
                • Instruction Fuzzy Hash: A8D01215C5D2C64FE70B33780C565947F508A572E0F4902D2D494D74D7E94D54AA4276
                Function 00007FF848F31141 Relevance: .0, Instructions: 26COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4485104936.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848f30000_1727269807db8b68b2c9b1c9bdd42030655a5e439e971ba77503b2390bf7da0c092807.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 28bf73f6fc3357ad304e268fdadca6cb83c6be8bc900805f001b1adf0fd69199
                • Instruction ID: 5c387b14b3375f3258d11b369d1b413570f7ede8f04b9ac245c79a771e86f8fd
                • Opcode Fuzzy Hash: 28bf73f6fc3357ad304e268fdadca6cb83c6be8bc900805f001b1adf0fd69199
                • Instruction Fuzzy Hash: 15E0C23286878C4FD7426B6058121DA7B24EF65200F4105CBF80887092E72096188382