Windows
Analysis Report
17334769266ba75a70859e94894e9fae5c33bba300e2b004c1166d236dc1ab2c8ff5669916631.dat-decoded.exe
Overview
General Information
Sample name: | 17334769266ba75a70859e94894e9fae5c33bba300e2b004c1166d236dc1ab2c8ff5669916631.dat-decoded.exe |
Analysis ID: | 1569842 |
MD5: | c8406a867e34927d2548617585974093 |
SHA1: | 063c29b27e011c88badf9caa46b98bbf29881552 |
SHA256: | 9725cb27377a320cb84dee9c2c97a2d7decf3700907d159919f9d6c9929c0f20 |
Tags: | base64-decodedexeuser-abuse_ch |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- 17334769266ba75a70859e94894e9fae5c33bba300e2b004c1166d236dc1ab2c8ff5669916631.dat-decoded.exe (PID: 7312 cmdline:
"C:\Users\ user\Deskt op\1733476 9266ba75a7 0859e94894 e9fae5c33b ba300e2b00 4c1166d236 dc1ab2c8ff 5669916631 .dat-decod ed.exe" MD5: C8406A867E34927D2548617585974093)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
XWorm | Malware with wide range of capabilities ranging from RAT to ransomware. | No Attribution |
{
"C2 url": [
"87.120.116.179"
],
"Port": 1300,
"Aes key": "<123456789>",
"SPL": "<Xwormmm>",
"Install file": "USB.exe"
}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
JoeSecurity_XWorm | Yara detected XWorm | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
|
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-06T10:45:10.012561+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49736 | 20.42.65.92 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-06T10:45:20.237526+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:45:22.870232+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:45:34.309199+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:45:48.403113+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:45:52.887469+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:02.639083+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:13.402380+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:13.562024+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:13.724184+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:13.876027+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:22.869345+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:27.767485+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:33.979100+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:36.452951+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:40.276703+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:44.137052+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:52.902883+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:54.418333+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:59.063572+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:59.417186+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:59.773008+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:00.473181+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:09.449488+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:16.143283+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:16.334308+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:16.457414+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:19.544350+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:21.526502+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:21.718667+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:21.840787+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:22.465356+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:22.907378+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:23.108367+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:25.714803+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:29.092532+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:41.762165+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:41.954174+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:42.077023+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:46.902252+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:47.094156+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:52.199422+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:52.363559+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:52.951124+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:57.449464+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:57.641728+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:57.763339+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:03.034445+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:07.939322+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:08.131093+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:08.254189+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:08.322968+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:15.126432+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:16.312336+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:18.183822+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:18.342394+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:18.505216+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:19.824741+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:20.360184+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:22.936353+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:23.605547+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:28.481776+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:28.673621+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:29.699284+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:33.605831+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:34.857856+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:38.028728+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:45.012283+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:50.625045+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:52.938051+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:53.966851+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:54.158946+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:55.590414+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:49:07.778575+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:49:21.871580+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:49:22.960803+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-06T10:45:20.288983+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:45:34.311152+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:45:48.405595+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:46:02.641232+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:46:13.411872+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:46:13.563967+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:46:13.726688+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:46:13.888252+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:46:27.769536+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:46:33.988588+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:46:36.455715+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:46:40.284552+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:46:44.139066+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:46:54.420364+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:46:59.065599+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:46:59.367937+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:46:59.680450+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:00.289979+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:09.451846+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:16.145186+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:16.335935+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:16.459198+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:19.546498+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:21.528755+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:21.720390+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:21.842659+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:22.468717+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:23.110030+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:25.726058+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:29.273081+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:41.765210+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:41.956201+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:42.081413+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:46.904504+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:47.096237+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:52.204403+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:52.369057+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:52.518040+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:57.451448+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:57.643532+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:57.765339+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:03.040925+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:07.942054+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:08.138182+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:08.269111+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:08.389111+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:15.129377+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:16.315944+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:18.192988+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:18.344169+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:18.752539+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:19.826458+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:20.363527+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:23.608404+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:28.484139+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:28.676030+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:29.703199+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:33.608108+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:34.869441+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:38.030315+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:45.016030+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:50.628005+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:53.968753+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:54.160638+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:55.597858+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:49:07.779320+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:49:21.872515+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-06T10:45:22.870232+0100 | 2852874 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:45:52.887469+0100 | 2852874 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:22.869345+0100 | 2852874 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:52.902883+0100 | 2852874 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:22.907378+0100 | 2852874 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:52.951124+0100 | 2852874 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:22.936353+0100 | 2852874 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:52.938051+0100 | 2852874 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:49:22.960803+0100 | 2852874 | 1 | Malware Command and Control Activity Detected | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-06T10:47:41.368508+0100 | 2853193 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
- • AV Detection
- • Compliance
- • Networking
- • Key, Mouse, Clipboard, Microphone and Screen Capturing
- • System Summary
- • Data Obfuscation
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Anti Debugging
- • Language, Device and Operating System Detection
- • Lowering of HIPS / PFW / Operating System Security Settings
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Source: | Static PE information: |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | Suricata IDS: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | .Net Code: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process Stats: |
Source: | Code function: | 0_2_00007FFD9A40A6A4 | |
Source: | Code function: | 0_2_00007FFD9A4074D2 | |
Source: | Code function: | 0_2_00007FFD9A406726 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 0_2_00007FFD9A4029E1 | |
Source: | Code function: | 0_2_00007FFD9A402A21 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Anti Debugging |
---|
Source: | Process Stats: |
Source: | Process token adjusted: | Jump to behavior |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Memory allocated: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 11 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | 1 Input Capture | 211 Security Software Discovery | Remote Services | 1 Input Capture | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 232 Virtualization/Sandbox Evasion | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | 11 Archive Collected Data | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Deobfuscate/Decode Files or Information | Security Account Manager | 232 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Software Packing | LSA Secrets | 13 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
84% | ReversingLabs | ByteCode-MSIL.Spyware.AsyncRAT | ||
100% | Avira | TR/Spy.Gen | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
87.120.116.179 | unknown | Bulgaria | 25206 | UNACS-AS-BG8000BurgasBG | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1569842 |
Start date and time: | 2024-12-06 10:44:09 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 16s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 5 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 17334769266ba75a70859e94894e9fae5c33bba300e2b004c1166d236dc1ab2c8ff5669916631.dat-decoded.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@1/0@0/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, W MIADAP.exe, SIHClient.exe, con host.exe - Excluded IPs from analysis (wh
itelisted): 93.184.221.240 - Excluded domains from analysis
(whitelisted): slscr.update.m icrosoft.com, otelrules.azuree dge.net, ctldl.windowsupdate.c om.delivery.microsoft.com, wu. ec.azureedge.net, bg.apr-52dd2 -0503.edgecastdns.net, cs11.wp c.v0cdn.net, hlb.apr-52dd2-0.e dgecastdns.net, ctldl.windowsu pdate.com, umwatson.events.dat a.microsoft.com, wu-b-net.traf ficmanager.net, wu.azureedge.n et, fe3cr.delivery.mp.microsof t.com - Not all processes where analyz
ed, report is missing behavior information - VT rate limit hit for: 173347
69266ba75a70859e94894e9fae5c33 bba300e2b004c1166d236dc1ab2c8f f5669916631.dat-decoded.exe
Time | Type | Description |
---|---|---|
04:45:04 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
UNACS-AS-BG8000BurgasBG | Get hash | malicious | XenoRAT | Browse |
| |
Get hash | malicious | XenoRAT | Browse |
| ||
Get hash | malicious | Amadey, AsyncRAT, Stealc, Vidar | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AveMaria, DBatLoader, UACMe | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | Discord Token Stealer, GuLoader | Browse |
| ||
Get hash | malicious | AsyncRAT, XWorm | Browse |
|
File type: | |
Entropy (8bit): | 5.609837847610175 |
TrID: |
|
File name: | 17334769266ba75a70859e94894e9fae5c33bba300e2b004c1166d236dc1ab2c8ff5669916631.dat-decoded.exe |
File size: | 36'864 bytes |
MD5: | c8406a867e34927d2548617585974093 |
SHA1: | 063c29b27e011c88badf9caa46b98bbf29881552 |
SHA256: | 9725cb27377a320cb84dee9c2c97a2d7decf3700907d159919f9d6c9929c0f20 |
SHA512: | 035a1a8b0b3954dd94bc06afd6fe3406a087da0daa83bdd4dfe1b6496b9c7e4cf4e020110a000b8a955e4d768ecd7e9e6797d8ff5a2432df4cbea9482d785408 |
SSDEEP: | 768:kL13A5Uno9RfHWa2BLTeo8icH1bxbFb9E2OMhJQXvv:ixA5Uno9JHWXHeNicH1bBFb9E2OMH6v |
TLSH: | 44F24B48BBA04216D9ED6BF4A97372020274D613D917EB4E4CD48ADB6F23BC08D513EA |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....IPg................................. ........@.. ....................................@................................ |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x40a5de |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x6750490C [Wed Dec 4 12:20:28 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xa590 | 0x4b | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xc000 | 0x4d0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xe000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x85e4 | 0x8600 | d3f56dee6c09309eed278f2ef1c580ad | False | 0.49897971082089554 | data | 5.746421584021758 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0xc000 | 0x4d0 | 0x600 | cf5ebb40b8bed86b9818d45ec3dc9abd | False | 0.3736979166666667 | data | 3.6896378340282547 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xe000 | 0xc | 0x200 | 0a3a083968c42d8366b2de0e8564a094 | False | 0.044921875 | data | 0.08153941234324169 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0xc0a0 | 0x23c | data | 0.4772727272727273 | ||
RT_MANIFEST | 0xc2e0 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5469387755102041 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Download Network PCAP: filtered – full
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-06T10:45:10.012561+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49736 | 20.42.65.92 | 443 | TCP |
2024-12-06T10:45:19.843682+0100 | 2855924 | ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:45:20.237526+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:45:20.288983+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:45:22.870232+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:45:22.870232+0100 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:45:34.309199+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:45:34.311152+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:45:48.403113+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:45:48.405595+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:45:52.887469+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:45:52.887469+0100 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:02.639083+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:02.641232+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:46:13.402380+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:13.411872+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:46:13.562024+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:13.563967+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:46:13.724184+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:13.726688+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:46:13.876027+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:13.888252+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:46:22.869345+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:22.869345+0100 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:27.767485+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:27.769536+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:46:33.979100+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:33.988588+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:46:36.452951+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:36.455715+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:46:40.276703+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:40.284552+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:46:44.137052+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:44.139066+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:46:52.902883+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:52.902883+0100 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:54.418333+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:54.420364+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:46:59.063572+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:59.065599+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:46:59.367937+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:46:59.417186+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:46:59.680450+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:46:59.773008+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:00.289979+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:00.473181+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:09.449488+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:09.451846+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:16.143283+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:16.145186+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:16.334308+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:16.335935+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:16.457414+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:16.459198+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:19.544350+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:19.546498+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:21.526502+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:21.528755+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:21.718667+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:21.720390+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:21.840787+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:21.842659+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:22.465356+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:22.468717+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:22.907378+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:22.907378+0100 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:23.108367+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:23.110030+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:25.714803+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:25.726058+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:29.092532+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:29.273081+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:41.368508+0100 | 2853193 | ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:41.762165+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:41.765210+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:41.954174+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:41.956201+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:42.077023+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:42.081413+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:46.902252+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:46.904504+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:47.094156+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:47.096237+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:52.199422+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:52.204403+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:52.363559+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:52.369057+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:52.518040+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:52.951124+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:52.951124+0100 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:57.449464+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:57.451448+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:57.641728+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:57.643532+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:47:57.763339+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:47:57.765339+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:03.034445+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:03.040925+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:07.939322+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:07.942054+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:08.131093+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:08.138182+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:08.254189+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:08.269111+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:08.322968+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:08.389111+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:15.126432+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:15.129377+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:16.312336+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:16.315944+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:18.183822+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:18.192988+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:18.342394+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:18.344169+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:18.505216+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:18.752539+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:19.824741+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:19.826458+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:20.360184+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:20.363527+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:22.936353+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:22.936353+0100 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:23.605547+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:23.608404+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:28.481776+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:28.484139+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:28.673621+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:28.676030+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:29.699284+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:29.703199+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:33.605831+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:33.608108+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:34.857856+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:34.869441+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:38.028728+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:38.030315+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:45.012283+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:45.016030+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:50.625045+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:50.628005+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:52.938051+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:52.938051+0100 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:53.966851+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:53.968753+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:54.158946+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:54.160638+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:48:55.590414+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:48:55.597858+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:49:07.778575+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:49:07.779320+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:49:21.871580+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:49:21.872515+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.4 | 49735 | 87.120.116.179 | 1300 | TCP |
2024-12-06T10:49:22.960803+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
2024-12-06T10:49:22.960803+0100 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 87.120.116.179 | 1300 | 192.168.2.4 | 49735 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 6, 2024 10:45:05.186167955 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:45:05.306550980 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:45:05.306648970 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:45:05.738723040 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:45:05.858526945 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:45:19.843682051 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:45:19.963715076 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:45:20.237525940 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:45:20.288983107 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:45:20.409085035 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:45:22.870232105 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:45:22.918912888 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:45:33.914980888 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:45:34.034883976 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:45:34.309199095 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:45:34.311151981 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:45:34.431222916 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:45:48.008822918 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:45:48.128803968 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:45:48.403112888 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:45:48.405595064 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:45:48.525791883 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:45:52.887469053 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:45:52.930049896 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:02.246356964 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:02.366173029 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:02.639082909 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:02.641232014 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:02.761806011 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:13.008929014 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:13.129084110 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:13.129143953 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:13.249716997 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:13.249948978 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:13.369836092 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:13.402379990 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:13.411871910 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:13.562024117 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:13.563966990 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:13.724184036 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:13.726687908 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:13.876027107 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:13.888252020 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:14.049182892 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:22.869344950 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:22.914593935 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:27.243412971 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:27.363166094 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:27.767484903 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:27.769536018 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:27.889362097 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:33.586899996 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:33.706589937 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:33.979099989 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:33.988588095 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:34.108608961 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:36.059278965 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:36.179469109 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:36.452950954 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:36.455714941 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:36.575560093 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:39.883794069 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:40.003727913 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:40.276702881 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:40.284552097 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:40.404437065 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:43.743320942 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:43.863301039 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:44.137052059 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:44.139065981 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:44.258941889 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:52.902883053 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:52.946005106 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:54.024393082 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:54.144891977 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:54.418333054 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:54.420363903 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:54.541729927 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:58.667418957 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:58.787292004 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:59.063571930 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:59.065598965 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:59.367937088 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:59.417186022 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:59.417237997 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:59.680449963 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:46:59.773008108 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:46:59.773083925 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:00.289978981 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:00.473181009 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:00.473825932 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:00.651269913 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:00.771188974 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:00.771524906 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:00.892559052 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:09.055834055 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:09.176001072 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:09.449487925 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:09.451845884 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:09.571563959 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:15.748862028 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:15.868773937 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:15.899707079 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:16.019608974 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:16.022021055 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:16.142059088 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:16.143282890 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:16.145185947 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:16.313008070 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:16.334307909 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:16.335935116 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:16.455915928 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:16.457413912 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:16.459197998 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:16.620971918 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:19.150639057 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:19.271411896 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:19.544349909 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:19.546498060 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:19.666583061 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:21.134125948 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:21.253855944 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:21.253921986 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:21.373634100 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:21.526501894 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:21.528754950 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:21.648647070 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:21.718667030 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:21.720390081 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:21.840786934 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:21.842255116 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:21.842658997 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:21.962565899 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:22.071508884 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:22.191566944 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:22.465356112 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:22.468717098 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:22.588489056 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:22.715538979 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:22.835527897 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:22.907377958 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:22.961821079 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:23.108366966 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:23.110029936 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:23.229948044 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:25.321643114 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:25.441330910 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:25.714802980 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:25.726058006 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:25.845925093 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:28.699567080 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:28.819417000 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:29.092531919 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:29.139988899 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:29.273081064 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:29.393006086 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:41.368508101 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:41.488224030 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:41.488292933 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:41.608093023 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:41.762165070 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:41.765209913 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:41.884985924 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:41.954174042 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:41.956201077 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:42.075941086 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:42.077023029 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:42.081413031 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:42.244812012 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:46.509144068 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:46.628983021 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:46.629065990 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:46.748944998 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:46.902251959 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:46.904504061 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:47.024844885 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:47.094156027 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:47.096236944 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:47.216108084 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:51.806175947 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:51.925874949 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:51.925935984 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:52.045588970 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:52.051687002 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:52.171717882 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:52.199421883 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:52.204402924 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:52.363559008 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:52.369056940 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:52.516213894 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:52.518039942 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:52.680814981 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:52.680875063 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:52.681824923 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:52.802202940 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:52.802403927 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:52.922161102 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:52.951123953 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:52.995703936 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:57.056154966 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:57.217859030 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:57.217911959 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:57.338135004 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:57.449464083 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:57.451447964 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:57.571254969 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:57.641727924 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:57.643532038 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:57.763283014 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:57.763339043 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:47:57.765338898 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:47:57.928839922 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:02.639758110 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:02.759607077 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:03.034445047 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:03.040925026 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:03.160695076 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:07.493711948 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:07.613665104 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:07.613714933 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:07.733819962 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:07.733874083 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:07.853730917 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:07.939321995 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:07.942054033 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:08.061898947 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:08.131093025 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:08.138181925 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:08.254189014 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:08.258013010 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:08.269110918 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:08.322968006 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:08.368455887 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:08.389014959 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:08.389111042 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:08.509263992 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:14.731827974 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:14.851886988 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:15.126431942 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:15.129376888 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:15.249219894 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:15.917193890 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:16.037113905 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:16.312335968 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:16.315943956 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:16.435825109 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:17.790541887 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:17.910288095 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:17.910342932 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:18.030004978 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:18.030072927 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:18.149851084 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:18.183821917 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:18.192987919 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:18.342394114 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:18.344168901 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:18.505215883 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:18.555902004 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:18.752538919 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:18.912877083 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:19.431268930 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:19.551178932 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:19.824740887 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:19.826457977 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:19.946203947 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:19.946284056 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:20.066220045 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:20.360183954 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:20.363527060 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:20.483381033 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:22.936352968 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:22.993417978 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:23.212667942 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:23.332529068 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:23.605546951 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:23.608403921 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:23.728775024 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:28.087753057 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:28.207899094 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:28.207989931 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:28.330106974 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:28.481775999 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:28.484138966 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:28.604140043 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:28.673620939 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:28.676029921 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:28.795805931 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:29.306423903 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:29.426429033 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:29.699284077 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:29.703198910 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:29.823060989 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:33.212765932 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:33.333093882 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:33.605830908 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:33.608108044 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:33.727932930 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:34.463936090 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:34.584708929 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:34.857856035 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:34.869441032 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:34.989300966 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:37.634497881 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:37.754292011 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:38.028728008 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:38.030314922 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:38.150254011 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:44.618890047 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:44.738696098 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:45.012283087 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:45.016030073 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:45.135766029 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:50.232011080 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:50.351932049 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:50.625045061 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:50.628005028 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:50.748209000 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:52.938050985 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:52.994214058 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:53.572060108 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:53.693777084 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:53.693840027 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:53.813699007 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:53.966850996 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:53.968753099 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:54.090375900 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:54.158946037 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:54.160638094 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:54.283411026 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:55.197129011 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:55.317107916 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:55.590414047 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:48:55.597857952 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:48:55.717677116 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:49:07.384638071 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:49:07.504575968 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:49:07.778574944 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:49:07.779320002 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:49:07.899149895 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:49:21.478472948 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:49:21.598882914 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:49:21.871579885 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:49:21.872514963 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Dec 6, 2024 10:49:21.992491007 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:49:22.960803032 CET | 1300 | 49735 | 87.120.116.179 | 192.168.2.4 |
Dec 6, 2024 10:49:23.009422064 CET | 49735 | 1300 | 192.168.2.4 | 87.120.116.179 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 04:45:00 |
Start date: | 06/12/2024 |
Path: | C:\Users\user\Desktop\17334769266ba75a70859e94894e9fae5c33bba300e2b004c1166d236dc1ab2c8ff5669916631.dat-decoded.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xee0000 |
File size: | 36'864 bytes |
MD5 hash: | C8406A867E34927D2548617585974093 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage
Dynamic/Packed Code Coverage
Signature Coverage
Execution Coverage: | 20.6% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 3 |
Total number of Limit Nodes: | 0 |
Graph
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|