Windows
Analysis Report
uPt3XcHAIA.exe
Overview
General Information
Sample name: | uPt3XcHAIA.exerenamed because original name is a hash value |
Original sample name: | 50bfc65f3fe6da315552cec46f02127ed91ddae075d6167f3c76606686cd1708.exe |
Analysis ID: | 1600635 |
MD5: | 652eb7df5ebb74a48f6d7ad357600fc0 |
SHA1: | 79ea7d68bcbd37946f326edd417f5b91833818a7 |
SHA256: | 50bfc65f3fe6da315552cec46f02127ed91ddae075d6167f3c76606686cd1708 |
Tags: | 176-113-115-225bookingexeuser-JAMESWT_MHT |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
uPt3XcHAIA.exe (PID: 800 cmdline:
"C:\Users\ user\Deskt op\uPt3XcH AIA.exe" MD5: 652EB7DF5EBB74A48F6D7AD357600FC0)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
XWorm | Malware with wide range of capabilities ranging from RAT to ransomware. | No Attribution |
{
"C2 url": [
"176.113.115.225"
],
"Port": 4444,
"Aes key": "P0WER",
"SPL": "<Xwormmm>",
"Install file": "USB.exe"
}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
rat_win_xworm_v3 | Finds XWorm (version XClient, v3) samples based on characteristic strings | Sekoia.io |
| |
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
JoeSecurity_XWorm | Yara detected XWorm | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
rat_win_xworm_v3 | Finds XWorm (version XClient, v3) samples based on characteristic strings | Sekoia.io |
| |
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
|
System Summary |
---|
Source: | Author: Florian Roth (Nextron Systems): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-27T19:47:39.849409+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:47:52.131264+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:47:57.039305+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:04.402459+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:16.686320+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:27.151743+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:27.163187+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:28.964727+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:34.042496+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:35.714190+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:35.835733+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:36.197200+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:36.318896+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:37.299149+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:43.199146+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:55.485317+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:56.948742+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:58.090441+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:01.855424+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:01.977426+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:02.097504+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:05.043384+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:05.731384+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:16.467237+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:17.408738+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:20.199269+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:22.588865+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:23.667111+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:26.955923+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:27.839320+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:30.043362+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:30.590204+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:37.964953+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:38.104743+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:38.606216+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:40.464737+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:41.669930+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:48.391758+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:48.513115+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:55.652066+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:56.960052+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:58.714945+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:01.326127+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:03.948546+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:04.069877+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:09.543453+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:14.389004+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:14.510962+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:14.793515+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:15.039625+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:19.729732+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:20.123457+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:20.288518+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:25.776654+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:26.949859+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:33.011407+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:41.552795+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:50.741885+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:55.091448+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:56.956385+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:51:07.637616+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:51:07.880853+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:51:14.394012+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:51:26.659458+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:51:26.970512+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:51:27.277260+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:51:27.870800+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:51:28.966439+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:51:41.789173+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:51:53.390592+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:51:56.977164+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-27T19:47:39.992320+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:47:52.135913+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:04.404846+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:16.688351+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:29.004969+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:34.050656+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:35.716105+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:35.838458+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:35.958312+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:35.963718+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:36.080554+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:36.198995+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:36.320892+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:36.441272+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:36.446938+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:37.308339+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:43.200985+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:55.491176+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:58.092835+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:01.857547+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:01.979620+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:02.099888+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:02.246038+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:02.251412+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:05.046752+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:05.733835+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:16.469716+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:17.411446+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:20.201262+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:22.591022+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:23.669746+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:27.842622+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:30.046263+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:30.592880+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:37.970446+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:38.106735+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:38.610620+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:40.466864+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:41.672149+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:48.394206+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:48.515518+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:55.654784+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:58.716661+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:01.330588+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:03.950418+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:04.072294+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:09.546670+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:14.396493+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:14.512766+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:14.799127+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:14.921011+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:15.044517+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:19.732916+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:20.127013+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:20.291043+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:25.779392+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:33.013795+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:41.558882+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:50.782118+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:55.094978+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:51:07.640451+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:51:14.397229+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:51:26.662682+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:51:27.279211+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:51:28.586024+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:51:28.967354+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:51:41.790066+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:51:53.391791+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-27T19:47:57.039305+0100 | 2858801 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-27T19:48:37.080337+0100 | 2858799 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
- • AV Detection
- • Compliance
- • Networking
- • System Summary
- • Data Obfuscation
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Anti Debugging
- • HIPS / PFW / Operating System Protection Evasion
- • Language, Device and Operating System Detection
- • Lowering of HIPS / PFW / Operating System Security Settings
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Source: | Static PE information: |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_00007FFD342770B2 | |
Source: | Code function: | 0_2_00007FFD3427A219 | |
Source: | Code function: | 0_2_00007FFD34276306 | |
Source: | Code function: | 0_2_00007FFD3427A219 | |
Source: | Code function: | 0_2_00007FFD3427B248 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Anti Debugging |
---|
Source: | Process Stats: |
Source: | Process token adjusted: | Jump to behavior |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Memory allocated: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 11 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Disable or Modify Tools | OS Credential Dumping | 221 Security Software Discovery | Remote Services | 11 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 232 Virtualization/Sandbox Evasion | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 232 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Deobfuscate/Decode Files or Information | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Software Packing | LSA Secrets | 13 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
69% | Virustotal | Browse | ||
79% | ReversingLabs | ByteCode-MSIL.Spyware.AsyncRAT | ||
100% | Avira | HEUR/AGEN.1305769 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
176.113.115.225 | unknown | Russian Federation | 49505 | SELECTELRU | true |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1600635 |
Start date and time: | 2025-01-27 19:46:11 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 7m 10s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 15 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Sample name: | uPt3XcHAIA.exerenamed because original name is a hash value |
Original Sample Name: | 50bfc65f3fe6da315552cec46f02127ed91ddae075d6167f3c76606686cd1708.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@1/0@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): dllhost.exe, Ba ckgroundTransferHost.exe, WMIA DAP.exe, SIHClient.exe, backgr oundTaskHost.exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 20.190.159.73, 20. 223.36.55, 20.12.23.50, 2.21.6 5.154, 150.171.27.10, 2.23.242 .162 - Excluded domains from analysis
(whitelisted): www.bing.com, client.wns.windows.com, fs.mic rosoft.com, slscr.update.micro soft.com, login.live.com, tse1 .mm.bing.net, ctldl.windowsupd ate.com, g.bing.com, arc.msn.c om, fe3cr.delivery.mp.microsof t.com - Execution Graph export aborted
for target uPt3XcHAIA.exe, PI D 800 because it is empty
Time | Type | Description |
---|---|---|
13:47:26 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
176.113.115.225 | Get hash | malicious | XWorm | Browse | ||
Get hash | malicious | XWorm | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
SELECTELRU | Get hash | malicious | XWorm | Browse |
| |
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | Amadey, AsyncRAT, KeyLogger, LummaC Stealer, PureLog Stealer, ReverseShell, Stealc | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC, Amadey, AsyncRAT, LummaC Stealer, PureLog Stealer, Socks5Systemz, Vidar | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | Amadey, Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
|
File type: | |
Entropy (8bit): | 5.955497874352868 |
TrID: |
|
File name: | uPt3XcHAIA.exe |
File size: | 56'832 bytes |
MD5: | 652eb7df5ebb74a48f6d7ad357600fc0 |
SHA1: | 79ea7d68bcbd37946f326edd417f5b91833818a7 |
SHA256: | 50bfc65f3fe6da315552cec46f02127ed91ddae075d6167f3c76606686cd1708 |
SHA512: | ce850ed3b755526d86bc0d398d556dd33987fa27a1b0e830bfbb4a8a0268a44f62662ee6bf1231571cf461c21428f1933785b35f3ebe2a5eab0a6f3903a9fbea |
SSDEEP: | 1536:b5KQvE0Z2J8hY2LZje1xXiyNPkbERvEVc8BO9nHn:dKQ838htC1xXkbE7sO9H |
TLSH: | A6436C1837B64127D5FF9FB418F23213D67AB723A412EA5F28C541862B17A8CCD912F6 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....p.g............................n.... ........@.. .......................@............@................................ |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x40f26e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x679270D9 [Thu Jan 23 16:39:53 2025 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xf220 | 0x4b | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x10000 | 0x4ce | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x12000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0xd274 | 0xd400 | b7405d31711236f0e57e5ae179990193 | False | 0.6131522700471698 | data | 6.053995047071589 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x10000 | 0x4ce | 0x600 | b6854ead75e0aea5a0ec3175723e462f | False | 0.3736979166666667 | data | 3.7184457289766475 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x12000 | 0xc | 0x200 | 6337b9e9d5046d21cbc9e9adf359daaa | False | 0.044921875 | data | 0.08153941234324169 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x100a0 | 0x244 | data | 0.4724137931034483 | ||
RT_MANIFEST | 0x102e4 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5469387755102041 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Download Network PCAP: filtered – full
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-27T19:47:39.631416+0100 | 2858800 | ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:47:39.849409+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:47:39.992320+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:47:52.131264+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:47:52.135913+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:47:57.039305+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:47:57.039305+0100 | 2858801 | ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:04.402459+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:04.404846+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:16.686320+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:16.688351+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:27.151743+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:27.163187+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:28.964727+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:29.004969+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:34.042496+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:34.050656+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:35.714190+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:35.716105+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:35.835733+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:35.838458+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:35.958312+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:35.963718+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:36.080554+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:36.197200+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:36.198995+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:36.318896+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:36.320892+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:36.441272+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:36.446938+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:37.080337+0100 | 2858799 | ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:37.299149+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:37.308339+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:43.199146+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:43.200985+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:55.485317+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:55.491176+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:48:56.948742+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:58.090441+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:48:58.092835+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:01.855424+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:01.857547+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:01.977426+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:01.979620+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:02.097504+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:02.099888+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:02.246038+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:02.251412+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:05.043384+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:05.046752+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:05.731384+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:05.733835+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:16.467237+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:16.469716+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:17.408738+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:17.411446+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:20.199269+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:20.201262+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:22.588865+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:22.591022+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:23.667111+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:23.669746+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:26.955923+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:27.839320+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:27.842622+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:30.043362+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:30.046263+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:30.590204+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:30.592880+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:37.964953+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:37.970446+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:38.104743+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:38.106735+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:38.606216+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:38.610620+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:40.464737+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:40.466864+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:41.669930+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:41.672149+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:48.391758+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:48.394206+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:48.513115+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:48.515518+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:55.652066+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:55.654784+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:49:56.960052+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:58.714945+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:49:58.716661+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:01.326127+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:01.330588+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:03.948546+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:03.950418+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:04.069877+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:04.072294+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:09.543453+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:09.546670+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:14.389004+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:14.396493+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:14.510962+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:14.512766+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:14.793515+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:14.799127+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:14.921011+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:15.039625+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:15.044517+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:19.729732+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:19.732916+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:20.123457+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:20.127013+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:20.288518+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:20.291043+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:25.776654+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:25.779392+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:26.949859+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:33.011407+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:33.013795+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:41.552795+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:41.558882+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:50.741885+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:50.782118+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:55.091448+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:50:55.094978+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:50:56.956385+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:51:07.637616+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:51:07.640451+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:51:07.880853+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:51:14.394012+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:51:14.397229+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:51:26.659458+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:51:26.662682+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:51:26.970512+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:51:27.277260+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:51:27.279211+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:51:27.870800+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:51:28.586024+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:51:28.966439+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:51:28.967354+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:51:41.789173+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:51:41.790066+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:51:53.390592+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
2025-01-27T19:51:53.391791+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49723 | 176.113.115.225 | 4444 | TCP |
2025-01-27T19:51:56.977164+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.6 | 49723 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 27, 2025 19:47:27.122915983 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:47:27.129201889 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:47:27.129324913 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:47:27.351229906 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:47:27.357060909 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:47:39.631416082 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:47:39.638252020 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:47:39.849409103 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:47:39.904586077 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:47:39.992320061 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:47:39.997260094 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:47:51.905112028 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:47:51.910790920 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:47:52.131263971 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:47:52.135912895 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:47:52.141076088 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:47:57.039304972 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:47:57.092583895 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:04.186405897 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:04.192800045 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:04.402458906 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:04.404845953 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:04.409764051 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:16.468311071 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:16.476353884 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:16.686320066 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:16.688350916 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:16.694726944 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:27.151742935 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:27.163187027 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:27.163899899 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:28.748790979 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:28.753690958 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:28.964726925 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:29.004968882 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:29.009912968 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:33.827416897 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:33.832237959 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:34.042495966 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:34.050656080 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:34.055516958 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:35.498903036 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:35.503700018 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:35.514333963 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:35.519113064 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:35.577064991 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:35.581849098 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:35.608135939 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:35.612982035 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:35.623713970 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:35.628503084 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:35.639631987 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:35.644414902 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:35.670653105 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:35.675425053 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:35.701916933 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:35.706682920 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:35.714190006 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:35.716104984 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:35.762986898 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:35.764682055 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:35.769505024 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:35.835732937 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:35.838458061 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:35.843290091 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:35.956193924 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:35.958312035 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:35.963673115 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:35.963717937 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:35.969207048 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:35.998814106 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:36.004812956 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:36.030148983 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:36.038723946 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:36.061492920 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:36.069001913 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:36.078035116 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:36.080554008 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:36.127039909 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:36.127218008 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:36.132850885 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:36.197200060 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:36.198995113 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:36.203880072 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:36.318896055 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:36.320892096 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:36.325953960 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:36.439376116 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:36.441272020 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:36.446892977 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:36.446938038 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:36.454371929 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:37.080337048 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:37.089032888 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:37.299149036 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:37.308339119 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:37.316025019 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:42.983371019 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:42.988164902 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:43.199146032 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:43.200984955 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:43.205873013 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:55.264564991 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:55.273013115 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:55.485316992 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:55.491175890 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:55.496002913 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:56.948741913 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:57.139230967 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:57.874012947 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:57.880470991 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:58.090440989 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:48:58.092834949 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:48:58.099798918 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:01.639770985 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:01.644797087 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:01.717735052 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:01.722567081 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:01.748965979 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:01.753928900 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:01.780384064 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:01.785449028 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:01.811580896 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:01.816569090 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:01.855423927 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:01.857547045 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:01.903090000 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:01.977426052 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:01.979619980 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:01.987114906 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:02.097503901 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:02.099888086 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:02.104741096 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:02.217992067 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:02.246037960 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:02.251354933 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:02.251411915 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:02.256154060 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:04.826952934 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:04.834009886 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:05.043384075 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:05.046751976 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:05.051723003 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:05.502734900 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:05.507630110 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:05.731384039 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:05.733834982 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:05.738681078 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:16.249485016 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:16.254491091 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:16.467236996 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:16.469716072 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:16.477253914 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:17.170664072 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:17.175594091 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:17.408737898 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:17.411446095 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:17.416259050 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:19.983146906 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:19.988111973 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:20.199269056 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:20.201261997 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:20.206176043 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:22.373855114 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:22.378709078 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:22.588865042 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:22.591022015 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:22.595985889 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:23.452019930 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:23.456850052 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:23.667110920 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:23.669745922 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:23.674601078 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:26.955923080 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:26.999286890 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:27.624164104 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:27.629035950 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:27.839319944 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:27.842622042 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:27.847440004 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:29.827146053 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:29.832221031 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:30.043361902 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:30.046262980 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:30.051107883 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:30.373944998 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:30.379486084 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:30.590204000 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:30.592880011 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:30.597759008 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:37.749057055 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:37.754929066 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:37.889472008 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:37.895853043 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:37.964952946 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:37.970446110 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:37.975728989 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:38.104743004 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:38.106734991 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:38.111610889 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:38.389456987 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:38.395497084 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:38.606215954 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:38.610620022 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:38.615802050 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:40.249058962 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:40.254103899 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:40.464736938 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:40.466864109 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:40.472568989 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:41.454539061 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:41.461280107 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:41.669929981 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:41.672148943 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:41.678172112 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:48.170787096 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:48.176692009 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:48.295815945 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:48.300666094 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:48.391757965 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:48.394206047 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:48.399089098 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:48.513114929 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:48.515517950 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:48.520431042 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:55.436517954 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:55.441472054 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:55.652065992 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:55.654783964 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:55.659686089 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:56.960052013 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:57.016475916 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:58.499396086 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:58.504673004 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:58.714945078 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:49:58.716660976 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:49:58.721750021 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:01.111016035 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:01.116003036 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:01.326127052 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:01.330588102 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:01.336571932 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:03.686496973 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:03.691644907 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:03.702418089 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:03.707297087 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:03.948545933 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:03.950417995 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:03.957179070 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:04.069876909 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:04.072293997 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:04.078495979 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:09.326992035 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:09.332751036 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:09.543452978 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:09.546669960 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:09.551465988 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:14.155209064 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:14.162918091 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:14.186646938 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:14.194786072 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:14.389003992 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:14.396492958 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:14.401386023 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:14.452438116 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:14.457300901 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:14.483516932 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:14.488778114 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:14.498965025 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:14.504224062 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:14.510962009 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:14.512765884 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:14.563060999 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:14.563162088 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:14.567923069 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:14.577646017 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:14.582551003 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:14.704519033 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:14.709356070 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:14.793514967 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:14.799127102 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:14.803988934 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:14.918766022 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:14.921010971 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:14.927973986 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:14.928114891 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:14.934099913 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:15.039624929 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:15.044517040 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:15.049515009 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:19.514765024 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:19.519593000 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:19.729732037 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:19.732916117 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:19.737740040 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:19.748867035 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:19.760085106 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:19.780375004 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:19.786632061 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:20.123456955 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:20.127012968 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:20.132375956 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:20.288517952 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:20.291043043 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:20.299473047 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:25.561435938 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:25.566899061 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:25.776654005 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:25.779392004 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:25.785542965 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:26.949858904 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:26.998971939 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:32.795901060 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:32.800693035 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:33.011406898 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:33.013794899 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:33.018714905 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:41.316554070 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:41.321537018 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:41.552794933 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:41.558881998 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:41.563757896 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:50.524239063 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:50.529259920 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:50.741884947 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:50.782118082 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:50.787157059 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:54.875575066 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:54.880542994 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:55.091448069 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:55.094978094 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:50:55.101696014 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:56.956384897 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:50:56.999582052 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:51:07.155507088 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:51:07.160357952 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:51:07.637615919 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:51:07.640450954 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:51:07.880852938 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:51:07.881077051 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:51:07.882443905 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:51:14.155361891 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:51:14.160250902 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:51:14.394011974 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:51:14.397228956 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:51:14.404582977 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:51:26.443536043 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:51:26.448405981 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:51:26.659457922 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:51:26.662682056 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:51:26.667515993 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:51:26.970511913 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:51:27.061270952 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:51:27.061800003 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:51:27.066548109 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:51:27.277260065 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:51:27.279211044 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:51:27.284698963 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:51:27.655340910 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:51:27.660341024 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:51:27.870800018 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:51:28.062915087 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:51:28.586024046 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:51:28.591655016 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:51:28.592731953 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:51:28.597515106 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:51:28.966439009 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:51:28.967354059 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:51:28.972292900 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:51:40.874546051 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:51:41.186387062 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:51:41.555586100 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:51:41.555594921 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:51:41.789172888 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:51:41.790066004 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:51:41.795006990 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:51:53.155405045 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:51:53.161398888 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:51:53.390592098 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:51:53.391791105 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Jan 27, 2025 19:51:53.396661043 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:51:56.977164030 CET | 4444 | 49723 | 176.113.115.225 | 192.168.2.6 |
Jan 27, 2025 19:51:57.030000925 CET | 49723 | 4444 | 192.168.2.6 | 176.113.115.225 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 13:47:22 |
Start date: | 27/01/2025 |
Path: | C:\Users\user\Desktop\uPt3XcHAIA.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x920000 |
File size: | 56'832 bytes |
MD5 hash: | 652EB7DF5EBB74A48F6D7AD357600FC0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|