Windows
Analysis Report
1743362767b39ce9ae90af463b2090fcece5c4349a42c3942cf272d75d62dd81aabd676faf123.dat-decoded.exe
Overview
General Information
Sample name: | 1743362767b39ce9ae90af463b2090fcece5c4349a42c3942cf272d75d62dd81aabd676faf123.dat-decoded.exe |
Analysis ID: | 1652321 |
MD5: | 34b93b2c17fda25deeea946dbd2d6f4f |
SHA1: | 3f9dbac838bb4d03a7fbd5eb3bc0f80a7cdb98d0 |
SHA256: | 3f3efdcd3b7961fb3974605017cec30b73f210f27dd96c5a3e6eb8cb3422f990 |
Tags: | base64-decodedexeuser-abuse_ch |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
1743362767b39ce9ae90af463b2090fcece5c4349a42c3942cf272d75d62dd81aabd676faf123.dat-decoded.exe (PID: 6688 cmdline:
"C:\Users\ user\Deskt op\1743362 767b39ce9a e90af463b2 090fcece5c 4349a42c39 42cf272d75 d62dd81aab d676faf123 .dat-decod ed.exe" MD5: 34B93B2C17FDA25DEEEA946DBD2D6F4F)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
XWorm | Malware with wide range of capabilities ranging from RAT to ransomware. | No Attribution |
{
"C2 url": [
"jeggawire.ddns.net"
],
"Port": 1111,
"Aes key": "<123456789>",
"SPL": "<Xwormmm>",
"Install file": "USB.exe",
"Version": "XWorm V5.0"
}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
rat_win_xworm_v3 | Finds XWorm (version XClient, v3) samples based on characteristic strings | Sekoia.io |
| |
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
JoeSecurity_XWorm | Yara detected XWorm | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
rat_win_xworm_v3 | Finds XWorm (version XClient, v3) samples based on characteristic strings | Sekoia.io |
| |
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
|
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-30T21:27:27.614600+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:27:33.454209+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:27:45.411905+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:27:56.303025+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:27:57.611640+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:28:07.714589+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:28:19.130672+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:28:25.416278+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:28:29.948778+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:28:41.192181+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:28:46.103742+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:28:46.343700+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:28:51.553513+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:28:52.463500+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:28:57.615932+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:01.962149+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:07.831686+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:08.069345+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:13.633201+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:13.866448+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:25.312378+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:25.546045+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:27.915483+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:28.253877+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:30.320411+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:31.391749+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:31.619078+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:42.953932+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:50.773589+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:55.821924+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:56.458005+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:01.097292+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:02.250302+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:02.485152+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:03.754366+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:07.397362+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:07.621090+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:12.017723+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:17.527768+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:23.092872+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:23.600877+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:27.607322+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:30.036452+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:30.868031+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:34.867804+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:35.098258+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:35.784047+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:38.923472+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:41.227771+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:41.455703+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:51.600466+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:53.177985+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:56.679169+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:56.919637+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:57.614457+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:58.189288+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:31:01.611659+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:31:02.123407+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:31:02.356987+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:31:02.585904+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:31:05.082344+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:31:06.707734+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:31:18.128359+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:31:18.877567+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:31:27.922988+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:31:30.297114+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-30T21:27:33.458145+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:27:45.518653+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:27:56.320232+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:28:07.716815+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:28:08.117386+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:28:19.134169+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:28:30.610950+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:28:30.908317+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:28:41.196427+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:28:46.346936+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:28:46.643721+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:28:51.555880+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:28:52.483082+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:01.976963+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:08.069497+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:08.351763+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:14.115866+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:25.546126+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:25.773750+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:30.322001+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:31.619178+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:31.845624+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:42.955450+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:50.779612+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:55.823358+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:56.459568+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:57.914146+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:01.099420+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:02.485803+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:02.713711+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:03.788425+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:04.149687+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:07.621186+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:07.859692+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:12.019601+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:18.620878+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:23.095094+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:30.084454+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:30.871542+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:36.066657+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:38.925674+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:39.273321+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:39.635564+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:41.458152+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:41.682696+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:51.604608+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:53.180473+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:57.149316+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:58.253742+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:01.613311+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:02.585980+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:02.874121+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:03.335744+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:05.083306+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:06.746584+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:07.148152+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:18.131492+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:18.878666+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:30.298154+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-30T21:27:27.614600+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:27:57.611640+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:28:57.615932+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:27.915483+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:28.253877+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:27.607322+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:57.614457+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:31:27.922988+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-30T21:30:00.570344+0200 | 2853193 | 1 | Malware Command and Control Activity Detected | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
- • AV Detection
- • Compliance
- • Networking
- • Key, Mouse, Clipboard, Microphone and Screen Capturing
- • System Summary
- • Data Obfuscation
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Anti Debugging
- • Language, Device and Operating System Detection
- • Lowering of HIPS / PFW / Operating System Security Settings
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Neural Call Log Analysis: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Source: | Static PE information: |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | .Net Code: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process Stats: |
Source: | Code function: | 0_2_00007FFB9AA77622 | |
Source: | Code function: | 0_2_00007FFB9AA76876 | |
Source: | Code function: | 0_2_00007FFB9AA72400 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior |
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 11 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | 1 Input Capture | 121 Security Software Discovery | Remote Services | 1 Input Capture | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 131 Virtualization/Sandbox Evasion | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | 11 Archive Collected Data | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Deobfuscate/Decode Files or Information | Security Account Manager | 131 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 2 Software Packing | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | 21 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 13 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
83% | Virustotal | Browse | ||
86% | ReversingLabs | ByteCode-MSIL.Spyware.AsyncRAT | ||
100% | Avira | TR/Spy.Gen | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
jeggawire.ddns.net | 176.65.134.56 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
176.65.134.56 | jeggawire.ddns.net | Germany | 56325 | DIOGELO-ASGB | true |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1652321 |
Start date and time: | 2025-03-30 21:26:21 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 28s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 1743362767b39ce9ae90af463b2090fcece5c4349a42c3942cf272d75d62dd81aabd676faf123.dat-decoded.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@1/0@1/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, sppsvc.exe, WMIADA P.exe, SIHClient.exe, SgrmBrok er.exe, conhost.exe, svchost.e xe - Excluded IPs from analysis (wh
itelisted): 52.149.20.212, 23. 204.23.20 - Excluded domains from analysis
(whitelisted): fs.microsoft.c om, slscr.update.microsoft.com , ctldl.windowsupdate.com, c.p ki.goog, fe3cr.delivery.mp.mic rosoft.com - Not all processes where analyz
ed, report is missing behavior information
Time | Type | Description |
---|---|---|
15:27:20 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
DIOGELO-ASGB | Get hash | malicious | AsyncRAT, DcRat | Browse |
| |
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
File type: | |
Entropy (8bit): | 5.599929814190145 |
TrID: |
|
File name: | 1743362767b39ce9ae90af463b2090fcece5c4349a42c3942cf272d75d62dd81aabd676faf123.dat-decoded.exe |
File size: | 36'864 bytes |
MD5: | 34b93b2c17fda25deeea946dbd2d6f4f |
SHA1: | 3f9dbac838bb4d03a7fbd5eb3bc0f80a7cdb98d0 |
SHA256: | 3f3efdcd3b7961fb3974605017cec30b73f210f27dd96c5a3e6eb8cb3422f990 |
SHA512: | d68f5b4cf8e14fbbd535ccb4da90b0ac0f7b55e15ed78dc958f452134aa2f6b77790932d4da0e3ea4a645c53f86aeef99609fa045a09f1ba05d6d3803f25294b |
SSDEEP: | 768:WqQq3QWIdhgbvvGASaKyobFf9kqOMh53XP5:WPq3QnbOvegKyAFf9kqOMvP5 |
TLSH: | 24F24C087B944226D5FD6FF169B371020674E613D913DB9D48E899EF2F27BC08D013AA |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g............................^.... ........@.. ....................................@................................ |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x40a55e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x67E6B901 [Fri Mar 28 14:58:09 2025 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xa508 | 0x53 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xc000 | 0x4d8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xe000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x8564 | 0x8600 | 01a8987d154e0cbb7cb23e9b5351f19f | False | 0.500058302238806 | data | 5.735042656918437 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0xc000 | 0x4d8 | 0x600 | 5267dc5d563adf8d0b780ed72bc5642e | False | 0.375 | data | 3.728205399188897 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xe000 | 0xc | 0x200 | 617961a99054885bb3d98d3462521733 | False | 0.044921875 | data | 0.08153941234324169 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0xc0a0 | 0x244 | data | 0.4724137931034483 | ||
RT_MANIFEST | 0xc2e8 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5469387755102041 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
FileDescription | |
FileVersion | 1.0.0.0 |
InternalName | BELIVE.exe |
LegalCopyright | |
OriginalFilename | BELIVE.exe |
ProductVersion | 1.0.0.0 |
Assembly Version | 1.0.0.0 |
Download Network PCAP: filtered – full
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-30T21:27:27.614600+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:27:27.614600+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:27:33.217352+0200 | 2855924 | ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:27:33.454209+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:27:33.458145+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:27:45.411905+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:27:45.518653+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:27:56.303025+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:27:56.320232+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:27:57.611640+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:27:57.611640+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:28:07.714589+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:28:07.716815+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:28:08.117386+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:28:19.130672+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:28:19.134169+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:28:25.416278+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:28:29.948778+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:28:30.610950+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:28:30.908317+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:28:41.192181+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:28:41.196427+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:28:46.103742+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:28:46.343700+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:28:46.346936+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:28:46.643721+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:28:51.553513+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:28:51.555880+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:28:52.463500+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:28:52.483082+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:28:57.615932+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:28:57.615932+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:01.962149+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:01.976963+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:07.831686+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:08.069345+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:08.069497+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:08.351763+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:13.633201+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:13.866448+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:14.115866+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:25.312378+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:25.546045+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:25.546126+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:25.773750+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:27.915483+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:27.915483+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:28.253877+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:28.253877+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:30.320411+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:30.322001+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:31.391749+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:31.619078+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:31.619178+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:31.845624+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:42.953932+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:42.955450+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:50.773589+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:50.779612+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:55.821924+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:55.823358+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:56.458005+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:29:56.459568+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:57.914146+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:00.570344+0200 | 2853193 | ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:01.097292+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:01.099420+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:02.250302+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:02.485152+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:02.485803+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:02.713711+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:03.754366+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:03.788425+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:04.149687+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:07.397362+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:07.621090+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:07.621186+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:07.859692+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:12.017723+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:12.019601+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:17.527768+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:18.620878+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:23.092872+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:23.095094+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:23.600877+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:27.607322+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:27.607322+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:30.036452+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:30.084454+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:30.868031+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:30.871542+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:34.867804+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:35.098258+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:35.784047+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:36.066657+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:38.923472+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:38.925674+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:39.273321+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:39.635564+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:41.227771+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:41.455703+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:41.458152+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:41.682696+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:51.600466+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:51.604608+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:53.177985+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:53.180473+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:56.679169+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:56.919637+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:57.149316+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:57.614457+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:57.614457+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:58.189288+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:30:58.253742+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:01.611659+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:31:01.613311+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:02.123407+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:31:02.356987+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:31:02.585904+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:31:02.585980+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:02.874121+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:03.335744+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:05.082344+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:31:05.083306+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:06.707734+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:31:06.746584+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:07.148152+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:18.128359+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:31:18.131492+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:18.877567+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:31:18.878666+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:27.922988+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:31:27.922988+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:31:30.297114+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.7 | 49681 | TCP |
2025-03-30T21:31:30.298154+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.7 | 49681 | 176.65.134.56 | 1111 | TCP |
- Total Packets: 174
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 30, 2025 21:27:21.392390013 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:27:21.631244898 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:27:21.631388903 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:27:21.803141117 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:27:22.085706949 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:27:27.614599943 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:27:27.664189100 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:27:33.217351913 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:27:33.454209089 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:27:33.458144903 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:27:33.740570068 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:27:44.633471012 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:27:45.148468018 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:27:45.383656979 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:27:45.411905050 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:27:45.460951090 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:27:45.518652916 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:27:45.803383112 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:27:56.065752029 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:27:56.303025007 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:27:56.320231915 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:27:56.597378016 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:27:57.611639977 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:27:57.664100885 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:28:07.477705002 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:28:07.714589119 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:28:07.716814995 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:28:08.117386103 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:28:08.351480961 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:28:18.898792982 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:28:19.130671978 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:28:19.134169102 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:28:19.415749073 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:28:23.570822001 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:28:23.960890055 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:28:24.193212986 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:28:25.416277885 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:28:25.418678999 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:28:25.804646015 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:28:26.034868956 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:28:29.430066109 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:28:29.714255095 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:28:29.714335918 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:28:29.948777914 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:28:29.951905966 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:28:30.586029053 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:28:30.592010021 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:28:30.610949993 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:28:30.908230066 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:28:30.908317089 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:28:31.210875988 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:28:40.945571899 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:28:41.192181110 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:28:41.196427107 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:28:41.471992016 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:28:45.867415905 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:28:46.103741884 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:28:46.103957891 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:28:46.343699932 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:28:46.346935987 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:28:46.636140108 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:28:46.643721104 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:28:46.932188988 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:28:51.320607901 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:28:51.553513050 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:28:51.555880070 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:28:51.832458973 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:28:51.914261103 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:28:52.384299040 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:28:52.463500023 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:28:52.483082056 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:28:52.613501072 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:28:52.759200096 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:28:57.615931988 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:28:57.663940907 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:01.415672064 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:01.773328066 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:01.962148905 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:01.976963043 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:02.006136894 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:02.256128073 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:07.284061909 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:07.632715940 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:07.831686020 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:07.831787109 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:07.864495039 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:08.069344997 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:08.069497108 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:08.351594925 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:08.351763010 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:08.633584976 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:13.398621082 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:13.633200884 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:13.633316994 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:13.866447926 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:13.866631031 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:14.112529039 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:14.115865946 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:14.348865986 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:14.350848913 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:14.628181934 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:14.631814003 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:14.912211895 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:25.086143970 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:25.312377930 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:25.312454939 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:25.546045065 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:25.546125889 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:25.773677111 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:25.773750067 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:26.049433947 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:26.051737070 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:26.507642031 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:26.735691071 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:27.915482998 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:28.101397038 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:28.253876925 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:28.253973961 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:30.086234093 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:30.320410967 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:30.322000980 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:30.598679066 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:31.164369106 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:31.391748905 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:31.391828060 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:31.619077921 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:31.619178057 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:31.845541954 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:31.845623970 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:32.117696047 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:32.118150949 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:32.397526979 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:42.726787090 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:42.953932047 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:42.955450058 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:43.237911940 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:50.539170027 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:50.773588896 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:50.779612064 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:51.056473970 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:55.585988998 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:55.821923971 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:55.823358059 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:56.110351086 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:56.226635933 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:56.458004951 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:56.459568024 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:56.737605095 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:57.492319107 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:57.771267891 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:57.911029100 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:29:57.914145947 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:29:58.214520931 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:00.570343971 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:00.960731983 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:01.097291946 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:01.099420071 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:01.181021929 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:01.418124914 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:02.012173891 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:02.250302076 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:02.253736019 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:02.485152006 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:02.485802889 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:02.711291075 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:02.713711023 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:03.116965055 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:03.346506119 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:03.517121077 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:03.754365921 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:03.788424969 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:04.149687052 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:04.375618935 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:07.164305925 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:07.397361994 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:07.397439003 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:07.621089935 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:07.621186018 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:07.859594107 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:07.859692097 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:08.143656015 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:08.147310972 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:08.430387020 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:11.789181948 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:12.017723083 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:12.019601107 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:12.310684919 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:17.304980993 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:17.527767897 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:17.527863979 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:17.913841009 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:18.069950104 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:18.070099115 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:18.139707088 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:18.139729977 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:18.139806986 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:18.139846087 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:18.404571056 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:18.617952108 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:18.620877981 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:18.904112101 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:18.904196978 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:19.199049950 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:22.851627111 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:23.092871904 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:23.095093966 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:23.363615036 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:23.363671064 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:23.600877047 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:23.601006985 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:23.832968950 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:23.833084106 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:24.064407110 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:24.064507961 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:24.291224957 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:24.293766022 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:24.565665960 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:24.574575901 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:24.848325014 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:27.607321978 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:27.648188114 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:29.492758989 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:29.851315022 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:30.036452055 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:30.036530018 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:30.084361076 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:30.084454060 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:30.266907930 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:30.266932011 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:30.320261955 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:30.364033937 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:30.364341021 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:30.645852089 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:30.646075010 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:30.868031025 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:30.871541977 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:31.153584957 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:34.633053064 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:34.867804050 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:34.867887974 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:35.098258018 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:35.098361015 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:35.327764034 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:35.327867985 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:35.559878111 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:35.560010910 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:35.784046888 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:35.784173965 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:36.066140890 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:36.066657066 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:36.346927881 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:38.695874929 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:38.923471928 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:38.925673962 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:39.273320913 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:39.635564089 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:40.351304054 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:41.227771044 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:41.228082895 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:41.455703020 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:41.458152056 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:41.679553032 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:41.682696104 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:41.950305939 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:41.950444937 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:42.304409027 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:42.534367085 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:51.055192947 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:51.398224115 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:51.600466013 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:51.604608059 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:51.876914024 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:52.949479103 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:53.177984953 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:53.180473089 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:53.456047058 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:56.445595980 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:56.679168940 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:56.679238081 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:56.919636965 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:56.919723988 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:57.149234056 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:57.149316072 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:57.379808903 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:57.383677006 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:57.614456892 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:57.621618986 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:57.945041895 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:58.188719988 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:58.189287901 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:30:58.253741980 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:30:58.536596060 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:31:01.058377981 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:31:01.446758986 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:31:01.611659050 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:31:01.613311052 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:31:01.679986000 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:31:01.893755913 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:31:01.893856049 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:31:02.123406887 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:31:02.123672009 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:31:02.356987000 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:31:02.357054949 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:31:02.585903883 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:31:02.585979939 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:31:02.873344898 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:31:02.874120951 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:31:03.335743904 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:31:03.566266060 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:31:04.852333069 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:31:05.082344055 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:31:05.083306074 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:31:05.362261057 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:31:06.477042913 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:31:06.707734108 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:31:06.746583939 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:31:07.148152113 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:31:07.373693943 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:31:17.898390055 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:31:18.128359079 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:31:18.131491899 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:31:18.407418966 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:31:18.648602962 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:31:18.877567053 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:31:18.878665924 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:31:19.158360958 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:31:27.922987938 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:31:27.976279974 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:31:30.070460081 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:31:30.297113895 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Mar 30, 2025 21:31:30.298154116 CEST | 49681 | 1111 | 192.168.2.7 | 176.65.134.56 |
Mar 30, 2025 21:31:30.587615967 CEST | 1111 | 49681 | 176.65.134.56 | 192.168.2.7 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 30, 2025 21:27:21.232471943 CEST | 57215 | 53 | 192.168.2.7 | 1.1.1.1 |
Mar 30, 2025 21:27:21.376542091 CEST | 53 | 57215 | 1.1.1.1 | 192.168.2.7 |
Mar 30, 2025 21:27:59.343880892 CEST | 53 | 49807 | 162.159.36.2 | 192.168.2.7 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 30, 2025 21:27:21.232471943 CEST | 192.168.2.7 | 1.1.1.1 | 0xd90 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 30, 2025 21:27:21.376542091 CEST | 1.1.1.1 | 192.168.2.7 | 0xd90 | No error (0) | 176.65.134.56 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 15:27:11 |
Start date: | 30/03/2025 |
Path: | C:\Users\user\Desktop\1743362767b39ce9ae90af463b2090fcece5c4349a42c3942cf272d75d62dd81aabd676faf123.dat-decoded.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xd10000 |
File size: | 36'864 bytes |
MD5 hash: | 34B93B2C17FDA25DEEEA946DBD2D6F4F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage
Dynamic/Packed Code Coverage
Signature Coverage
Execution Coverage: | 21.5% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 3 |
Total number of Limit Nodes: | 0 |
Graph
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|