Windows
Analysis Report
1743362826ccceca1466d46143044cb8d624b4839206fb65ac2eea5a81b59a8e2977ae7bc5620.dat-decoded.exe
Overview
General Information
Sample name: | 1743362826ccceca1466d46143044cb8d624b4839206fb65ac2eea5a81b59a8e2977ae7bc5620.dat-decoded.exe |
Analysis ID: | 1652322 |
MD5: | 919d580a19380debbf5159ec58c35562 |
SHA1: | 6ec5d5f491148e4891666dedbce2f7f5976e59d6 |
SHA256: | 877cbf41e73553688fed3a860de3bdaf5697a591ae9525469b00242137eaaa15 |
Tags: | base64-decodedexeuser-abuse_ch |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
1743362826ccceca1466d46143044cb8d624b4839206fb65ac2eea5a81b59a8e2977ae7bc5620.dat-decoded.exe (PID: 6920 cmdline:
"C:\Users\ user\Deskt op\1743362 826ccceca1 466d461430 44cb8d624b 4839206fb6 5ac2eea5a8 1b59a8e297 7ae7bc5620 .dat-decod ed.exe" MD5: 919D580A19380DEBBF5159EC58C35562)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
XWorm | Malware with wide range of capabilities ranging from RAT to ransomware. | No Attribution |
{
"C2 url": [
"jeggawire.ddns.net"
],
"Port": 1111,
"Aes key": "<123456789>",
"SPL": "<Xwormmm>",
"Install file": "USB.exe",
"Version": "XWorm V5.0"
}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
rat_win_xworm_v3 | Finds XWorm (version XClient, v3) samples based on characteristic strings | Sekoia.io |
| |
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
JoeSecurity_XWorm | Yara detected XWorm | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
rat_win_xworm_v3 | Finds XWorm (version XClient, v3) samples based on characteristic strings | Sekoia.io |
| |
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
|
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-30T21:28:30.618078+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:28:37.026992+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:28:50.076928+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:28:57.616715+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:03.141015+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:16.201894+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:25.297158+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:27.616448+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:30.973164+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:31.199153+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:41.667276+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:44.238782+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:46.559500+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:46.791098+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:50.584427+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:52.485613+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:52.716309+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:56.172156+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:02.900388+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:03.446405+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:07.468590+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:14.659168+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:15.717930+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:19.097059+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:19.336909+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:23.220897+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:27.607442+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:28.024230+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:29.747415+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:39.983246+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:42.541377+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:42.772653+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:45.185681+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:45.672018+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:49.039359+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:50.222627+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:50.449491+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:53.515036+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:54.642100+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:55.975443+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:56.202106+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:56.661536+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:57.481385+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:57.713540+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:59.642080+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:01.764395+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:01.994939+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:12.294902+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:12.914985+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:13.543507+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:22.333521+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:22.563340+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:26.705027+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:27.613966+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:38.775615+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:42.651107+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:44.847444+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:47.839116+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:48.077092+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:48.304570+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:50.543294+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:52.612713+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:53.127478+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:54.308826+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:54.532671+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:57.611278+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:59.705194+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:32:05.022729+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:32:05.249310+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-30T21:28:37.037271+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:28:50.079672+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:03.143741+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:16.206043+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:25.305031+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:31.199420+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:31.426712+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:41.671826+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:44.240550+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:46.791192+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:47.083092+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:50.586100+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:52.716415+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:52.993486+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:56.179138+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:56.641580+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:57.915595+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:03.446534+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:03.668617+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:07.471577+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:14.661452+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:15.720319+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:19.337148+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:19.559107+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:23.222640+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:27.947299+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:29.749554+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:39.986702+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:42.775637+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:43.058511+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:45.187364+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:45.674464+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:49.045533+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:50.449918+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:50.679773+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:53.517397+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:54.643756+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:56.202178+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:56.941051+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:57.483321+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:59.643915+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:01.995006+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:02.396424+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:12.418241+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:12.919282+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:13.545173+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:13.920319+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:22.563528+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:22.794099+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:26.708183+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:38.779465+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:42.712842+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:44.848978+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:48.304666+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:48.537951+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:50.547459+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:52.620940+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:53.133513+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:54.761513+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:59.708964+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:32:05.782262+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:32:19.664125+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:32:19.947511+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:32:20.313328+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-30T21:28:30.618078+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:28:57.616715+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:27.616448+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:27.607442+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:57.713540+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:27.613966+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:57.611278+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-30T21:30:02.673286+0200 | 2853193 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
- • AV Detection
- • Compliance
- • Networking
- • Key, Mouse, Clipboard, Microphone and Screen Capturing
- • System Summary
- • Data Obfuscation
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Anti Debugging
- • HIPS / PFW / Operating System Protection Evasion
- • Language, Device and Operating System Detection
- • Lowering of HIPS / PFW / Operating System Security Settings
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Neural Call Log Analysis: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Source: | Static PE information: |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | .Net Code: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process Stats: |
Source: | Code function: | 0_2_00007FF936866876 | |
Source: | Code function: | 0_2_00007FF936867622 | |
Source: | Code function: | 0_2_00007FF936862A28 | |
Source: | Code function: | 0_2_00007FF93686B054 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 0_2_00007FF93686178A |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior |
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 11 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Disable or Modify Tools | 1 Input Capture | 121 Security Software Discovery | Remote Services | 1 Input Capture | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 131 Virtualization/Sandbox Evasion | LSASS Memory | 2 Process Discovery | Remote Desktop Protocol | 11 Archive Collected Data | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 131 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Deobfuscate/Decode Files or Information | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | 21 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | 13 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 2 Software Packing | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
75% | Virustotal | Browse | ||
86% | ReversingLabs | ByteCode-MSIL.Spyware.AsyncRAT | ||
100% | Avira | TR/Spy.Gen | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
jeggawire.ddns.net | 176.65.134.56 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
176.65.134.56 | jeggawire.ddns.net | Germany | 56325 | DIOGELO-ASGB | true |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1652322 |
Start date and time: | 2025-03-30 21:27:22 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 8s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 16 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 1743362826ccceca1466d46143044cb8d624b4839206fb65ac2eea5a81b59a8e2977ae7bc5620.dat-decoded.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@1/0@1/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, sppsvc.exe, WMIADA P.exe, SIHClient.exe, SgrmBrok er.exe, conhost.exe, backgroun dTaskHost.exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 52.149.20.212, 23. 204.23.20, 2.23.227.215, 20.19 0.190.132, 23.57.90.146 - Excluded domains from analysis
(whitelisted): www.bing.com, fs.microsoft.com, slscr.update .microsoft.com, login.live.com , ctldl.windowsupdate.com, c.p ki.goog, fe3cr.delivery.mp.mic rosoft.com - Not all processes where analyz
ed, report is missing behavior information
Time | Type | Description |
---|---|---|
15:28:16 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
176.65.134.56 | Get hash | malicious | XWorm | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
jeggawire.ddns.net | Get hash | malicious | XWorm | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
DIOGELO-ASGB | Get hash | malicious | XWorm | Browse |
| |
Get hash | malicious | AsyncRAT, DcRat | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
File type: | |
Entropy (8bit): | 5.6031175864082945 |
TrID: |
|
File name: | 1743362826ccceca1466d46143044cb8d624b4839206fb65ac2eea5a81b59a8e2977ae7bc5620.dat-decoded.exe |
File size: | 36'864 bytes |
MD5: | 919d580a19380debbf5159ec58c35562 |
SHA1: | 6ec5d5f491148e4891666dedbce2f7f5976e59d6 |
SHA256: | 877cbf41e73553688fed3a860de3bdaf5697a591ae9525469b00242137eaaa15 |
SHA512: | 40ab34dbf5816807aea748b8d621154cb318cb8314b5ce351561c85bebc5cdad6f5e40024aab7eec6fd0723bdb330dd60be1b1b24aacef3155c56c9666de0890 |
SSDEEP: | 768:CqQq3QWIdhgbvnUASaKyobFf9kcrOMhe3XPc:CPq3QnbOvUgKyAFf9kcrOMsPc |
TLSH: | 3EF24D087B944226D9FD7FF169B371020674E613D913EB9D48E859EE2F277C08E013AA |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....q.g............................n.... ........@.. ....................................@................................ |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x40a56e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x67E171D6 [Mon Mar 24 14:53:10 2025 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xa514 | 0x57 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xc000 | 0x4f0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xe000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x8574 | 0x8600 | 8e6c775f7b6eeb8ea9afedc883ec5d48 | False | 0.5004081156716418 | data | 5.737529221071247 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0xc000 | 0x4f0 | 0x600 | c82c95498a964b689627edc80ea5e18f | False | 0.3782552083333333 | data | 3.754317409647242 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xe000 | 0xc | 0x200 | baacbdcb4fc7d641e62fe9f1a5927e77 | False | 0.044921875 | data | 0.08153941234324169 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0xc0a0 | 0x25c | data | 0.4652317880794702 | ||
RT_MANIFEST | 0xc300 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5469387755102041 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
FileDescription | |
FileVersion | 1.0.0.0 |
InternalName | jegganewfile.exe |
LegalCopyright | |
OriginalFilename | jegganewfile.exe |
ProductVersion | 1.0.0.0 |
Assembly Version | 1.0.0.0 |
Download Network PCAP: filtered – full
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-30T21:28:30.618078+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:28:30.618078+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:28:36.788927+0200 | 2855924 | ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:28:37.026992+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:28:37.037271+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:28:50.076928+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:28:50.079672+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:28:57.616715+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:28:57.616715+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:03.141015+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:03.143741+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:16.201894+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:16.206043+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:25.297158+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:25.305031+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:27.616448+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:27.616448+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:30.973164+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:31.199153+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:31.199420+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:31.426712+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:41.667276+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:41.671826+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:44.238782+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:44.240550+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:46.559500+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:46.791098+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:46.791192+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:47.083092+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:50.584427+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:50.586100+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:52.485613+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:52.716309+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:52.716415+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:52.993486+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:56.172156+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:29:56.179138+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:56.641580+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:29:57.915595+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:02.673286+0200 | 2853193 | ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:02.900388+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:03.446405+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:03.446534+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:03.668617+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:07.468590+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:07.471577+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:14.659168+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:14.661452+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:15.717930+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:15.720319+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:19.097059+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:19.336909+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:19.337148+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:19.559107+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:23.220897+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:23.222640+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:27.607442+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:27.607442+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:27.947299+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:28.024230+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:29.747415+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:29.749554+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:39.983246+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:39.986702+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:42.541377+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:42.772653+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:42.775637+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:43.058511+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:45.185681+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:45.187364+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:45.672018+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:45.674464+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:49.039359+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:49.045533+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:50.222627+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:50.449491+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:50.449918+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:50.679773+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:53.515036+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:53.517397+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:54.642100+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:54.643756+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:55.975443+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:56.202106+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:56.202178+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:56.661536+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:56.941051+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:57.481385+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:57.483321+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:30:57.713540+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:57.713540+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:59.642080+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:30:59.643915+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:01.764395+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:01.994939+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:01.995006+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:02.396424+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:12.294902+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:12.418241+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:12.914985+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:12.919282+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:13.543507+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:13.545173+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:13.920319+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:22.333521+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:22.563340+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:22.563528+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:22.794099+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:26.705027+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:26.708183+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:27.613966+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:27.613966+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:38.775615+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:38.779465+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:42.651107+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:42.712842+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:44.847444+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:44.848978+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:47.839116+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:48.077092+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:48.304570+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:48.304666+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:48.537951+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:50.543294+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:50.547459+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:52.612713+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:52.620940+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:53.127478+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:53.133513+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:54.308826+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:54.532671+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:54.761513+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:31:57.611278+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:57.611278+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:59.705194+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:31:59.708964+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:32:05.022729+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:32:05.249310+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.65.134.56 | 1111 | 192.168.2.8 | 49682 | TCP |
2025-03-30T21:32:05.782262+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:32:19.664125+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:32:19.947511+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
2025-03-30T21:32:20.313328+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49682 | 176.65.134.56 | 1111 | TCP |
- Total Packets: 171
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 30, 2025 21:28:19.349035978 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:28:20.344909906 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:28:22.360569954 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:28:22.577342033 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:28:22.577538013 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:28:23.724505901 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:28:24.008333921 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:28:30.618077993 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:28:30.673003912 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:28:36.788927078 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:28:37.026992083 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:28:37.037271023 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:28:37.319494009 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:28:49.845249891 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:28:50.076927900 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:28:50.079672098 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:28:50.366034031 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:28:57.616714954 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:28:57.657716036 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:02.909499884 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:03.141015053 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:03.143740892 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:03.425977945 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:15.970184088 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:16.201894045 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:16.206043005 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:16.491856098 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:25.063810110 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:25.297158003 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:25.305031061 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:25.584316969 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:27.616447926 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:27.657248020 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:30.751820087 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:30.973164082 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:30.973273993 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:31.199152946 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:31.199419975 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:31.426597118 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:31.426712036 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:31.702769995 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:31.703032970 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:31.975703955 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:41.438980103 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:41.667275906 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:41.671825886 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:41.954942942 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:43.673219919 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:44.043241978 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:44.238781929 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:44.240550041 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:44.275484085 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:44.526463032 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:46.329483032 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:46.559499979 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:46.559601068 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:46.791098118 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:46.791192055 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:47.083023071 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:47.083091974 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:47.363394976 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:50.345014095 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:50.584427118 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:50.586100101 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:50.866771936 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:52.251513958 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:52.485613108 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:52.485692978 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:52.716309071 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:52.716414928 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:52.993408918 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:52.993485928 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:53.279042959 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:55.626467943 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:56.127600908 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:56.172156096 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:56.179137945 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:56.359030962 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:56.641580105 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:56.869311094 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:57.610755920 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:57.883325100 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:57.911178112 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:29:57.915595055 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:29:58.214662075 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:02.673285961 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:02.900388002 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:02.900479078 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:03.438520908 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:03.446404934 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:03.446533918 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:03.668399096 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:03.668617010 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:03.677046061 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:03.945602894 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:07.235878944 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:07.468590021 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:07.471576929 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:07.762734890 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:14.438805103 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:14.659168005 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:14.661452055 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:14.945945024 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:15.487566948 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:15.717930079 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:15.720319033 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:15.988544941 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:18.860698938 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:19.097059011 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:19.097126007 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:19.336909056 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:19.337147951 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:19.558852911 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:19.559107065 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:19.835784912 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:19.836137056 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:20.113202095 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:22.688646078 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:23.094738007 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:23.220896959 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:23.222640038 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:23.505214930 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:27.567569971 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:27.607441902 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:27.798958063 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:27.923110962 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:27.929579020 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:27.947299004 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:28.024230003 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:28.024643898 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:28.220985889 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:29.516813993 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:29.747415066 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:29.749553919 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:30.023391962 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:39.752145052 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:39.983246088 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:39.986701965 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:40.251384020 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:42.313771963 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:42.541377068 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:42.543612003 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:42.772653103 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:42.775636911 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:43.054816008 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:43.058511019 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:43.334644079 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:44.954623938 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:45.185681105 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:45.187364101 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:45.449412107 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:45.449481964 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:45.672018051 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:45.674463987 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:45.967582941 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:48.814457893 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:49.039359093 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:49.045532942 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:49.326188087 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:49.985887051 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:50.222626925 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:50.222707987 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:50.449491024 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:50.449918032 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:50.675904989 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:50.679773092 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:50.963677883 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:50.967608929 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:51.237004042 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:53.282763004 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:53.515036106 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:53.517396927 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:53.782103062 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:54.407519102 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:54.642100096 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:54.643755913 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:54.926417112 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:55.751414061 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:55.975442886 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:55.975522995 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:56.202105999 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:56.202178001 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:56.427172899 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:56.429672956 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:56.661535978 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:56.661647081 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:56.940965891 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:56.941051006 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:57.223223925 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:57.251195908 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:57.481384993 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:57.483320951 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:57.713540077 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:57.789217949 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:59.407562017 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:59.642080069 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:30:59.643914938 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:30:59.924500942 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:01.532629967 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:01.764394999 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:01.764463902 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:01.994939089 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:01.995006084 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:02.266750097 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:02.396424055 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:02.675417900 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:11.751311064 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:12.188378096 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:12.294902086 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:12.295134068 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:12.412816048 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:12.418241024 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:12.533704996 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:12.533730030 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:12.594623089 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:12.688932896 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:12.689074039 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:12.914984941 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:12.919281960 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:13.194183111 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:13.314376116 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:13.543507099 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:13.545172930 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:13.920319080 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:14.149677992 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:22.094944000 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:22.333520889 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:22.333600998 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:22.563339949 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:22.563528061 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:22.792840004 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:22.794099092 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:23.069484949 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:23.073906898 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:23.344957113 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:26.473571062 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:26.705027103 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:26.708183050 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:26.985624075 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:27.613965988 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:27.688376904 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:38.548007011 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:38.775614977 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:38.779464960 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:39.054932117 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:42.079350948 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:42.485810041 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:42.651107073 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:42.651283979 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:42.712709904 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:42.712841988 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:42.884974003 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:42.884998083 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:42.982754946 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:42.986531973 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:42.986650944 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:43.206759930 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:43.213648081 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:43.271666050 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:44.610538006 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:44.847444057 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:44.848978043 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:45.131478071 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:47.610552073 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:47.839116096 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:47.839200020 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:48.077091932 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:48.077181101 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:48.304569960 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:48.304666042 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:48.530850887 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:48.537950993 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:48.816857100 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:48.820985079 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:49.099770069 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:50.313796043 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:50.543293953 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:50.547458887 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:50.813910961 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:52.376288891 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:52.612713099 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:52.620939970 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:52.896893978 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:52.899554014 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:53.127477884 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:53.133512974 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:53.410343885 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:54.079368114 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:54.308825970 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:54.308924913 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:54.532670975 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:54.535605907 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:54.761313915 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:54.761512995 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:55.110364914 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:55.355479956 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:55.359498024 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:55.590162992 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:55.590261936 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:55.958446026 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:56.191418886 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:57.611278057 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:57.693639040 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:59.470916033 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:59.705193996 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:31:59.708964109 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:31:59.988610983 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:32:04.798108101 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:32:05.022728920 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:32:05.022841930 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:32:05.249310017 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:32:05.249392986 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:32:05.729531050 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:32:05.782087088 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:32:05.782262087 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:32:06.008691072 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:32:06.008802891 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:32:06.281393051 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:32:18.173437119 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:32:18.532042027 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:32:18.758284092 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:32:19.048079014 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:32:19.317950964 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:32:19.661331892 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:32:19.664124966 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:32:19.944808960 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Mar 30, 2025 21:32:19.947510958 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:32:20.313328028 CEST | 49682 | 1111 | 192.168.2.8 | 176.65.134.56 |
Mar 30, 2025 21:32:20.538043976 CEST | 1111 | 49682 | 176.65.134.56 | 192.168.2.8 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 30, 2025 21:28:19.100069046 CEST | 56201 | 53 | 192.168.2.8 | 1.1.1.1 |
Mar 30, 2025 21:28:19.208246946 CEST | 53 | 56201 | 1.1.1.1 | 192.168.2.8 |
Mar 30, 2025 21:29:01.937881947 CEST | 53 | 62940 | 162.159.36.2 | 192.168.2.8 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 30, 2025 21:28:19.100069046 CEST | 192.168.2.8 | 1.1.1.1 | 0x3daf | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 30, 2025 21:28:19.208246946 CEST | 1.1.1.1 | 192.168.2.8 | 0x3daf | No error (0) | 176.65.134.56 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 15:28:12 |
Start date: | 30/03/2025 |
Path: | C:\Users\user\Desktop\1743362826ccceca1466d46143044cb8d624b4839206fb65ac2eea5a81b59a8e2977ae7bc5620.dat-decoded.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x5d0000 |
File size: | 36'864 bytes |
MD5 hash: | 919D580A19380DEBBF5159EC58C35562 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage
Dynamic/Packed Code Coverage
Signature Coverage
Execution Coverage: | 18.5% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 3 |
Total number of Limit Nodes: | 0 |
Graph
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|