Windows
Analysis Report
lzsVg6vGuu.ps1
Overview
General Information
Sample name: | lzsVg6vGuu.ps1renamed because original name is a hash value |
Original sample name: | 0e904a68907cdddfb773cfc3a2af790456f928acf00d119afd237e516683d548.ps1 |
Analysis ID: | 1517137 |
MD5: | f1d2e68a2a7f4059e127ddf926ab1e0f |
SHA1: | 99a1ac8445d42593ffa8f045e4c1db0dde3e4436 |
SHA256: | 0e904a68907cdddfb773cfc3a2af790456f928acf00d119afd237e516683d548 |
Tags: | ps1vecotr-viewdns-netuser-JAMESWT_MHT |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- powershell.exe (PID: 6100 cmdline:
"C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" -noLogo -E xecutionPo licy unres tricted -f ile "C:\Us ers\user\D esktop\lzs Vg6vGuu.ps 1" MD5: 04029E121A0CFA5991749937DD22A1D9) - conhost.exe (PID: 1088 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - RegSvcs.exe (PID: 1292 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Svcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
XWorm | Malware with wide range of capabilities ranging from RAT to ransomware. | No Attribution |
{"C2 url": ["vecotr.viewdns.net"], "Port": "50000", "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | ||
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
Click to see the 6 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | ||
Click to see the 5 entries |
System Summary |
---|
Source: | Author: frack113: |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-24T19:17:02.890302+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:17:13.262535+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:17:28.012600+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:17:32.895624+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:17:42.788822+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:17:57.570207+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:02.896378+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:05.835422+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:16.445695+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:21.320595+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:33.734709+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:33.735193+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:33.735929+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:33.909505+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:34.052314+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:42.633437+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:42.728982+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:57.445695+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:58.009437+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:58.585221+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:58.686038+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:02.894844+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:13.444835+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:19.827078+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:19.997862+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:20.289563+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:20.590297+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:29.955772+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:32.901700+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:44.739762+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:45.506963+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:45.596492+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:45.809112+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:46.976077+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:55.851270+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:55.960592+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:56.554292+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:01.710298+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:01.837413+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:01.934573+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:02.030150+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:02.137195+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:02.898948+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:16.804105+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:17.788001+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:17.888032+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:17.983089+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:18.079720+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:18.373436+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:21.788675+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:22.094237+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:24.807048+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:32.896124+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:33.694481+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:33.850554+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:33.946410+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:34.019055+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:34.115840+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:34.285766+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:34.381537+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:39.678887+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:39.850881+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:46.553911+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:49.194485+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-24T19:17:13.265142+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:17:28.016932+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:17:42.790701+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:17:57.573319+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:18:05.837338+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:18:16.450258+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:18:21.328716+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:18:33.912305+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:18:34.054233+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:18:42.635418+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:18:42.731887+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:18:57.452757+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:18:58.011375+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:18:58.592570+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:18:58.687831+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:19:13.447464+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:19:19.833327+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:19:19.999686+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:19:20.592452+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:19:29.966673+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:19:44.939536+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:19:45.508910+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:19:45.599087+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:19:45.811161+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:19:46.978490+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:19:55.853504+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:19:55.962366+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:19:56.557726+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:01.743594+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:01.839679+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:01.936134+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:02.033173+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:02.139218+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:16.806398+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:17.790080+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:17.889528+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:17.984538+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:18.080987+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:18.375288+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:21.790669+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:22.096027+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:24.808726+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:33.697106+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:33.852480+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:33.948391+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:34.020539+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:34.159914+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:34.191926+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:34.243887+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:34.287277+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:34.387228+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:34.485319+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:34.497326+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:39.680795+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:39.852717+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:46.559325+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:49.195310+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-24T19:17:02.890302+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:17:32.895624+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:02.896378+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:33.734709+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:33.735193+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:33.735929+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:02.894844+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:32.901700+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:02.898948+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:32.896124+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-24T19:19:19.556420+0200 | 2853193 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process Stats: |
Source: | Code function: | 3_2_02F381D8 | |
Source: | Code function: | 3_2_02F35510 | |
Source: | Code function: | 3_2_02F3BBD8 | |
Source: | Code function: | 3_2_02F3AE98 | |
Source: | Code function: | 3_2_02F35DE0 | |
Source: | Code function: | 3_2_02F351C8 | |
Source: | Code function: | 3_2_02F30BA0 |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 0_2_00007FF848CC00C1 | |
Source: | Code function: | 3_2_02F37DA1 |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 11 Windows Management Instrumentation | 1 DLL Side-Loading | 211 Process Injection | 1 Disable or Modify Tools | OS Credential Dumping | 121 Security Software Discovery | Remote Services | 11 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 121 Virtualization/Sandbox Evasion | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 211 Process Injection | Security Account Manager | 121 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Deobfuscate/Decode Files or Information | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | 11 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | 2 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 2 Software Packing | Cached Domain Credentials | 13 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
18% | ReversingLabs | Script-PowerShell.Backdoor.Xworm |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
vecotr.viewdns.net | 191.96.207.180 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
191.96.207.180 | vecotr.viewdns.net | Chile | 60458 | ASN-XTUDIONETES | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1517137 |
Start date and time: | 2024-09-24 19:15:46 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 57s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | lzsVg6vGuu.ps1renamed because original name is a hash value |
Original Sample Name: | 0e904a68907cdddfb773cfc3a2af790456f928acf00d119afd237e516683d548.ps1 |
Detection: | MAL |
Classification: | mal100.troj.evad.winPS1@4/5@2/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target RegSvcs.exe, PID 1292 because it is empty
- Execution Graph export aborted for target powershell.exe, PID 6100 because it is empty
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: lzsVg6vGuu.ps1
Time | Type | Description |
---|---|---|
13:16:41 | API Interceptor | |
13:16:56 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
191.96.207.180 | Get hash | malicious | XWorm | Browse | ||
Get hash | malicious | XWorm | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
vecotr.viewdns.net | Get hash | malicious | XWorm | Browse |
| |
Get hash | malicious | XWorm | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ASN-XTUDIONETES | Get hash | malicious | XWorm | Browse |
| |
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | FormBook, PureLog Stealer | Browse |
| ||
Get hash | malicious | FormBook, PureLog Stealer | Browse |
| ||
Get hash | malicious | FormBook, PureLog Stealer | Browse |
| ||
Get hash | malicious | FormBook, PureLog Stealer | Browse |
| ||
Get hash | malicious | FormBook, PureLog Stealer | Browse |
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 64 |
Entropy (8bit): | 1.1940658735648508 |
Encrypted: | false |
SSDEEP: | 3:NlllulxmH/lZ:NllUg |
MD5: | D904BDD752B6F23D81E93ECA3BD8E0F3 |
SHA1: | 026D8B0D0F79861746760B0431AD46BAD2A01676 |
SHA-256: | B393D3CEC8368794972E4ADD978B455A2F5BD37E3A116264DBED14DC8C67D6F2 |
SHA-512: | 5B862B7F0BCCEF48E6A5A270C3F6271D7A5002465EAF347C6A266365F1B2CD3D88144C043D826D3456AA43484124D619BF16F9AEAB1F706463F553EE24CB5740 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6222 |
Entropy (8bit): | 3.693798205622536 |
Encrypted: | false |
SSDEEP: | 96:AxOdy5aCbo/kvhkvCCtMi9j9eHXi9j92+Hz:RdyLUMi9Ui9F |
MD5: | E73B3C0BC2D5541655AA602BDD142248 |
SHA1: | 2BE8881C4542A084308A4F32E87F5AEE6F9CF77E |
SHA-256: | 30C3C6D2F2D0D2CE95BF6F9CB6E1C2B7A2B4FE61EE56897E67C8C5F7C576600C |
SHA-512: | 4C10B584DF7C36B962A9BEA7F8D5970923776FBAED5ABC99BDACEB3FF3B0C45FBC1E277DC85D0E81DDA305BA1508C791A4A049587C11699FEE385DEDC97EDEC2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\B5GHTFVJH0N36ICQZ8FQ.temp
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6222 |
Entropy (8bit): | 3.693798205622536 |
Encrypted: | false |
SSDEEP: | 96:AxOdy5aCbo/kvhkvCCtMi9j9eHXi9j92+Hz:RdyLUMi9Ui9F |
MD5: | E73B3C0BC2D5541655AA602BDD142248 |
SHA1: | 2BE8881C4542A084308A4F32E87F5AEE6F9CF77E |
SHA-256: | 30C3C6D2F2D0D2CE95BF6F9CB6E1C2B7A2B4FE61EE56897E67C8C5F7C576600C |
SHA-512: | 4C10B584DF7C36B962A9BEA7F8D5970923776FBAED5ABC99BDACEB3FF3B0C45FBC1E277DC85D0E81DDA305BA1508C791A4A049587C11699FEE385DEDC97EDEC2 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 3.1236722012388327 |
TrID: | |
File name: | lzsVg6vGuu.ps1 |
File size: | 329'750 bytes |
MD5: | f1d2e68a2a7f4059e127ddf926ab1e0f |
SHA1: | 99a1ac8445d42593ffa8f045e4c1db0dde3e4436 |
SHA256: | 0e904a68907cdddfb773cfc3a2af790456f928acf00d119afd237e516683d548 |
SHA512: | acb6084892bf6ee465fb4f37e1e47e86c971568e06194a75c2870bca8e3ae92cadc178f110fc2de221fb7e155cf8715328556ee38a032846539cd2a8f6c6fb0f |
SSDEEP: | 3072:5L3D5WXtWVH44LhC8z60U4h3mSOQTUfWwLC5ImBK5W9Fp81fABAUvetcTnZ/:l5W0H44LhC8bTUOwqYyfb1 |
TLSH: | 2F64CC898537FB85CC0228A61D2B39F078C86D5EA1F5C8F0AF379C1A25D50589FBDDA1 |
File Content Preview: | try.{..$cake = "4D_5A_90_00_03_00_00_00_04_00_00_00_FF_FF_00_00_B8_00_00_00_00_00_00_00_40_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_80_00_00_00_0E_1F_BA_0E_00_B4_09_CD_21_B8_01_4C_CD_21_54_68 |
Icon Hash: | 3270d6baae77db44 |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-24T19:17:02.890302+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:17:02.890302+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:17:13.053372+0200 | 2855924 | ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:17:13.262535+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:17:13.265142+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:17:28.012600+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:17:28.016932+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:17:32.895624+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:17:32.895624+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:17:42.788822+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:17:42.790701+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:17:57.570207+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:17:57.573319+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:18:02.896378+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:02.896378+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:05.835422+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:05.837338+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:18:16.445695+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:16.450258+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:18:21.320595+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:21.328716+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:18:33.734709+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:33.734709+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:33.735193+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:33.735193+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:33.735929+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:33.735929+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:33.909505+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:33.912305+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:18:34.052314+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:34.054233+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:18:42.633437+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:42.635418+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:18:42.728982+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:42.731887+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:18:57.445695+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:57.452757+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:18:58.009437+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:58.011375+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:18:58.585221+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:58.592570+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:18:58.686038+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:18:58.687831+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:19:02.894844+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:02.894844+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:13.444835+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:13.447464+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:19:19.556420+0200 | 2853193 | ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:19:19.827078+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:19.833327+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:19:19.997862+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:19.999686+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:19:20.289563+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:20.590297+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:20.592452+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:19:29.955772+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:29.966673+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:19:32.901700+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:32.901700+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:44.739762+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:44.939536+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:19:45.506963+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:45.508910+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:19:45.596492+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:45.599087+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:19:45.809112+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:45.811161+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:19:46.976077+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:46.978490+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:19:55.851270+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:55.853504+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:19:55.960592+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:55.962366+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:19:56.554292+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:19:56.557726+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:01.710298+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:01.743594+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:01.837413+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:01.839679+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:01.934573+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:01.936134+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:02.030150+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:02.033173+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:02.137195+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:02.139218+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:02.898948+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:02.898948+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:16.804105+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:16.806398+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:17.788001+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:17.790080+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:17.888032+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:17.889528+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:17.983089+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:17.984538+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:18.079720+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:18.080987+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:18.373436+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:18.375288+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:21.788675+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:21.790669+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:22.094237+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:22.096027+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:24.807048+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:24.808726+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:32.896124+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:32.896124+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:33.694481+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:33.697106+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:33.850554+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:33.852480+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:33.946410+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:33.948391+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:34.019055+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:34.020539+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:34.115840+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:34.159914+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:34.191926+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:34.243887+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:34.285766+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:34.287277+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:34.381537+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:34.387228+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:34.485319+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:34.497326+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:39.678887+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:39.680795+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:39.850881+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:39.852717+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:46.553911+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:46.559325+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:20:49.194485+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.5 | 49710 | TCP |
2024-09-24T19:20:49.195310+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49710 | 191.96.207.180 | 50000 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 24, 2024 19:16:57.850867033 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:16:57.855873108 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:16:57.856209993 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:16:58.273914099 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:16:58.278986931 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:17:02.890301943 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:17:02.940969944 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:17:13.053371906 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:17:13.091485023 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:17:13.262535095 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:17:13.265141964 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:17:13.270215988 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:17:27.832108974 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:17:27.839899063 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:17:28.012599945 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:17:28.016932011 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:17:28.022499084 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:17:32.895623922 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:17:32.940926075 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:17:42.613507032 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:17:42.618483067 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:17:42.788821936 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:17:42.790700912 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:17:42.795583010 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:17:57.394292116 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:17:57.399291039 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:17:57.570207119 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:17:57.573318958 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:17:57.578737020 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:02.896378040 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:02.940798998 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:18:05.659962893 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:18:05.665091991 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:05.835422039 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:05.837337971 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:18:05.842211008 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:16.269277096 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:18:16.274543047 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:16.445694923 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:16.450258017 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:18:16.455199957 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:21.144193888 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:18:21.149152040 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:21.320595026 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:21.328716040 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:18:21.333565950 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:33.175445080 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:18:33.487646103 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:18:33.734709024 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:33.735193014 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:33.735240936 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:18:33.735929012 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:33.735970020 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:18:33.739032030 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:33.739046097 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:33.909504890 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:33.912305117 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:18:33.920891047 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:34.052314043 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:34.054233074 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:18:34.059077978 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:42.456552029 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:18:42.461534023 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:42.487832069 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:18:42.492676973 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:42.633436918 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:42.635417938 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:18:42.640377045 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:42.728981972 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:42.731887102 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:18:42.736711979 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:57.270348072 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:18:57.275348902 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:57.445694923 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:57.452756882 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:18:57.457621098 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:57.834243059 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:18:57.839108944 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:58.009437084 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:58.011374950 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:18:58.016315937 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:58.409694910 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:18:58.414729118 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:58.487950087 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:18:58.492949963 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:58.585221052 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:58.592570066 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:18:58.597508907 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:58.686038017 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:18:58.687830925 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:18:58.692749977 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:02.894844055 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:03.003213882 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:13.269009113 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:13.274036884 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:13.444834948 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:13.447463989 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:13.452331066 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:19.519398928 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:19.556364059 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:19.556420088 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:19.827078104 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:19.833256006 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:19.833327055 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:19.851351023 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:19.997862101 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:19.999686003 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:20.289562941 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:20.289618015 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:20.290908098 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:20.290954113 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:20.314768076 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:20.590296984 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:20.592452049 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:20.597517967 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:29.769361019 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:29.774525881 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:29.955771923 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:29.966672897 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:29.983800888 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:32.901700020 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:32.956216097 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:44.564434052 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:44.569359064 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:44.739762068 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:44.784320116 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:44.939536095 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:44.944439888 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:45.331595898 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:45.336606979 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:45.362848043 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:45.367917061 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:45.506963015 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:45.508909941 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:45.513803005 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:45.521774054 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:45.526761055 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:45.596492052 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:45.599087000 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:45.604861021 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:45.809112072 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:45.811161041 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:45.817090988 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:46.628357887 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:46.633934975 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:46.976077080 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:46.978490114 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:46.984675884 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:55.675597906 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:55.680533886 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:55.784989119 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:55.790052891 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:55.851269960 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:55.853503942 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:55.858371019 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:55.960592031 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:55.962366104 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:55.967257977 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:56.378388882 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:56.383373022 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:56.554291964 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:19:56.557725906 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:19:56.562649965 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:01.534854889 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:01.539753914 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:01.612967968 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:01.617944956 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:01.659714937 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:01.665183067 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:01.675462961 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:01.680283070 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:01.710298061 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:01.743593931 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:01.791899920 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:01.837413073 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:01.839679003 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:01.844568968 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:01.847462893 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:01.852298975 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:01.934572935 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:01.936134100 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:01.941050053 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:02.030149937 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:02.033173084 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:02.038283110 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:02.137195110 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:02.139218092 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:02.144130945 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:02.898947954 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:02.957313061 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:16.628232002 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:16.633155107 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:16.804105043 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:16.806397915 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:16.811413050 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:17.612761974 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:17.617793083 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:17.644051075 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:17.649148941 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:17.722193956 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:17.727143049 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:17.753381968 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:17.758296013 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:17.788001060 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:17.790080070 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:17.839904070 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:17.888031960 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:17.889528036 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:17.894480944 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:17.983088970 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:17.984538078 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:17.989924908 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:18.079720020 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:18.080986977 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:18.086817980 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:18.086894035 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:18.092509031 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:18.373435974 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:18.375288010 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:18.380206108 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:21.612735987 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:21.617741108 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:21.788675070 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:21.790668964 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:21.795629978 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:21.862692118 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:21.867567062 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:22.094237089 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:22.096026897 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:22.101102114 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:24.631361008 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:24.636801004 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:24.807048082 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:24.808726072 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:24.813544989 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:32.896123886 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:32.943290949 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:33.518990993 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:33.525235891 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:33.675076008 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:33.680018902 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:33.694480896 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:33.697105885 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:33.744060040 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:33.744106054 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:33.748882055 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:33.800128937 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:33.804939032 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:33.831406116 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:33.836261988 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:33.850553989 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:33.852479935 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:33.903800964 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:33.903846025 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:33.908675909 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:33.909552097 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:33.914374113 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:33.925245047 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:33.930206060 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:33.946409941 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:33.948390961 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:33.995769024 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:34.019054890 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:34.020539045 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:34.025588036 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:34.034583092 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:34.039428949 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:34.097038984 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:34.101975918 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:34.112732887 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:34.115839958 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:34.159353971 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:34.159813881 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:34.159914017 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:34.164829969 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:34.190515041 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:34.191926003 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:34.243771076 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:34.243886948 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:34.248728991 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:34.285765886 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:34.287276983 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:34.339831114 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:34.381536961 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:34.387228012 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:34.392102003 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:34.480830908 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:34.485318899 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:34.490259886 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:34.497325897 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:34.502229929 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:39.503525019 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:39.508424997 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:39.675163984 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:39.678886890 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:39.680072069 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:39.680794954 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:39.685652971 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:39.850881100 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:39.852716923 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:39.857618093 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:46.378247023 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:46.383269072 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:46.553910971 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:46.559324980 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:46.564207077 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:49.019033909 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:49.023974895 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:49.194484949 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Sep 24, 2024 19:20:49.195310116 CEST | 49710 | 50000 | 192.168.2.5 | 191.96.207.180 |
Sep 24, 2024 19:20:49.203459978 CEST | 50000 | 49710 | 191.96.207.180 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 24, 2024 19:16:57.808954954 CEST | 58309 | 53 | 192.168.2.5 | 1.1.1.1 |
Sep 24, 2024 19:16:57.822468996 CEST | 53 | 58309 | 1.1.1.1 | 192.168.2.5 |
Sep 24, 2024 19:17:09.910823107 CEST | 59292 | 53 | 192.168.2.5 | 1.1.1.1 |
Sep 24, 2024 19:17:10.211461067 CEST | 53 | 59292 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 24, 2024 19:16:57.808954954 CEST | 192.168.2.5 | 1.1.1.1 | 0x4d74 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 24, 2024 19:17:09.910823107 CEST | 192.168.2.5 | 1.1.1.1 | 0xf5ba | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 24, 2024 19:16:57.822468996 CEST | 1.1.1.1 | 192.168.2.5 | 0x4d74 | No error (0) | 191.96.207.180 | A (IP address) | IN (0x0001) | false | ||
Sep 24, 2024 19:17:10.211461067 CEST | 1.1.1.1 | 192.168.2.5 | 0xf5ba | No error (0) | 191.96.207.180 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 13:16:39 |
Start date: | 24/09/2024 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7be880000 |
File size: | 452'608 bytes |
MD5 hash: | 04029E121A0CFA5991749937DD22A1D9 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 13:16:39 |
Start date: | 24/09/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d64d0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 13:16:53 |
Start date: | 24/09/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xc00000 |
File size: | 45'984 bytes |
MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | false |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848D9136B Relevance: .4, Instructions: 350COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848D91331 Relevance: .3, Instructions: 343COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848D91868 Relevance: .3, Instructions: 286COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848D91966 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848CC39B5 Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848CCC0F5 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848D926F0 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848CCC110 Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848CCC780 Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02F3BBD8 Relevance: 12.2, Strings: 9, Instructions: 914COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02F3AE98 Relevance: 8.4, Strings: 6, Instructions: 896COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02F381D8 Relevance: 2.8, Strings: 2, Instructions: 332COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02F35510 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02F35DE0 Relevance: .3, Instructions: 266COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02F37784 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02F37EBA Relevance: 1.6, APIs: 1, Instructions: 53COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012ED400 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 012ED3FB Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02F30BA0 Relevance: 2.8, Strings: 2, Instructions: 260COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02F351C8 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|