Windows
Analysis Report
84Z63SyEQ7.ps1
Overview
General Information
Sample name: | 84Z63SyEQ7.ps1renamed because original name is a hash value |
Original sample name: | fc80cb0479aa75176137ece45d778fb4631b7aaaf294e9bd2640b56c686643bb.ps1 |
Analysis ID: | 1517140 |
MD5: | 1c46bfc607b523389fcc8bd1d3407f84 |
SHA1: | 6f187008fffde9d48ba4c591e5965ea2906bed3d |
SHA256: | fc80cb0479aa75176137ece45d778fb4631b7aaaf294e9bd2640b56c686643bb |
Tags: | ps1vecotr-viewdns-netuser-JAMESWT_MHT |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- powershell.exe (PID: 1340 cmdline:
"C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" -noLogo -E xecutionPo licy unres tricted -f ile "C:\Us ers\user\D esktop\84Z 63SyEQ7.ps 1" MD5: 04029E121A0CFA5991749937DD22A1D9) - conhost.exe (PID: 2612 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - RegSvcs.exe (PID: 6196 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Svcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94) - RegSvcs.exe (PID: 6544 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Svcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
XWorm | Malware with wide range of capabilities ranging from RAT to ransomware. | No Attribution |
{"C2 url": ["vecotr.viewdns.net"], "Port": "50000", "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | ||
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
Click to see the 6 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | ||
JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | ||
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
Click to see the 5 entries |
System Summary |
---|
Source: | Author: frack113: |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-24T19:24:26.817842+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:24:32.899730+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:24:39.062028+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:24:51.653604+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:24:51.656316+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:02.894554+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:03.561380+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:15.811499+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:26.324631+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:32.877186+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:33.487018+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:37.545843+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:39.343159+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:42.671236+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:53.107228+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:53.218034+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:53.398167+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:58.718840+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:02.902771+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:08.671188+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:08.979804+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:09.105032+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:09.467868+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:15.278052+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:20.732013+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:22.657089+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:25.530128+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:29.985575+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:30.760723+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:30.860403+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:33.062648+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:33.140732+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:36.769681+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:36.870953+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:36.971000+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:37.080175+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:37.352873+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:37.479781+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:49.627657+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:01.875888+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:02.895217+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:09.230503+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:11.483815+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:13.795808+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:14.655732+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:15.184090+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:21.922348+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:23.585574+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:29.421109+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:32.888558+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:34.313786+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:44.390069+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:44.480306+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:44.576963+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:44.652221+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:44.747754+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:44.843024+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:44.936341+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:48.640042+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:49.846197+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:58.815359+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:28:01.301630+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:28:01.303044+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:28:02.917782+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-24T19:24:26.870741+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:24:39.073363+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:24:51.656861+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:25:03.563323+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:25:15.814071+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:25:26.332535+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:25:33.492913+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:25:37.577009+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:25:39.344834+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:25:42.673337+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:25:53.115374+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:25:53.219781+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:25:53.305750+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:25:53.400183+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:25:58.720912+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:08.674371+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:08.981775+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:09.107168+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:09.472324+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:15.280343+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:20.734284+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:22.658696+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:25.541196+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:29.991426+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:30.762241+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:30.861844+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:36.785373+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:36.872686+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:36.972442+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:37.081706+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:37.354521+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:37.481183+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:49.630042+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:01.877504+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:09.233437+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:11.485486+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:13.797724+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:14.657329+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:15.185755+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:21.924061+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:23.587318+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:29.423308+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:34.315423+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:44.393018+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:44.483419+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:44.581630+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:44.654039+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:44.749616+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:44.844645+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:44.938126+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:48.647336+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:49.848024+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:58.818389+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:28:01.302346+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-24T19:24:32.899730+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:02.894554+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:32.877186+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:02.902771+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:33.062648+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:33.140732+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:02.895217+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:32.888558+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:28:02.917782+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-24T19:26:14.903524+0200 | 2853193 | 1 | Malware Command and Control Activity Detected | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: |
Source: | TCP traffic: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process Stats: |
Source: | Code function: | 0_2_00007FFD347740F2 | |
Source: | Code function: | 0_2_00007FFD34773CFA | |
Source: | Code function: | 0_2_00007FFD34773EF5 | |
Source: | Code function: | 0_2_00007FFD34773F53 | |
Source: | Code function: | 4_2_026F6348 | |
Source: | Code function: | 4_2_026FB038 | |
Source: | Code function: | 4_2_026F5670 | |
Source: | Code function: | 4_2_026F84B8 | |
Source: | Code function: | 4_2_026F5328 | |
Source: | Code function: | 4_2_026F0BA0 |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 11 Windows Management Instrumentation | 1 DLL Side-Loading | 211 Process Injection | 1 Disable or Modify Tools | OS Credential Dumping | 121 Security Software Discovery | Remote Services | 11 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 121 Virtualization/Sandbox Evasion | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 211 Process Injection | Security Account Manager | 121 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Deobfuscate/Decode Files or Information | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | 11 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Software Packing | LSA Secrets | 2 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | 13 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
24% | ReversingLabs | Script-PowerShell.Backdoor.Xworm |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
vecotr.viewdns.net | 191.96.207.180 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
191.96.207.180 | vecotr.viewdns.net | Chile | 60458 | ASN-XTUDIONETES | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1517140 |
Start date and time: | 2024-09-24 19:23:00 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 53s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 84Z63SyEQ7.ps1renamed because original name is a hash value |
Original Sample Name: | fc80cb0479aa75176137ece45d778fb4631b7aaaf294e9bd2640b56c686643bb.ps1 |
Detection: | MAL |
Classification: | mal100.troj.evad.winPS1@6/5@1/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target powershell.exe, PID 1340 because it is empty
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: 84Z63SyEQ7.ps1
Time | Type | Description |
---|---|---|
13:23:53 | API Interceptor | |
13:24:13 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
191.96.207.180 | Get hash | malicious | XWorm | Browse | ||
Get hash | malicious | PureLog Stealer, XWorm | Browse | |||
Get hash | malicious | PureLog Stealer, XWorm | Browse | |||
Get hash | malicious | XWorm | Browse | |||
Get hash | malicious | PureLog Stealer, XWorm | Browse | |||
Get hash | malicious | XWorm | Browse | |||
Get hash | malicious | XWorm | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
vecotr.viewdns.net | Get hash | malicious | XWorm | Browse |
| |
Get hash | malicious | PureLog Stealer, XWorm | Browse |
| ||
Get hash | malicious | PureLog Stealer, XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | PureLog Stealer, XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ASN-XTUDIONETES | Get hash | malicious | XWorm | Browse |
| |
Get hash | malicious | PureLog Stealer, XWorm | Browse |
| ||
Get hash | malicious | PureLog Stealer, XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | PureLog Stealer, XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 64 |
Entropy (8bit): | 1.1940658735648508 |
Encrypted: | false |
SSDEEP: | 3:NlllulDm0ll//Z:NllU6cl/ |
MD5: | DA1F22117B9766A1F0220503765A5BA5 |
SHA1: | D35597157EFE03AA1A88C1834DF8040B3DD3F3CB |
SHA-256: | BD022BFCBE39B4DA088DDE302258AE375AAFD6BDA4C7B39A97D80C8F92981C69 |
SHA-512: | 520FA7879AB2A00C86D9982BB057E7D5E243F7FC15A12BA1C823901DC582D2444C76534E955413B0310B9EBD043400907FD412B88927DAD07A1278D3B667E3D9 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6224 |
Entropy (8bit): | 3.7327858222885704 |
Encrypted: | false |
SSDEEP: | 48:rZDOlUtyZ3CyQU2UuIyukvhkvklCywdchltzlHJ8KSogZo98hltzlt8KSogZop1:tOZ3CKTBkvhkvCCtOhltzCHlhltzaHK |
MD5: | D8A3F4E65D9F35604B26B57B7EB25709 |
SHA1: | B7757806C30E1A9C69CF1FCC3C08BF59BB6C2704 |
SHA-256: | 875928EFADD5DD50B0ABEA929151D7DDFD9B9CFB9CE3DF1ED9752B93EFF99A17 |
SHA-512: | 7595AEE3CF0A07411EF8D4065C503E3F86AEDFDCAE4B65E62DB06F8C3C9D4F9BCC38D5DF15C85349A7D087BA67E3A01AA3FE0D632BDC82DF15BF5654957E7B04 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\UEK2DMRH2GD3AT5SXHI3.temp
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6224 |
Entropy (8bit): | 3.7327858222885704 |
Encrypted: | false |
SSDEEP: | 48:rZDOlUtyZ3CyQU2UuIyukvhkvklCywdchltzlHJ8KSogZo98hltzlt8KSogZop1:tOZ3CKTBkvhkvCCtOhltzCHlhltzaHK |
MD5: | D8A3F4E65D9F35604B26B57B7EB25709 |
SHA1: | B7757806C30E1A9C69CF1FCC3C08BF59BB6C2704 |
SHA-256: | 875928EFADD5DD50B0ABEA929151D7DDFD9B9CFB9CE3DF1ED9752B93EFF99A17 |
SHA-512: | 7595AEE3CF0A07411EF8D4065C503E3F86AEDFDCAE4B65E62DB06F8C3C9D4F9BCC38D5DF15C85349A7D087BA67E3A01AA3FE0D632BDC82DF15BF5654957E7B04 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 3.124818912023792 |
TrID: | |
File name: | 84Z63SyEQ7.ps1 |
File size: | 329'783 bytes |
MD5: | 1c46bfc607b523389fcc8bd1d3407f84 |
SHA1: | 6f187008fffde9d48ba4c591e5965ea2906bed3d |
SHA256: | fc80cb0479aa75176137ece45d778fb4631b7aaaf294e9bd2640b56c686643bb |
SHA512: | dad58a75c8eef2cc756d202f8e90a4d6a58f173dd3838324be4ad14d8abb50e20f886b89e8dd3d2a9e406215896dd9650aa91e5d9da813319604e2034db23d31 |
SSDEEP: | 3072:HL3D5WXtWVH44LhC8z60U4h3mSvsgTUfWwLC5ImBK5W9Fp81fABAUvetcTnZm:v5W0H44LhC87TUOwqYyfbg |
TLSH: | C564CC898537FB85CC0228A61D2B39F078C86D5EA1F5C8F0AF379C1A25D50589FBDDA1 |
File Content Preview: | try..{....$cake = "4D_5A_90_00_03_00_00_00_04_00_00_00_FF_FF_00_00_B8_00_00_00_00_00_00_00_40_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_80_00_00_00_0E_1F_BA_0E_00_B4_09_CD_21_B8_01_4C_CD_21_54 |
Icon Hash: | 3270d6baae77db44 |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-24T19:24:26.644038+0200 | 2855924 | ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:24:26.817842+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:24:26.870741+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:24:32.899730+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:24:32.899730+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:24:39.062028+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:24:39.073363+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:24:51.653604+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:24:51.656316+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:24:51.656861+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:25:02.894554+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:02.894554+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:03.561380+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:03.563323+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:25:15.811499+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:15.814071+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:25:26.324631+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:26.332535+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:25:32.877186+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:32.877186+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:33.487018+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:33.492913+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:25:37.545843+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:37.577009+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:25:39.343159+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:39.344834+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:25:42.671236+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:42.673337+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:25:53.107228+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:53.115374+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:25:53.218034+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:53.219781+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:25:53.305750+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:25:53.398167+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:53.400183+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:25:58.718840+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:25:58.720912+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:02.902771+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:02.902771+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:08.671188+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:08.674371+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:08.979804+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:08.981775+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:09.105032+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:09.107168+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:09.467868+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:09.472324+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:14.903524+0200 | 2853193 | ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:15.278052+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:15.280343+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:20.732013+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:20.734284+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:22.657089+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:22.658696+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:25.530128+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:25.541196+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:29.985575+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:29.991426+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:30.760723+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:30.762241+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:30.860403+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:30.861844+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:33.062648+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:33.062648+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:33.140732+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:33.140732+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:36.769681+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:36.785373+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:36.870953+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:36.872686+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:36.971000+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:36.972442+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:37.080175+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:37.081706+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:37.352873+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:37.354521+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:37.479781+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:37.481183+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:26:49.627657+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:26:49.630042+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:01.875888+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:01.877504+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:02.895217+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:02.895217+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:09.230503+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:09.233437+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:11.483815+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:11.485486+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:13.795808+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:13.797724+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:14.655732+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:14.657329+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:15.184090+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:15.185755+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:21.922348+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:21.924061+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:23.585574+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:23.587318+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:29.421109+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:29.423308+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:32.888558+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:32.888558+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:34.313786+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:34.315423+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:44.390069+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:44.393018+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:44.480306+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:44.483419+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:44.576963+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:44.581630+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:44.652221+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:44.654039+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:44.747754+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:44.749616+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:44.843024+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:44.844645+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:44.936341+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:44.938126+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:48.640042+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:48.647336+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:49.846197+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:49.848024+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:27:58.815359+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:27:58.818389+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:28:01.301630+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:28:01.302346+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.6 | 49717 | 191.96.207.180 | 50000 | TCP |
2024-09-24T19:28:01.303044+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:28:02.917782+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
2024-09-24T19:28:02.917782+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 191.96.207.180 | 50000 | 192.168.2.6 | 49717 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 24, 2024 19:24:14.197343111 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:24:14.202476025 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:24:14.202591896 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:24:14.391972065 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:24:14.564551115 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:24:26.644037962 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:24:26.648808956 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:24:26.817842007 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:24:26.870740891 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:24:26.875570059 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:24:32.899729967 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:24:32.950088024 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:24:38.888098001 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:24:38.893321991 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:24:39.062027931 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:24:39.073363066 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:24:39.078344107 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:24:51.137872934 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:24:51.143145084 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:24:51.653604031 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:24:51.656316042 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:24:51.656372070 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:24:51.656861067 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:24:51.677376986 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:02.894553900 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:02.950110912 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:03.387849092 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:03.392756939 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:03.561379910 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:03.563323021 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:03.568239927 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:15.637944937 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:15.642857075 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:15.811499119 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:15.814070940 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:15.820600033 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:26.012799978 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:26.156225920 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:26.324630976 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:26.332535028 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:26.337327003 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:32.877186060 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:32.918786049 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:33.313189983 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:33.318329096 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:33.487018108 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:33.492913008 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:33.497823954 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:37.372148991 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:37.377171993 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:37.545842886 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:37.577008963 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:37.581903934 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:39.169101954 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:39.173974991 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:39.343158960 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:39.344834089 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:39.349787951 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:42.497354031 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:42.502310991 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:42.671236038 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:42.673336983 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:42.678412914 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:52.887830973 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:52.938796043 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:52.938851118 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:52.943609953 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:52.950406075 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:52.957299948 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:52.965945959 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:52.971525908 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:52.981676102 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:52.986538887 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:53.107228041 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:53.115374088 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:53.120307922 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:53.169137955 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:53.174443007 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:53.218034029 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:53.219780922 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:53.224648952 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:53.303684950 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:53.305749893 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:53.311095953 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:53.311153889 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:53.316169977 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:53.398166895 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:53.400182962 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:53.405112028 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:58.544210911 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:58.550038099 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:58.718839884 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:25:58.720911980 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:25:58.726036072 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:02.902770996 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:02.950119019 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:08.497232914 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:08.502060890 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:08.671188116 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:08.674371004 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:08.679308891 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:08.778537035 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:08.783323050 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:08.793951988 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:08.798846006 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:08.979804039 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:08.981775045 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:08.987090111 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:09.105031967 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:09.107167959 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:09.112005949 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:09.294044971 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:09.298942089 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:09.467868090 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:09.472323895 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:09.477189064 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:14.903523922 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:15.111716032 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:15.278052092 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:15.280343056 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:15.285192966 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:20.169192076 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:20.481270075 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:20.564320087 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:20.564779043 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:20.732012987 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:20.734283924 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:20.739177942 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:22.481554031 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:22.486613989 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:22.657088995 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:22.658695936 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:22.663589001 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:25.356548071 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:25.361404896 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:25.530128002 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:25.541196108 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:25.545969963 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:29.811367035 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:29.816958904 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:29.985574961 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:29.991425991 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:29.996825933 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:30.559631109 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:30.571309090 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:30.591052055 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:30.603988886 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:30.760723114 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:30.762240887 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:30.771295071 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:30.860403061 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:30.861844063 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:30.866995096 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:33.062648058 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:33.106268883 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:33.140732050 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:33.140782118 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:36.528486013 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:36.573357105 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:36.575601101 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:36.607595921 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:36.607645988 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:36.623306036 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:36.747123957 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:36.769680977 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:36.785325050 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:36.785372972 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:36.824065924 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:36.870953083 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:36.872685909 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:36.919003010 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:36.970999956 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:36.972441912 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:36.979768038 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:37.080174923 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:37.081706047 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:37.092370987 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:37.122231007 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:37.132421970 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:37.200447083 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:37.224667072 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:37.352873087 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:37.354521036 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:37.372704029 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:37.479780912 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:37.481183052 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:37.553625107 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:49.450423002 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:49.455301046 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:49.627656937 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:26:49.630042076 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:26:49.635335922 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:01.701915026 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:01.706892014 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:01.875888109 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:01.877504110 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:01.882328033 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:02.895216942 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:02.950021982 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:08.028451920 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:08.340676069 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:08.950084925 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:09.070391893 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:09.070406914 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:09.070449114 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:09.230503082 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:09.233437061 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:09.238329887 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:11.309760094 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:11.314702988 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:11.483814955 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:11.485486031 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:11.490802050 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:13.622132063 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:13.627018929 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:13.795808077 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:13.797724009 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:13.802609921 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:14.481646061 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:14.486681938 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:14.655731916 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:14.657329082 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:14.662102938 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:14.981848955 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:14.986680031 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:15.184089899 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:15.185755014 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:15.190526962 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:21.747807026 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:21.752643108 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:21.922348022 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:21.924061060 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:21.928929090 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:23.341018915 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:23.345885992 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:23.585573912 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:23.587317944 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:23.592144012 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:29.247245073 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:29.252290964 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:29.421108961 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:29.423307896 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:29.428169966 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:32.888557911 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:32.934523106 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:34.122185946 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:34.147551060 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:34.313786030 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:34.315423012 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:34.320261002 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:44.216075897 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:44.220829964 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:44.262924910 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:44.267725945 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:44.294337988 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:44.299163103 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:44.387830973 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:44.390069008 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:44.392965078 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:44.393018007 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:44.398206949 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:44.465979099 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:44.470834970 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:44.480305910 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:44.483418941 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:44.530867100 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:44.544045925 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:44.548933983 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:44.559705019 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:44.565218925 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:44.576962948 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:44.581629992 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:44.626708984 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:44.652220964 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:44.654038906 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:44.658852100 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:44.747754097 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:44.749615908 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:44.755800009 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:44.843024015 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:44.844645023 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:44.849515915 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:44.936341047 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:44.938126087 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:44.942897081 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:48.466072083 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:48.470839024 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:48.640042067 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:48.647336006 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:48.653250933 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:49.669336081 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:49.677615881 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:49.846196890 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:49.848023891 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:49.852859974 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:58.637911081 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:58.645684004 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:58.815359116 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:27:58.818388939 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:27:58.823740005 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:28:00.887950897 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:28:00.892822981 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:28:01.301630020 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:28:01.302345991 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:28:01.303044081 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:28:01.303100109 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Sep 24, 2024 19:28:01.310250044 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:28:02.917782068 CEST | 50000 | 49717 | 191.96.207.180 | 192.168.2.6 |
Sep 24, 2024 19:28:02.965650082 CEST | 49717 | 50000 | 192.168.2.6 | 191.96.207.180 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 24, 2024 19:24:14.175878048 CEST | 55642 | 53 | 192.168.2.6 | 1.1.1.1 |
Sep 24, 2024 19:24:14.186742067 CEST | 53 | 55642 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 24, 2024 19:24:14.175878048 CEST | 192.168.2.6 | 1.1.1.1 | 0x9ba6 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 24, 2024 19:24:14.186742067 CEST | 1.1.1.1 | 192.168.2.6 | 0x9ba6 | No error (0) | 191.96.207.180 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 13:23:51 |
Start date: | 24/09/2024 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6e3d50000 |
File size: | 452'608 bytes |
MD5 hash: | 04029E121A0CFA5991749937DD22A1D9 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 13:23:51 |
Start date: | 24/09/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 13:24:05 |
Start date: | 24/09/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x90000 |
File size: | 45'984 bytes |
MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 13:24:05 |
Start date: | 24/09/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x5d0000 |
File size: | 45'984 bytes |
MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | false |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD3484251D Relevance: .5, Instructions: 487COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD3477C558 Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD3484269E Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD347739B5 Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD3477C0F5 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD348419B6 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD3477C110 Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD3477C935 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD34773EF5 Relevance: .2, Instructions: 188COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD34773F53 Relevance: .2, Instructions: 181COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD34773CFA Relevance: .2, Instructions: 156COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFD347740F2 Relevance: .1, Instructions: 138COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 16.3% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 57 |
Total number of Limit Nodes: | 7 |
Graph
Function 026F80C8 Relevance: 1.6, APIs: 1, Instructions: 129COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026F8198 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 026F7CB8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|