Windows
Analysis Report
7R4CQlalZQ.exe
Overview
General Information
Sample name: | 7R4CQlalZQ.exerenamed because original name is a hash value |
Original sample name: | 490ceab952abd5b62925e15f4b7aa533.exe |
Analysis ID: | 1528658 |
MD5: | 490ceab952abd5b62925e15f4b7aa533 |
SHA1: | 8ea352821a52ea4daf51913ab1b193fc8b0417c2 |
SHA256: | 290ab569c993fc3c2fcfeb1586eef058a0314893fc0c25219ba9915232a70280 |
Tags: | 32exenjrattrojan |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- 7R4CQlalZQ.exe (PID: 2828 cmdline:
"C:\Users\ user\Deskt op\7R4CQla lZQ.exe" MD5: 490CEAB952ABD5B62925E15F4B7AA533)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
XWorm | Malware with wide range of capabilities ranging from RAT to ransomware. | No Attribution |
{"C2 url": ["193.233.255.34"], "Port": "7777", "Aes key": "<Xwormmm>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
JoeSecurity_XWorm | Yara detected XWorm | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
|
System Summary |
---|
Source: | Author: Florian Roth (Nextron Systems): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-08T08:15:11.280839+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:15:11.540481+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:15:14.938402+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:15:27.719257+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:15:41.013793+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:15:41.276267+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:15:54.245089+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:07.604534+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:08.526313+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:09.620293+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:11.151175+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:11.315519+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:14.105833+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:20.140163+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:27.043234+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:30.168028+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:30.291630+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:30.409190+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:35.417748+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:36.464010+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:36.581252+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:41.290008+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:41.604553+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:46.902073+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:52.494606+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:52.612237+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:52.729670+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:52.863226+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:53.321994+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:55.340468+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:57.901385+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:08.464010+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:08.581636+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:09.870063+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:11.293087+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:18.899107+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:19.031523+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:20.934757+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:22.894986+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:24.339711+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:25.135672+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:30.276304+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:30.393732+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:30.860937+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:33.229310+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:37.637527+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:41.295629+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:50.995410+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:51.374674+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:51.552009+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:54.620314+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:55.693402+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:56.077652+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:59.574108+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:00.807569+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:06.387998+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:06.503075+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:07.341222+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:11.293009+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:16.885906+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:20.201558+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:27.792490+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:28.838524+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:29.452297+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:30.622234+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:32.339548+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:34.028610+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:37.214769+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:37.354657+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:40.917884+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:41.294912+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:42.932864+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:43.050549+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:43.168397+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:48.477531+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:49.260904+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:52.074295+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:52.573170+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:19:02.184085+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:19:11.293586+0200 | 2852870 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-08T08:15:14.947156+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:15:27.721501+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:15:41.035704+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:15:54.247258+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:07.607030+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:08.528370+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:09.630128+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:11.153955+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:14.107923+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:20.142319+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:27.057615+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:30.170226+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:30.293566+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:30.410982+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:35.425633+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:36.466105+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:36.583303+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:36.699822+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:41.609959+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:46.904419+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:52.497566+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:52.614727+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:52.732635+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:52.865031+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:53.327121+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:55.344600+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:57.904254+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:08.467044+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:08.583785+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:09.877140+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:18.901180+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:19.039507+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:20.936810+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:22.897001+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:24.357492+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:25.143536+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:30.278329+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:30.512601+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:30.518090+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:30.629584+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:30.745509+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:30.864713+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:33.235279+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:37.640862+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:50.997930+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:51.380293+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:51.562623+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:54.622463+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:55.702105+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:56.079740+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:59.581308+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:00.809490+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:06.391069+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:06.505266+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:07.348550+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:16.887525+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:20.203318+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:27.795473+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:28.839844+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:29.455634+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:30.657271+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:32.341304+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:34.034579+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:37.216489+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:37.358161+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:40.919395+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:42.934861+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:43.051691+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:43.169875+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:48.479483+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:49.268170+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:52.080110+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:52.575039+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:19:02.184885+0200 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-08T08:15:11.280839+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:15:11.540481+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:15:41.276267+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:11.315519+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:41.290008+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:11.293087+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:41.295629+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:11.293009+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:41.294912+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:19:11.293586+0200 | 2852874 | 1 | Malware Command and Control Activity Detected | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-08T08:16:52.285229+0200 | 2853193 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Source: | Static PE information: |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process Stats: |
Source: | Code function: | 0_2_00007FF848E85D76 | |
Source: | Code function: | 0_2_00007FF848E86B22 | |
Source: | Code function: | 0_2_00007FF848E896B4 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 0_2_00007FF848E8756A | |
Source: | Code function: | 0_2_00007FF848E8756A | |
Source: | Code function: | 0_2_00007FF848E8756A | |
Source: | Code function: | 0_2_00007FF848E8756A |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Anti Debugging |
---|
Source: | Process Stats: |
Source: | Process token adjusted: | Jump to behavior |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Memory allocated: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 11 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | OS Credential Dumping | 221 Security Software Discovery | Remote Services | 11 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 232 Virtualization/Sandbox Evasion | LSASS Memory | 232 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Deobfuscate/Decode Files or Information | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 13 System Information Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Software Packing | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
84% | ReversingLabs | ByteCode-MSIL.Backdoor.XWorm | ||
85% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1305769 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
10% | Virustotal | Browse |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
193.233.255.34 | unknown | Russian Federation | 2895 | FREE-NET-ASFREEnetEU | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1528658 |
Start date and time: | 2024-10-08 08:14:07 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 18s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 4 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 7R4CQlalZQ.exerenamed because original name is a hash value |
Original Sample Name: | 490ceab952abd5b62925e15f4b7aa533.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@1/0@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target 7R4CQlalZQ.exe, PID 2828 because it is empty
Time | Type | Description |
---|---|---|
02:14:58 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
193.233.255.34 | Get hash | malicious | PureLog Stealer, RedLine | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
FREE-NET-ASFREEnetEU | Get hash | malicious | LummaC, Vidar | Browse |
| |
Get hash | malicious | RDPWrap Tool | Browse |
| ||
Get hash | malicious | RDPWrap Tool | Browse |
| ||
Get hash | malicious | RDPWrap Tool | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, zgRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
File type: | |
Entropy (8bit): | 5.590350810316808 |
TrID: |
|
File name: | 7R4CQlalZQ.exe |
File size: | 33'280 bytes |
MD5: | 490ceab952abd5b62925e15f4b7aa533 |
SHA1: | 8ea352821a52ea4daf51913ab1b193fc8b0417c2 |
SHA256: | 290ab569c993fc3c2fcfeb1586eef058a0314893fc0c25219ba9915232a70280 |
SHA512: | eef0a6e1e0877ac549bae7408ef52fe59036be96f3f1694b19c466da64349a5a133ab169c177a3e7be09166e7cd39d230913ed6890e3942a5831706858b258b0 |
SSDEEP: | 768:iVa+vNtg+PB93Tw4e1dVFE9jjXOjhybe:svNtgw93U4epFE9jjXOjYC |
TLSH: | 66E23B4877D44712DAEEAFB12DF362061270D517E923EF6E0CE485EA2B67AC047407E6 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...79.f.................x..........n.... ........@.. ....................................@................................ |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x40976e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66F93937 [Sun Sep 29 11:25:43 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x971c | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xa000 | 0x4d8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xc000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x7774 | 0x7800 | 948534709a4644d7fbbb44e6d0c61676 | False | 0.5010416666666667 | data | 5.741433702369465 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0xa000 | 0x4d8 | 0x600 | afbb984503128042cc38bf70e5e337f4 | False | 0.375 | data | 3.7203482473352403 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xc000 | 0xc | 0x200 | 3ee5eb55d2c84cad34ece42377c6f250 | False | 0.044921875 | data | 0.08153941234324169 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0xa0a0 | 0x244 | data | 0.4724137931034483 | ||
RT_MANIFEST | 0xa2e8 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5469387755102041 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-08T08:15:11.280839+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:15:11.280839+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:15:11.540481+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:15:11.540481+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:15:13.961258+0200 | 2855924 | ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:15:14.938402+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:15:14.947156+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:15:27.719257+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:15:27.721501+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:15:41.013793+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:15:41.035704+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:15:41.276267+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:15:41.276267+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:15:54.245089+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:15:54.247258+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:07.604534+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:07.607030+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:08.526313+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:08.528370+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:09.620293+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:09.630128+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:11.151175+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:11.153955+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:11.315519+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:11.315519+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:14.105833+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:14.107923+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:20.140163+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:20.142319+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:27.043234+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:27.057615+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:30.168028+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:30.170226+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:30.291630+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:30.293566+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:30.409190+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:30.410982+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:35.417748+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:35.425633+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:36.464010+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:36.466105+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:36.581252+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:36.583303+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:36.699822+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:41.290008+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:41.290008+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:41.604553+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:41.609959+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:46.902073+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:46.904419+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:52.285229+0200 | 2853193 | ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:52.494606+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:52.497566+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:52.612237+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:52.614727+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:52.729670+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:52.732635+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:52.863226+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:52.865031+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:53.321994+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:53.327121+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:55.340468+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:55.344600+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:16:57.901385+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:16:57.904254+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:08.464010+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:08.467044+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:08.581636+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:08.583785+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:09.870063+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:09.877140+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:11.293087+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:11.293087+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:18.899107+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:18.901180+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:19.031523+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:19.039507+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:20.934757+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:20.936810+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:22.894986+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:22.897001+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:24.339711+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:24.357492+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:25.135672+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:25.143536+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:30.276304+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:30.278329+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:30.393732+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:30.512601+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:30.518090+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:30.629584+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:30.745509+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:30.860937+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:30.864713+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:33.229310+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:33.235279+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:37.637527+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:37.640862+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:41.295629+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:41.295629+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:50.995410+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:50.997930+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:51.374674+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:51.380293+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:51.552009+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:51.562623+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:54.620314+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:54.622463+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:55.693402+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:55.702105+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:56.077652+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:56.079740+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:17:59.574108+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:17:59.581308+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:00.807569+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:00.809490+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:06.387998+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:06.391069+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:06.503075+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:06.505266+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:07.341222+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:07.348550+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:11.293009+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:11.293009+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:16.885906+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:16.887525+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:20.201558+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:20.203318+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:27.792490+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:27.795473+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:28.838524+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:28.839844+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:29.452297+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:29.455634+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:30.622234+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:30.657271+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:32.339548+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:32.341304+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:34.028610+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:34.034579+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:37.214769+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:37.216489+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:37.354657+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:37.358161+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:40.917884+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:40.919395+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:41.294912+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:41.294912+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:42.932864+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:42.934861+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:43.050549+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:43.051691+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:43.168397+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:43.169875+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:48.477531+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:48.479483+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:49.260904+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:49.268170+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:52.074295+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:52.080110+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:18:52.573170+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:18:52.575039+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:19:02.184085+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:19:02.184885+0200 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.5 | 49704 | 193.233.255.34 | 7777 | TCP |
2024-10-08T08:19:11.293586+0200 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
2024-10-08T08:19:11.293586+0200 | 2852874 | ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 | 1 | 193.233.255.34 | 7777 | 192.168.2.5 | 49704 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2024 08:15:00.430834055 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:15:00.437066078 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:15:00.437268972 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:15:00.598798990 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:15:00.605367899 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:15:11.280838966 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:15:11.331654072 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:15:11.540481091 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:15:11.540549040 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:15:13.961257935 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:15:14.269135952 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:15:14.733417034 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:15:14.733432055 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:15:14.938401937 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:15:14.947155952 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:15:14.952400923 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:15:27.318968058 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:15:27.512088060 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:15:27.719257116 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:15:27.721501112 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:15:27.726931095 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:15:40.678242922 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:15:40.808664083 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:15:41.013792992 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:15:41.035703897 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:15:41.041146040 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:15:41.276267052 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:15:41.316134930 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:15:54.035392046 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:15:54.040366888 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:15:54.245089054 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:15:54.247257948 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:15:54.252772093 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:07.394561052 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:07.400000095 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:07.604533911 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:07.607029915 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:07.612412930 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:08.316581011 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:08.321816921 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:08.526313066 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:08.528369904 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:08.533293962 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:09.410372972 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:09.415436029 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:09.620292902 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:09.630127907 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:09.635206938 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:10.941437960 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:10.946868896 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:11.151175022 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:11.153954983 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:11.159310102 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:11.315519094 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:11.409833908 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:13.895905972 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:13.901159048 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:14.105833054 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:14.107923031 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:14.113312006 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:19.926115036 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:19.931781054 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:20.140162945 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:20.142318964 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:20.148010969 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:26.833148003 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:26.838637114 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:27.043234110 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:27.057615042 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:27.062920094 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:29.957092047 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:29.962652922 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:30.081971884 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:30.087049007 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:30.097479105 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:30.102576017 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:30.168028116 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:30.170226097 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:30.176115990 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:30.291630030 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:30.293565989 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:30.298966885 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:30.409189939 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:30.410981894 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:30.416220903 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:35.207550049 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:35.212838888 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:35.417747974 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:35.425632954 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:35.431539059 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:36.254112959 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:36.259305000 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:36.285198927 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:36.292717934 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:36.300733089 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:36.305960894 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:36.316266060 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:36.321168900 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:36.331964016 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:36.337165117 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:36.464010000 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:36.466104984 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:36.471210957 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:36.581252098 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:36.583302975 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:36.588355064 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:36.698116064 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:36.699821949 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:36.705044985 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:36.705108881 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:36.710966110 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:41.290008068 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:41.394510031 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:41.399925947 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:41.604552984 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:41.609958887 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:41.615302086 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:46.692047119 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:46.697362900 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:46.902072906 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:46.904418945 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:46.909708023 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:52.285228968 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:52.290378094 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:52.394537926 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:52.399548054 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:52.425760031 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:52.430831909 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:52.494606018 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:52.497565985 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:52.502377033 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:52.612236977 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:52.614727020 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:52.619923115 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:52.629012108 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:52.634125948 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:52.729670048 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:52.732635021 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:52.738022089 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:52.863225937 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:52.865031004 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:52.870513916 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:52.964315891 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:52.970304966 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:53.321994066 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:53.327121019 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:53.332828999 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:55.130290031 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:55.135898113 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:55.340467930 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:55.344599962 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:55.350006104 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:57.691401005 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:57.696468115 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:57.901385069 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:16:57.904253960 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:16:57.909780979 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:08.254050016 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:08.259375095 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:08.347771883 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:08.353228092 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:08.464010000 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:08.467044115 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:08.472284079 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:08.581635952 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:08.583785057 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:08.589001894 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:09.660393953 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:09.665772915 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:09.870063066 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:09.877140045 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:09.882472992 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:11.293087006 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:11.409989119 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:18.457561970 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:18.693898916 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:18.821460962 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:18.826819897 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:18.899106979 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:18.901180029 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:18.906241894 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:19.031522989 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:19.039506912 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:19.044815063 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:20.722774029 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:20.728262901 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:20.934756994 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:20.936810017 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:20.945466042 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:22.675823927 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:22.681195021 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:22.894985914 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:22.897001028 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:22.902000904 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:24.129873991 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:24.135411978 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:24.339710951 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:24.357491970 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:24.362632036 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:24.925756931 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:24.931163073 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:25.135672092 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:25.143536091 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:25.148912907 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:30.066529036 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:30.072045088 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:30.097611904 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:30.103020906 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:30.113353014 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:30.118464947 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:30.175909042 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:30.180918932 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:30.191443920 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:30.196942091 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:30.222675085 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:30.228171110 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:30.269471884 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:30.274580002 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:30.276304007 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:30.278328896 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:30.331598997 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:30.331804037 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:30.337308884 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:30.347692966 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:30.353749037 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:30.363280058 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:30.368370056 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:30.393732071 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:30.394615889 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:30.447408915 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:30.447607040 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:30.452585936 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:30.510649920 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:30.512600899 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:30.517852068 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:30.518090010 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:30.523252964 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:30.627521992 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:30.629584074 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:30.635015965 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:30.635204077 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:30.640593052 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:30.744102001 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:30.745508909 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:30.750438929 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:30.750638962 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:30.755625963 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:30.860937119 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:30.864712954 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:30.869771957 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:33.019761086 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:33.024955988 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:33.229310036 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:33.235279083 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:33.240236044 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:37.427687883 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:37.432935953 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:37.637526989 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:37.640861988 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:37.646173954 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:41.295629025 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:41.411269903 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:50.785521030 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:50.791023016 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:50.995409966 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:50.997930050 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:51.003360987 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:51.035092115 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:51.040441036 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:51.050744057 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:51.055903912 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:51.374674082 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:51.380292892 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:51.385694981 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:51.552009106 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:51.562623024 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:51.567994118 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:54.410394907 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:54.415591955 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:54.620313883 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:54.622462988 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:54.627793074 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:55.474198103 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:55.479665041 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:55.693402052 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:55.702105045 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:55.707561970 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:55.725964069 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:55.731435061 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:56.077651978 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:56.079740047 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:56.085206985 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:59.364070892 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:59.369687080 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:59.574107885 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:17:59.581307888 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:17:59.586637020 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:00.597798109 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:00.603341103 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:00.807569027 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:00.809489965 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:00.814896107 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:06.175723076 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:06.181195021 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:06.207035065 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:06.212596893 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:06.387998104 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:06.391068935 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:06.397705078 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:06.503074884 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:06.505265951 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:06.510603905 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:07.131185055 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:07.136717081 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:07.341222048 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:07.348550081 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:07.354034901 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:11.293009043 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:11.347543955 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:16.675988913 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:16.681447983 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:16.885905981 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:16.887525082 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:16.892930984 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:19.990921974 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:19.996563911 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:20.201558113 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:20.203318119 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:20.209109068 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:27.582777023 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:27.588190079 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:27.792490005 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:27.795473099 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:27.800419092 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:28.628927946 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:28.634274960 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:28.838524103 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:28.839843988 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:28.846002102 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:29.242396116 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:29.247787952 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:29.452296972 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:29.455634117 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:29.461085081 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:30.411025047 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:30.416625977 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:30.622234106 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:30.657270908 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:30.662543058 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:32.128957033 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:32.134361029 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:32.339548111 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:32.341304064 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:32.346878052 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:33.818233013 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:33.823755980 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:34.028609991 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:34.034579039 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:34.040036917 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:37.003979921 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:37.009521961 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:37.144459009 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:37.150032043 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:37.214768887 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:37.216489077 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:37.221870899 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:37.354656935 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:37.358160973 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:37.363643885 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:40.707050085 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:40.712798119 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:40.917884111 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:40.919394970 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:40.924772978 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:41.294912100 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:41.347470045 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:42.722917080 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:42.728681087 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:42.816503048 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:42.821973085 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:42.878884077 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:42.884426117 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:42.932863951 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:42.934860945 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:42.983692884 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:43.050549030 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:43.051691055 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:43.056991100 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:43.168396950 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:43.169874907 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:43.175504923 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:48.130182028 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:48.136876106 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:48.477530956 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:48.479482889 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:48.485706091 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:49.050827980 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:49.056478024 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:49.260904074 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:49.268170118 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:49.273655891 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:51.864178896 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:51.869689941 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:52.074295044 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:52.080110073 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:52.085484028 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:52.363462925 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:52.368966103 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:52.573169947 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:18:52.575038910 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:18:52.580668926 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:19:01.973582983 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:19:01.979023933 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:19:02.184084892 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:19:02.184885025 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Oct 8, 2024 08:19:02.190372944 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:19:11.293586016 CEST | 7777 | 49704 | 193.233.255.34 | 192.168.2.5 |
Oct 8, 2024 08:19:11.347435951 CEST | 49704 | 7777 | 192.168.2.5 | 193.233.255.34 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 02:14:55 |
Start date: | 08/10/2024 |
Path: | C:\Users\user\Desktop\7R4CQlalZQ.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xd30000 |
File size: | 33'280 bytes |
MD5 hash: | 490CEAB952ABD5B62925E15F4B7AA533 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E85D76 Relevance: .5, Instructions: 478COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E86B22 Relevance: .5, Instructions: 464COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E80758 Relevance: .4, Instructions: 392COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E81DD5 Relevance: .4, Instructions: 364COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E86736 Relevance: .3, Instructions: 337COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E82631 Relevance: .3, Instructions: 279COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E8845E Relevance: .2, Instructions: 247COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E87DCD Relevance: .2, Instructions: 215COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E80925 Relevance: .2, Instructions: 213COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E87568 Relevance: .2, Instructions: 207COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E8897D Relevance: .2, Instructions: 203COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E886F1 Relevance: .2, Instructions: 203COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E87578 Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E81738 Relevance: .2, Instructions: 200COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E8366C Relevance: .2, Instructions: 198COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E88F6A Relevance: .2, Instructions: 196COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E87588 Relevance: .2, Instructions: 195COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E805A0 Relevance: .2, Instructions: 180COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E80B5E Relevance: .2, Instructions: 160COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E81495 Relevance: .2, Instructions: 160COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E88131 Relevance: .1, Instructions: 147COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E804C8 Relevance: .1, Instructions: 138COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E882F5 Relevance: .1, Instructions: 132COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E80E11 Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E80CC1 Relevance: .1, Instructions: 121COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E80E30 Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E8AB05 Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E87FF9 Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E88B31 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E8A911 Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E8135D Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E812C1 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E89562 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E87C21 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E8140D Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E8AA69 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E813B8 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E89615 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E81141 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF848E81284 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|