Windows
Analysis Report
8082-x86.dll
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- loaddll32.exe (PID: 5560 cmdline:
loaddll32. exe "C:\Us ers\user\D esktop\808 2-x86.dll" MD5: 1F562FBF37040EC6C43C8D5EF619EA39) - conhost.exe (PID: 5568 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - cmd.exe (PID: 5604 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\808 2-x86.dll" ,#1 MD5: F3BDBE3BB6F734E357235F4D5898582D) - rundll32.exe (PID: 5624 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\8082 -x86.dll", #1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D) - regsvr32.exe (PID: 5612 cmdline:
regsvr32.e xe /s C:\U sers\user\ Desktop\80 82-x86.dll MD5: 426E7499F6A7346F0410DEAD0805586B) - rundll32.exe (PID: 5632 cmdline:
rundll32.e xe C:\User s\user\Des ktop\8082- x86.dll,Dl lGetClassO bject MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D) - rundll32.exe (PID: 5676 cmdline:
rundll32.e xe C:\User s\user\Des ktop\8082- x86.dll,Dl lMain MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D) - rundll32.exe (PID: 5696 cmdline:
rundll32.e xe C:\User s\user\Des ktop\8082- x86.dll,Dl lRegisterS erver MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
- cleanup
{"BeaconType": ["HTTP"], "Port": 8082, "SleepTime": 38500, "MaxGetSize": 1399607, "Jitter": 27, "C2Server": "20.104.209.69,/broadcast", "HttpPostUri": "/1/events/com.amazon.csm.csa.prod", "Malleable_C2_Instructions": ["Remove 1308 bytes from the end", "Remove 1 bytes from the end", "Remove 194 bytes from the beginning", "Base64 decode"], "SpawnTo": "16nKFaB/gr/TtjAg2jiqFg==", "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe", "Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 1670873463, "bStageCleanup": "True", "bCFGCaution": "True", "KillDate": 0, "bProcInject_StartRWX": "True", "bProcInject_UseRWX": "False", "bProcInject_MinAllocSize": 16700, "ProcInject_PrependAppend_x86": ["kJCQ", "Empty"], "ProcInject_PrependAppend_x64": ["kJCQ", "Empty"], "ProcInject_Execute": ["ntdll.dll:RtlUserThreadStart", "SetThreadContext", "NtQueueApcThread-s", "kernel32.dll:LoadLibraryA", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "NtMapViewOfSection", "bUsesCookies": "False", "HostHeader": ""}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
CobaltStrike_Resources_Artifact32_v3_14_to_v4_x | Cobalt Strike\'s resources/artifact32{.dll,.exe,big.exe,big.dll,bigsvc.exe} signature for versions 3.14 to 4.x and resources/artifact32svc.exe for 3.14 to 4.x and resources/artifact32uac.dll for v3.14 and v4.0 | gssincla@google.com |
| |
JoeSecurity_CobaltStrike_4 | Yara detected CobaltStrike | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
CobaltStrike_Sleeve_Beacon_Dll_v4_3_v4_4_v4_5_and_v4_6 | Cobalt Strike\'s sleeve/beacon.dll Versions 4.3 and 4.4 | gssincla@google.com |
| |
SUSP_PS1_FromBase64String_Content_Indicator | Detects suspicious base64 encoded PowerShell expressions | Florian Roth |
| |
CobaltStrike_Resources_Command_Ps1_v2_5_to_v3_7_and_Resources_Compress_Ps1_v3_8_to_v4_x | Cobalt Strike\'s resources/command.ps1 for versions 2.5 to v3.7 and resources/compress.ps1 from v3.8 to v4.x | gssincla@google.com |
| |
SUSP_PS1_FromBase64String_Content_Indicator | Detects suspicious base64 encoded PowerShell expressions | Florian Roth |
| |
CobaltStrike_Resources_Command_Ps1_v2_5_to_v3_7_and_Resources_Compress_Ps1_v3_8_to_v4_x | Cobalt Strike\'s resources/command.ps1 for versions 2.5 to v3.7 and resources/compress.ps1 from v3.8 to v4.x | gssincla@google.com |
| |
Click to see the 21 entries |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | Malware Configuration Extractor: |
Source: | Static PE information: |
Networking |
---|
Source: | URLs: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: |
Source: | HTTP traffic detected: |
Source: | Code function: | 0_2_00951449 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Code function: | 0_2_00953410 | |
Source: | Code function: | 0_2_009702D8 | |
Source: | Code function: | 0_2_009614EB | |
Source: | Code function: | 0_2_00966514 | |
Source: | Code function: | 0_2_00973550 | |
Source: | Code function: | 0_2_00953541 | |
Source: | Code function: | 0_2_00973B20 | |
Source: | Code function: | 0_2_00972CD0 |
Source: | Code function: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Code function: | 0_2_009578FB |
Source: | Process created: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Mutant created: |
Source: | Classification label: |
Source: | Static PE information: |
Source: | Code function: | 0_3_00CE720F | |
Source: | Code function: | 0_3_00CE13F3 | |
Source: | Code function: | 0_3_00CEB4DD | |
Source: | Code function: | 0_3_00CEB59E | |
Source: | Code function: | 0_3_00CEB5FE | |
Source: | Code function: | 0_3_00CEB59E | |
Source: | Code function: | 0_3_00CE0533 | |
Source: | Code function: | 0_3_00CE06E6 | |
Source: | Code function: | 0_3_00CE1672 | |
Source: | Code function: | 0_3_00CE4677 | |
Source: | Code function: | 0_3_00CE063D | |
Source: | Code function: | 0_3_00CE07D4 | |
Source: | Code function: | 0_3_00CE07CB | |
Source: | Code function: | 0_3_00CE17EF | |
Source: | Code function: | 0_3_00CE0797 | |
Source: | Code function: | 0_3_00CE17B3 | |
Source: | Code function: | 0_3_00CE07C2 | |
Source: | Code function: | 0_3_00CE0764 | |
Source: | Code function: | 0_3_00CE0770 | |
Source: | Code function: | 0_3_00CE077F | |
Source: | Code function: | 0_3_00CE68EF | |
Source: | Code function: | 0_3_00CE1891 | |
Source: | Code function: | 0_3_00CE1891 | |
Source: | Code function: | 0_3_00CE0887 | |
Source: | Code function: | 0_3_00CE0853 | |
Source: | Code function: | 0_3_00CE0978 | |
Source: | Code function: | 0_3_00CE091D | |
Source: | Code function: | 0_3_00CE9AF9 | |
Source: | Code function: | 0_3_00CE1A93 | |
Source: | Code function: | 0_3_00CE1A86 | |
Source: | Code function: | 0_3_00CE4B85 |
Source: | Process created: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Check user administrative privileges: | graph_0-18003 |
Source: | Last function: |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Code function: | 0_3_00CE9004 | |
Source: | Code function: | 0_3_00CE8374 |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_009558DD |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Native API | 1 DLL Side-Loading | 11 Process Injection | 1 Virtualization/Sandbox Evasion | OS Credential Dumping | 1 Virtualization/Sandbox Evasion | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 11 Process Injection | LSASS Memory | 2 Process Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 11 Non-Standard Port | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 1 Deobfuscate/Decode Files or Information | Security Account Manager | 1 Account Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 2 Ingress Tool Transfer | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 2 Obfuscated Files or Information | NTDS | 1 System Owner/User Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 2 Non-Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Regsvr32 | LSA Secrets | 2 System Information Discovery | SSH | Keylogging | Data Transfer Size Limits | 112 Application Layer Protocol | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 Rundll32 | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
88% | ReversingLabs | Win32.Trojan.CobaltStrike | ||
70% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1235510 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
20.104.209.69 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | true |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 780200 |
Start date and time: | 2023-01-08 16:02:07 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 8m 19s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 8082-x86.dll |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Run name: | Run with higher sleep bypass |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.winDLL@14/0@0/1 |
EGA Information: |
|
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtQueryValueKey calls found.
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
20.104.209.69 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
File type: | |
Entropy (8bit): | 6.6495124481937875 |
TrID: |
|
File name: | 8082-x86.dll |
File size: | 285184 |
MD5: | 8d72fc6ff9cb0971df587d20dda5e8c8 |
SHA1: | d6031029133084901392b856fe66f00f438d95d9 |
SHA256: | 0b7d19cf030839c3df481069772c7a32b5a3be4c41ce6b436ab69015fa90d98a |
SHA512: | 9c2074e9e68676ce41346f9bce266fb1155d75fc4f1efc6f40bbcb7871ab6a2f7eda724c4381dd288d817929117fbea9bd3a6d0c977f3db5a55fad1bb35e294d |
SSDEEP: | 3072:GjXnzH5O+xdKYgC2F/bHnOdisDmtam6SBSZge2x7WBNvjxDld7JOwy6t7bAl+dBj:mNaYn+HNtaJD7VUwl7Y+T |
TLSH: | 1154CFE5B1DC6B67F844BABA93E1EA0A32A93CD88214E511B3FDDFF6210145CB8D44C5 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......^...........#.........V...... ........0.....k................................4......... ............................ |
Icon Hash: | 74f0e4ecccdce0e4 |
Entrypoint: | 0x6bac1420 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x6bac0000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED, DLL |
DLL Characteristics: | |
Time Stamp: | 0x5EDED50C [Tue Jun 9 00:17:16 2020 UTC] |
TLS Callbacks: | 0x6bac1a50, 0x6bac1a00 |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | e1dcffde169ed8b947dc63acdb78aeca |
Instruction |
---|
sub esp, 1Ch |
mov edx, dword ptr [esp+24h] |
mov dword ptr [6BB07018h], 00000000h |
cmp edx, 01h |
je 00007FBA3CA7FA6Ch |
mov ecx, dword ptr [esp+28h] |
mov eax, dword ptr [esp+20h] |
call 00007FBA3CA7F872h |
add esp, 1Ch |
retn 000Ch |
lea esi, dword ptr [esi+00000000h] |
mov dword ptr [esp+0Ch], edx |
call 00007FBA3CA807ECh |
mov edx, dword ptr [esp+0Ch] |
jmp 00007FBA3CA7FA29h |
nop |
push ebp |
mov ebp, esp |
sub esp, 18h |
mov eax, dword ptr [6BB05418h] |
test eax, eax |
je 00007FBA3CA7FA8Eh |
mov dword ptr [esp], 6BB06000h |
call dword ptr [6BB09138h] |
mov edx, 00000000h |
sub esp, 04h |
test eax, eax |
je 00007FBA3CA7FA68h |
mov dword ptr [esp+04h], 6BB0600Eh |
mov dword ptr [esp], eax |
call dword ptr [6BB0913Ch] |
sub esp, 08h |
mov edx, eax |
test edx, edx |
je 00007FBA3CA7FA5Bh |
mov dword ptr [esp], 6BB05418h |
call edx |
leave |
ret |
lea esi, dword ptr [esi+00h] |
push ebp |
mov ebp, esp |
pop ebp |
ret |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
push ebp |
mov ebp, esp |
push edi |
push esi |
push ebx |
sub esp, 4Ch |
mov edi, dword ptr [ebp+08h] |
mov esi, dword ptr [ebp+0Ch] |
mov dword ptr [ebp-1Ch], 00000000h |
mov dword ptr [esp+1Ch], 00000000h |
mov dword ptr [esp+18h], 00000000h |
mov dword ptr [eax+eax+00h], 00000000h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x48000 | 0xb0 | .edata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x49000 | 0x5bc | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x4c000 | 0x4ac | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x4b000 | 0x18 | .tls |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x49108 | 0xcc | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x1a84 | 0x1c00 | False | 0.5262276785714286 | data | 5.9055220621274644 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x3000 | 0x4241c | 0x42600 | False | 0.5397871056967984 | data | 6.6586521702558805 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0x46000 | 0x1a0 | 0x200 | False | 0.529296875 | data | 4.462802731767267 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ |
.bss | 0x47000 | 0x418 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.edata | 0x48000 | 0xb0 | 0x200 | False | 0.2734375 | data | 1.9817948694706844 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ |
.idata | 0x49000 | 0x5bc | 0x600 | False | 0.4296875 | data | 4.870768861754693 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.CRT | 0x4a000 | 0x2c | 0x200 | False | 0.052734375 | data | 0.18120187678200297 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tls | 0x4b000 | 0x20 | 0x200 | False | 0.0546875 | data | 0.2797047950073886 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.reloc | 0x4c000 | 0x4ac | 0x600 | False | 0.7005208333333334 | data | 5.557340256736937 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
DLL | Import |
---|---|
KERNEL32.dll | CloseHandle, ConnectNamedPipe, CreateFileA, CreateNamedPipeA, CreateThread, DeleteCriticalSection, EnterCriticalSection, FreeLibrary, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetLastError, GetModuleHandleA, GetProcAddress, GetSystemTimeAsFileTime, GetTickCount, InitializeCriticalSection, LeaveCriticalSection, LoadLibraryA, LoadLibraryW, QueryPerformanceCounter, ReadFile, SetUnhandledExceptionFilter, Sleep, TerminateProcess, TlsGetValue, UnhandledExceptionFilter, VirtualAlloc, VirtualProtect, VirtualQuery, WriteFile |
msvcrt.dll | __dllonexit, _amsg_exit, _initterm, _iob, _lock, _onexit, _unlock, _winmajor, abort, calloc, free, fwrite, malloc, memcpy, sprintf, strlen, strncmp, vfprintf |
Name | Ordinal | Address |
---|---|---|
DllGetClassObject | 1 | 0x6bac17ee |
DllMain | 2 | 0x6bac178b |
DllRegisterServer | 3 | 0x6bac17e0 |
DllUnregisterServer | 4 | 0x6bac17e7 |
StartW | 5 | 0x6bac1803 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 8, 2023 16:03:30.432375908 CET | 49685 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:03:30.547492981 CET | 8082 | 49685 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:03:30.547652960 CET | 49685 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:03:30.574161053 CET | 49685 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:03:30.690412045 CET | 8082 | 49685 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:03:30.692807913 CET | 8082 | 49685 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:03:30.692890882 CET | 8082 | 49685 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:03:30.692893028 CET | 49685 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:03:30.692970037 CET | 49685 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:03:30.692990065 CET | 8082 | 49685 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:03:30.693047047 CET | 49685 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:03:30.694236040 CET | 49685 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:03:30.809875965 CET | 8082 | 49685 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.041449070 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.155930996 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.156147957 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.156966925 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.270982027 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.285484076 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.285547018 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.285581112 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.285617113 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.285650969 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.285684109 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.285711050 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.285716057 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.285751104 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.285788059 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.285801888 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.285828114 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.285830975 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.285868883 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.400144100 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.400207043 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.400235891 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.400262117 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.400286913 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.400311947 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.400336981 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.400366068 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.400386095 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.400424004 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.400440931 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.400471926 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.400480986 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.400501966 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.400507927 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.400528908 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.400530100 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.400547981 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.400557041 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.400567055 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.400584936 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.400602102 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.400613070 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.400628090 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.400638103 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.400662899 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.400680065 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.400741100 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.400769949 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.400798082 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.400813103 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.400819063 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.400845051 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.400854111 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.400887966 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.515465975 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.515511036 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.515531063 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.515554905 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.515674114 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.515723944 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.515738010 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.515748978 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.515769958 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.515774012 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.515791893 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.515799046 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.515832901 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.516217947 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.516247034 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.516267061 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.516287088 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.516295910 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.516344070 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.516704082 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.516726017 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.516746044 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.516767025 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.516777992 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.516788006 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.516823053 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.516834974 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.516855955 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.516875982 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.516885996 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.516904116 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.516952038 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.517013073 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.517034054 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.517060995 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.517067909 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.517091036 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.517096043 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.517117977 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.517151117 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.517215014 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.517239094 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.517260075 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.517266035 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.517281055 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.517285109 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.517302990 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.517323971 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.517338037 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.517343998 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.517348051 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.517384052 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.517398119 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.517426968 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.517446041 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.517456055 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.517467976 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.517488956 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.517493963 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.517509937 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.517529964 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.517534018 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.517550945 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.517558098 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.517571926 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.517596006 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.517635107 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.630100965 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630146027 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630168915 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630192041 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630214930 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630234957 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630258083 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630281925 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630302906 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630307913 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.630326033 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630351067 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630373001 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630398035 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630407095 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.630422115 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630435944 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.630451918 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630467892 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.630475044 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630497932 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630511045 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.630520105 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630541086 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630552053 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.630564928 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630580902 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.630588055 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630609989 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630616903 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.630634069 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630656004 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630664110 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.630680084 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630723000 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.630723000 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.630732059 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630755901 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630764961 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.630779982 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630781889 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.630801916 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630810022 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.630827904 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630848885 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630868912 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630873919 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.630891085 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630913019 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630917072 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.630937099 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630940914 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.630959034 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630980015 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.630983114 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.631002903 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631006956 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.631023884 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631040096 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.631047010 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631067991 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631076097 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.631088972 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631109953 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631122112 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.631131887 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631153107 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631155014 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.631175041 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631196022 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631201982 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.631217957 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631223917 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.631239891 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631249905 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.631263971 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631284952 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631306887 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631313086 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.631330013 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631339073 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.631354094 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631365061 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.631376982 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631412983 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.631462097 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631484032 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631485939 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.631505966 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631526947 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631546974 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631550074 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.631588936 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.631618977 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.631668091 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631691933 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631711960 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631731033 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.631736040 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631758928 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631761074 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.631781101 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631788015 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.631804943 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631814957 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.631829023 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631850958 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631854057 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.631872892 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631886959 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.631913900 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631920099 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.631937027 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631958008 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.631959915 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.631983042 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.632004023 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.632014036 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.632025957 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.632038116 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.632049084 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.632070065 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.632076025 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.632091045 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.632098913 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.632112026 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.632136106 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.632172108 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.745404959 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.745446920 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.745467901 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.745570898 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.745640039 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.745683908 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.747332096 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.747487068 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.747505903 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.747560024 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.747658014 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.747716904 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.747987032 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.748064995 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.748140097 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.748188019 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.748300076 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.748404026 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.748467922 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.748490095 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.748514891 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.748547077 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.748564005 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.748584032 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.748605013 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.748606920 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.748625994 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.748631001 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.748646975 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.748653889 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.748667955 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.748678923 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.748689890 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.748702049 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.748709917 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.748730898 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.748732090 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.748753071 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.748774052 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.748785973 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.748794079 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.748811960 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.748820066 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.748842001 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.748845100 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.748866081 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.748878956 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.748887062 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.748905897 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.748908043 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.748929977 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.748938084 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.748951912 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.748972893 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.748975039 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.748992920 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.749011040 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:02.749011040 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.749034882 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.749073029 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.749463081 CET | 49686 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:02.863251925 CET | 8082 | 49686 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:03.032263041 CET | 49687 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:03.146584034 CET | 8082 | 49687 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:03.146877050 CET | 49687 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:03.147871971 CET | 49687 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:03.148056030 CET | 49687 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:03.261693001 CET | 8082 | 49687 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:03.261727095 CET | 8082 | 49687 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:03.261744022 CET | 8082 | 49687 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:03.261753082 CET | 8082 | 49687 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:03.261774063 CET | 8082 | 49687 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:03.261789083 CET | 8082 | 49687 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:03.261826038 CET | 8082 | 49687 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:03.261975050 CET | 49687 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:03.376238108 CET | 8082 | 49687 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:03.380633116 CET | 8082 | 49687 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:03.380666971 CET | 8082 | 49687 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:03.380811930 CET | 49687 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:03.381032944 CET | 49687 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:03.381078005 CET | 49687 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:38.445864916 CET | 49688 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:38.560574055 CET | 8082 | 49688 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:38.560714960 CET | 49688 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:38.561438084 CET | 49688 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:38.675760984 CET | 8082 | 49688 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:38.681183100 CET | 8082 | 49688 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:38.681255102 CET | 8082 | 49688 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:38.681268930 CET | 49688 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:38.681324959 CET | 49688 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:38.681638002 CET | 8082 | 49688 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:04:38.681715965 CET | 49688 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:38.713166952 CET | 49688 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:04:38.827778101 CET | 8082 | 49688 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:05:10.735661030 CET | 49689 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:05:10.850111008 CET | 8082 | 49689 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:05:10.884565115 CET | 49689 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:05:10.885616064 CET | 49689 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:05:10.999473095 CET | 8082 | 49689 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:05:11.002820015 CET | 8082 | 49689 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:05:11.002854109 CET | 8082 | 49689 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:05:11.002892971 CET | 8082 | 49689 | 20.104.209.69 | 192.168.2.4 |
Jan 8, 2023 16:05:11.003046989 CET | 49689 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:05:11.192933083 CET | 49689 | 8082 | 192.168.2.4 | 20.104.209.69 |
Jan 8, 2023 16:05:11.307514906 CET | 8082 | 49689 | 20.104.209.69 | 192.168.2.4 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49685 | 20.104.209.69 | 8082 | C:\Windows\System32\loaddll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 8, 2023 16:03:30.574161053 CET | 92 | OUT | |
Jan 8, 2023 16:03:30.692807913 CET | 92 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.4 | 49686 | 20.104.209.69 | 8082 | C:\Windows\System32\loaddll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 8, 2023 16:04:02.156966925 CET | 95 | OUT | |
Jan 8, 2023 16:04:02.285484076 CET | 96 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.4 | 49687 | 20.104.209.69 | 8082 | C:\Windows\System32\loaddll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 8, 2023 16:04:03.147871971 CET | 342 | OUT | |
Jan 8, 2023 16:04:03.380633116 CET | 357 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.4 | 49688 | 20.104.209.69 | 8082 | C:\Windows\System32\loaddll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 8, 2023 16:04:38.561438084 CET | 359 | OUT | |
Jan 8, 2023 16:04:38.681183100 CET | 359 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.4 | 49689 | 20.104.209.69 | 8082 | C:\Windows\System32\loaddll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 8, 2023 16:05:10.885616064 CET | 362 | OUT | |
Jan 8, 2023 16:05:11.002820015 CET | 363 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 16:03:18 |
Start date: | 08/01/2023 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x13d0000 |
File size: | 116736 bytes |
MD5 hash: | 1F562FBF37040EC6C43C8D5EF619EA39 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Target ID: | 1 |
Start time: | 16:03:18 |
Start date: | 08/01/2023 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7c72c0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 2 |
Start time: | 16:03:18 |
Start date: | 08/01/2023 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd90000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 3 |
Start time: | 16:03:18 |
Start date: | 08/01/2023 |
Path: | C:\Windows\SysWOW64\regsvr32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2a0000 |
File size: | 20992 bytes |
MD5 hash: | 426E7499F6A7346F0410DEAD0805586B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 4 |
Start time: | 16:03:18 |
Start date: | 08/01/2023 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x200000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 5 |
Start time: | 16:03:18 |
Start date: | 08/01/2023 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x200000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 6 |
Start time: | 16:03:22 |
Start date: | 08/01/2023 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x200000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 7 |
Start time: | 16:03:25 |
Start date: | 08/01/2023 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x200000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Execution Graph
Execution Coverage: | 7.6% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 2.2% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 70 |
Graph
Function 00951449 Relevance: 12.2, APIs: 8, Instructions: 169networkfileCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00953410 Relevance: 1.4, APIs: 1, Instructions: 133sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00951207 Relevance: 12.1, APIs: 8, Instructions: 147networkCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009640EA Relevance: 6.0, APIs: 4, Instructions: 44memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009516C7 Relevance: 4.6, APIs: 3, Instructions: 66networkCOMMONLIBRARYCODE
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00950FE6 Relevance: 3.1, APIs: 2, Instructions: 114networkCOMMONLIBRARYCODE
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0095F9F9 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00951CF0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CE8D24 Relevance: 1.5, APIs: 1, Instructions: 22memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00965DC3 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00973B20 Relevance: .4, Instructions: 435COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00973550 Relevance: .4, Instructions: 406COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CE9004 Relevance: .2, Instructions: 182COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CE8374 Relevance: .2, Instructions: 182COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00953541 Relevance: .1, Instructions: 133COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009614EB Relevance: .1, Instructions: 120COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00959B9D Relevance: 12.2, APIs: 8, Instructions: 158COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00950795 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00950794 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |