Windows
Analysis Report
BS4GDarWw6.exe
Overview
General Information
Sample name: | BS4GDarWw6.exe (renamed file extension from none to exe, renamed because original name is a hash value) |
Original sample name: | 4cbdfd3f6f9ae5df959c14ead71d34a51652fdb07f01d2ed74f09143a31fd6ba |
Analysis ID: | 1436377 |
MD5: | 0d964dd9563668c723010679fc5c3705 |
SHA1: | 45e18e0f5aa3c914f30a9c8253d6e899c2d60a57 |
SHA256: | 4cbdfd3f6f9ae5df959c14ead71d34a51652fdb07f01d2ed74f09143a31fd6ba |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- BS4GDarWw6.exe (PID: 2972 cmdline:
"C:\Users\ user\Deskt op\BS4GDar Ww6.exe" MD5: 0D964DD9563668C723010679FC5C3705) - conhost.exe (PID: 5508 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - AppLaunch.exe (PID: 6192 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\App Launch.exe " MD5: 89D41E1CF478A3D3C2C701A27A5692B2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Vidar | Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser. | No Attribution |
{"C2 url": ["https://steamcommunity.com/profiles/76561199467421923", "https://t.me/year2023start"], "Version": "1.8"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | ||
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | ||
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | ||
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 4 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | ||
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | ||
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | ||
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | ||
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | ||
Click to see the 1 entries |
Timestamp: | 05/04/24-23:29:11.063415 |
SID: | 2043334 |
Source Port: | 443 |
Destination Port: | 49728 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 05/04/24-23:28:41.432095 |
SID: | 2043334 |
Source Port: | 443 |
Destination Port: | 49705 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 05/04/24-23:28:56.121059 |
SID: | 2043334 |
Source Port: | 443 |
Destination Port: | 49720 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 05/04/24-23:28:47.985515 |
SID: | 2043334 |
Source Port: | 443 |
Destination Port: | 49710 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 05/04/24-23:29:03.531188 |
SID: | 2043334 |
Source Port: | 443 |
Destination Port: | 49724 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 05/04/24-23:30:17.588719 |
SID: | 2043334 |
Source Port: | 443 |
Destination Port: | 49732 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | Code function: | 3_2_0040C69D | |
Source: | Code function: | 3_2_0040F94B | |
Source: | Code function: | 3_2_0040F9A4 | |
Source: | Code function: | 3_2_0040FBE5 | |
Source: | Code function: | 3_2_0040F793 |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00F9866B | |
Source: | Code function: | 3_2_00411926 | |
Source: | Code function: | 3_2_0040DA1C | |
Source: | Code function: | 3_2_00409358 | |
Source: | Code function: | 3_2_00413328 | |
Source: | Code function: | 3_2_0040C41A | |
Source: | Code function: | 3_2_00418497 | |
Source: | Code function: | 3_2_00409D28 | |
Source: | Code function: | 3_2_004125A3 | |
Source: | Code function: | 3_2_004115A5 | |
Source: | Code function: | 3_2_0041365A | |
Source: | Code function: | 3_2_0040D74C |
Source: | Code function: | 3_2_0040A2D2 |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: | ||
Source: | URLs: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Code function: | 3_2_0040AAE1 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 3_2_004187D3 |
System Summary |
---|
Source: | Matched rule: |
Source: | Code function: | 0_2_00FFA212 | |
Source: | Code function: | 0_2_00FF835C | |
Source: | Code function: | 0_2_00FE2675 | |
Source: | Code function: | 0_2_00FCC670 | |
Source: | Code function: | 0_2_00FF2610 | |
Source: | Code function: | 0_2_00FF88AD | |
Source: | Code function: | 0_2_00FE4834 | |
Source: | Code function: | 0_2_00FCEAE0 | |
Source: | Code function: | 0_2_00FF2AA5 | |
Source: | Code function: | 0_2_00FCCBD3 | |
Source: | Code function: | 0_2_00FF8DFE | |
Source: | Code function: | 0_2_00FF2E43 | |
Source: | Code function: | 0_2_00FF3215 | |
Source: | Code function: | 0_2_00FE53ED | |
Source: | Code function: | 0_2_00FE73DE | |
Source: | Code function: | 0_2_00FF94DA | |
Source: | Code function: | 0_2_00FF35FD | |
Source: | Code function: | 0_2_00FCD56E | |
Source: | Code function: | 0_2_00F9F81B | |
Source: | Code function: | 3_2_00406055 | |
Source: | Code function: | 3_2_00405855 | |
Source: | Code function: | 3_2_00420860 | |
Source: | Code function: | 3_2_0041E86F | |
Source: | Code function: | 3_2_0043295C | |
Source: | Code function: | 3_2_004069F0 | |
Source: | Code function: | 3_2_0042CA7F | |
Source: | Code function: | 3_2_0042C2C5 | |
Source: | Code function: | 3_2_0041BAF7 | |
Source: | Code function: | 3_2_00432280 | |
Source: | Code function: | 3_2_0042BA92 | |
Source: | Code function: | 3_2_0041DCB6 | |
Source: | Code function: | 3_2_00431D2F | |
Source: | Code function: | 3_2_0042C697 | |
Source: | Code function: | 3_2_00433694 | |
Source: | Code function: | 3_2_00407F62 | |
Source: | Code function: | 3_2_0042BF27 | |
Source: | Code function: | 3_2_004317DE |
Source: | Static PE information: |
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 3_2_004177B6 |
Source: | Code function: | 3_2_00409898 |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 3_2_0041AB27 |
Source: | Code function: | 0_2_00FEE4A6 | |
Source: | Code function: | 0_2_00FE90AE | |
Source: | Code function: | 0_2_00F9FF44 | |
Source: | Code function: | 3_2_00427928 | |
Source: | Code function: | 3_2_00422530 |
Source: | Code function: | 3_2_0041AB27 |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: | 0_2_00F9866B | |
Source: | Code function: | 3_2_00411926 | |
Source: | Code function: | 3_2_0040DA1C | |
Source: | Code function: | 3_2_00409358 | |
Source: | Code function: | 3_2_00413328 | |
Source: | Code function: | 3_2_0040C41A | |
Source: | Code function: | 3_2_00418497 | |
Source: | Code function: | 3_2_00409D28 | |
Source: | Code function: | 3_2_004125A3 | |
Source: | Code function: | 3_2_004115A5 | |
Source: | Code function: | 3_2_0041365A | |
Source: | Code function: | 3_2_0040D74C |
Source: | Code function: | 3_2_0040A2D2 |
Source: | Code function: | 3_2_00416D8E |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_3-22180 |
Source: | Code function: | 0_2_00F922C3 |
Source: | Code function: | 3_2_0041AB27 |
Source: | Code function: | 0_2_00F9714A | |
Source: | Code function: | 0_2_00F99BF4 | |
Source: | Code function: | 0_2_00FC714C |
Source: | Code function: | 0_2_00F9ACF0 |
Source: | Code function: | 0_2_00F922C3 | |
Source: | Code function: | 0_2_00F96353 | |
Source: | Code function: | 0_2_00F92425 | |
Source: | Code function: | 0_2_00F92723 | |
Source: | Code function: | 3_2_0041FBE1 | |
Source: | Code function: | 3_2_0042658D | |
Source: | Code function: | 3_2_0042963A |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 0_2_00FC7181 |
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00F92535 |
Source: | Code function: | 0_2_00FF6034 | |
Source: | Code function: | 0_2_00FEA417 | |
Source: | Code function: | 0_2_00FF081E | |
Source: | Code function: | 0_2_00FF0B7B | |
Source: | Code function: | 0_2_00FF17D7 | |
Source: | Code function: | 0_2_00FF1AC5 | |
Source: | Code function: | 3_2_0042B865 | |
Source: | Code function: | 3_2_00423899 | |
Source: | Code function: | 3_2_0042B8A1 | |
Source: | Code function: | 3_2_0042B376 | |
Source: | Code function: | 3_2_00424B38 | |
Source: | Code function: | 3_2_0042F3DC | |
Source: | Code function: | 3_2_0042AC59 | |
Source: | Code function: | 3_2_0042B46B | |
Source: | Code function: | 3_2_00429CA0 | |
Source: | Code function: | 3_2_0042F4B6 | |
Source: | Code function: | 3_2_0042B56D | |
Source: | Code function: | 3_2_0042B512 | |
Source: | Code function: | 3_2_004176BA | |
Source: | Code function: | 3_2_0042AF47 | |
Source: | Code function: | 3_2_0042B73E | |
Source: | Code function: | 3_2_0042B7FE | |
Source: | Code function: | 3_2_00429FFD |
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_00F921AA |
Source: | Code function: | 3_2_004172C7 |
Source: | Code function: | 3_2_0041760E |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 411 Process Injection | 11 Virtualization/Sandbox Evasion | OS Credential Dumping | 2 System Time Discovery | Remote Services | 1 Screen Capture | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 411 Process Injection | LSASS Memory | 21 Security Software Discovery | Remote Desktop Protocol | 1 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Deobfuscate/Decode Files or Information | Security Account Manager | 11 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | 1 Data from Local System | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 2 Obfuscated Files or Information | NTDS | 1 Process Discovery | Distributed Component Object Model | Input Capture | 113 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 1 Account Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 1 System Owner/User Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 2 File and Directory Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | 34 System Information Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
68% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1352999 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
7% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
100% | Avira URL Cloud | malware | ||
8% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
10% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
10% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
7% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
8% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
steamcommunity.com | 23.66.133.162 | true | false | high | |
t.me | 149.154.167.99 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| low | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
116.202.7.135 | unknown | Germany | 24940 | HETZNER-ASDE | false | |
65.108.93.119 | unknown | United States | 11022 | ALABANZA-BALTUS | false | |
23.66.133.162 | steamcommunity.com | United States | 16625 | AKAMAI-ASUS | false | |
149.154.167.99 | t.me | United Kingdom | 62041 | TELEGRAMRU | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1436377 |
Start date and time: | 2024-05-04 23:27:44 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 5s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | BS4GDarWw6.exe (renamed file extension from none to exe, renamed because original name is a hash value) |
Original Sample Name: | 4cbdfd3f6f9ae5df959c14ead71d34a51652fdb07f01d2ed74f09143a31fd6ba |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@4/0@2/4 |
EGA Information: |
|
HCA Information: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
23:28:45 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.66.133.162 | Get hash | malicious | Clipboard Hijacker, Djvu, Vidar | Browse | ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse | |||
Get hash | malicious | PureLog Stealer, Vidar | Browse | |||
Get hash | malicious | Vidar | Browse | |||
Get hash | malicious | Vidar | Browse | |||
Get hash | malicious | Mystic Stealer | Browse | |||
149.154.167.99 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Cinoshi Stealer | Browse |
| ||
Get hash | malicious | Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT | Browse |
| ||
Get hash | malicious | Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT | Browse |
| ||
Get hash | malicious | Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Cinoshi Stealer | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
t.me | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
steamcommunity.com | Get hash | malicious | Vidar | Browse |
| |
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | LummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, Socks5Systemz, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | LummaC, PureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRAT | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
HETZNER-ASDE | Get hash | malicious | AsyncRAT | Browse |
| |
Get hash | malicious | BumbleBee | Browse |
| ||
Get hash | malicious | BumbleBee | Browse |
| ||
Get hash | malicious | MinerDownloader, RedLine, Xmrig | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
TELEGRAMRU | Get hash | malicious | AgentTesla, PureLog Stealer, RedLine | Browse |
| |
Get hash | malicious | AgentTesla, PureLog Stealer, RedLine | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer, RedLine | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
ALABANZA-BALTUS | Get hash | malicious | RedLine | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | PrivateLoader, PureLog Stealer | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Phonk Miner, PureLog Stealer, Vidar | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | AgentTesla, GuLoader | Browse |
| |
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Latrodectus | Browse |
| ||
Get hash | malicious | Latrodectus | Browse |
| ||
Get hash | malicious | Latrodectus | Browse |
|
File type: | |
Entropy (8bit): | 6.430878723732501 |
TrID: |
|
File name: | BS4GDarWw6.exe |
File size: | 953'344 bytes |
MD5: | 0d964dd9563668c723010679fc5c3705 |
SHA1: | 45e18e0f5aa3c914f30a9c8253d6e899c2d60a57 |
SHA256: | 4cbdfd3f6f9ae5df959c14ead71d34a51652fdb07f01d2ed74f09143a31fd6ba |
SHA512: | 1e5fb97ed4a866c711f7ef7b646467af91ef54b45c56633333d1885b7583a8fa5e1a3dcfa7c91aa25eea7a4e2591edcba8500828bab83efcb48e400a805a11c1 |
SSDEEP: | 24576:j2lFYoq77FED1/LTeXGVFkz/kaofNgJwNJPoUZ:cFf+6DNiQa2iuNJPoUZ |
TLSH: | 46154B17F613D0B7D2A38AB0F039836D755AB5601C22881B7F4CA6B42FF15821D6AF67 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........%.K.Db..Db..Db.h6a..Db.h6g.7Db.h6f..Db.h6c..Db..Dc..Db..8g..Db..8f..Db..8a..Db..Db..Db..8`..Db.Rich.Db.................PE..L.. |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x461efd |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x63B3D47A [Tue Jan 3 07:08:42 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | a09a5a8ac1067bfbf1d46e4875c9a9ef |
Instruction |
---|
call 00007FF1CCBD981Ah |
jmp 00007FF1CCBD9399h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 0048767Ch |
mov dword ptr [ecx], 004717E8h |
ret |
push ebp |
mov ebp, esp |
sub esp, 0Ch |
lea ecx, dword ptr [ebp-0Ch] |
call 00007FF1CCBD94FFh |
push 004957CCh |
lea eax, dword ptr [ebp-0Ch] |
push eax |
call 00007FF1CCBDA7BAh |
int3 |
push ebp |
mov ebp, esp |
sub esp, 0Ch |
lea ecx, dword ptr [ebp-0Ch] |
call 00007FF1CCB7ACBBh |
push 0048CF9Ch |
lea eax, dword ptr [ebp-0Ch] |
push eax |
call 00007FF1CCBDA79Dh |
int3 |
push ebp |
mov ebp, esp |
mov eax, dword ptr [ebp+08h] |
push esi |
mov ecx, dword ptr [eax+3Ch] |
add ecx, eax |
movzx eax, word ptr [ecx+14h] |
lea edx, dword ptr [ecx+18h] |
add edx, eax |
movzx eax, word ptr [ecx+06h] |
imul esi, eax, 28h |
add esi, edx |
cmp edx, esi |
je 00007FF1CCBD953Bh |
mov ecx, dword ptr [ebp+0Ch] |
cmp ecx, dword ptr [edx+0Ch] |
jc 00007FF1CCBD952Ch |
mov eax, dword ptr [edx+08h] |
add eax, dword ptr [edx+0Ch] |
cmp ecx, eax |
jc 00007FF1CCBD952Eh |
add edx, 28h |
cmp edx, esi |
jne 00007FF1CCBD950Ch |
xor eax, eax |
pop esi |
pop ebp |
ret |
mov eax, edx |
jmp 00007FF1CCBD951Bh |
push esi |
call 00007FF1CCBD9C8Bh |
test eax, eax |
je 00007FF1CCBD9542h |
mov eax, dword ptr fs:[00000018h] |
mov esi, 004E22F0h |
mov edx, dword ptr [eax+04h] |
jmp 00007FF1CCBD9526h |
cmp edx, eax |
je 00007FF1CCBD9532h |
xor eax, eax |
mov ecx, edx |
lock cmpxchg dword ptr [esi], ecx |
test eax, eax |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x95da4 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xe3000 | 0x4a78 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x8c280 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x8c1c0 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x71000 | 0x114 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x6f273 | 0x6f400 | 90e0f9a57dbd689f533d9149cd841bcf | False | 0.3701808286516854 | data | 5.972837472393918 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x71000 | 0x253da | 0x25400 | 625cc4125dd814f4fcfd455ca86259de | False | 0.5284841652684564 | data | 5.311402327089755 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x97000 | 0x4bd20 | 0x4b400 | 1f36faa4bda7c4e30ec97fb65b4584f0 | False | 0.5393674730066446 | data | 6.584234283976545 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.reloc | 0xe3000 | 0x4a78 | 0x4c00 | ca255be11c956223a0aad5055903bdc5 | False | 0.6572265625 | data | 6.600177013449544 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
DLL | Import |
---|---|
KERNEL32.dll | GetModuleHandleA, GetProcAddress, FreeConsole, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetModuleHandleW, GetCurrentProcess, TerminateProcess, WriteConsoleW, RaiseException, RtlUnwind, GetLastError, SetLastError, EncodePointer, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, GetCommandLineA, GetCommandLineW, HeapAlloc, HeapFree, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, GetFileType, GetStringTypeW, CompareStringW, LCMapStringW, GetProcessHeap, HeapSize, HeapReAlloc, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, SetFilePointerEx, CreateFileW, CloseHandle, DecodePointer |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
05/04/24-23:29:11.063415 | TCP | 2043334 | ET TROJAN Possible Vidar Stealer C2 Config In Steam Profile | 443 | 49728 | 23.66.133.162 | 192.168.2.5 |
05/04/24-23:28:41.432095 | TCP | 2043334 | ET TROJAN Possible Vidar Stealer C2 Config In Steam Profile | 443 | 49705 | 23.66.133.162 | 192.168.2.5 |
05/04/24-23:28:56.121059 | TCP | 2043334 | ET TROJAN Possible Vidar Stealer C2 Config In Steam Profile | 443 | 49720 | 23.66.133.162 | 192.168.2.5 |
05/04/24-23:28:47.985515 | TCP | 2043334 | ET TROJAN Possible Vidar Stealer C2 Config In Steam Profile | 443 | 49710 | 23.66.133.162 | 192.168.2.5 |
05/04/24-23:29:03.531188 | TCP | 2043334 | ET TROJAN Possible Vidar Stealer C2 Config In Steam Profile | 443 | 49724 | 23.66.133.162 | 192.168.2.5 |
05/04/24-23:30:17.588719 | TCP | 2043334 | ET TROJAN Possible Vidar Stealer C2 Config In Steam Profile | 443 | 49732 | 23.66.133.162 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 4, 2024 23:28:39.150094032 CEST | 49704 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:39.150125980 CEST | 443 | 49704 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:39.150294065 CEST | 49704 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:39.154455900 CEST | 49704 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:39.154467106 CEST | 443 | 49704 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:39.759347916 CEST | 443 | 49704 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:39.759468079 CEST | 49704 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:39.822669983 CEST | 49704 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:39.822688103 CEST | 443 | 49704 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:39.822935104 CEST | 443 | 49704 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:39.822985888 CEST | 49704 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:39.825586081 CEST | 49704 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:39.868119955 CEST | 443 | 49704 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:40.356369972 CEST | 443 | 49704 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:40.356394053 CEST | 443 | 49704 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:40.356431961 CEST | 443 | 49704 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:40.356443882 CEST | 49704 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:40.356448889 CEST | 443 | 49704 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:40.356503010 CEST | 49704 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:40.356550932 CEST | 49704 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:40.359024048 CEST | 49704 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:40.359034061 CEST | 443 | 49704 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:40.515105963 CEST | 49705 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:40.515137911 CEST | 443 | 49705 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:40.515209913 CEST | 49705 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:40.515567064 CEST | 49705 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:40.515580893 CEST | 443 | 49705 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:40.824341059 CEST | 443 | 49705 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:40.824495077 CEST | 49705 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:40.834250927 CEST | 49705 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:40.834265947 CEST | 443 | 49705 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:40.834461927 CEST | 443 | 49705 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:40.834522009 CEST | 49705 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:40.834955931 CEST | 49705 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:40.876122952 CEST | 443 | 49705 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:41.432107925 CEST | 443 | 49705 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:41.432130098 CEST | 443 | 49705 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:41.432142973 CEST | 443 | 49705 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:41.432224989 CEST | 49705 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:41.432245016 CEST | 443 | 49705 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:41.432284117 CEST | 49705 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:41.432318926 CEST | 49705 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:41.580324888 CEST | 443 | 49705 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:41.580379009 CEST | 443 | 49705 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:41.580411911 CEST | 49705 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:41.580426931 CEST | 443 | 49705 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:41.580450058 CEST | 49705 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:41.580470085 CEST | 49705 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:41.606672049 CEST | 443 | 49705 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:41.606725931 CEST | 443 | 49705 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:41.606758118 CEST | 49705 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:41.606797934 CEST | 49705 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:41.606930971 CEST | 49705 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:41.606942892 CEST | 443 | 49705 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:41.611711979 CEST | 49706 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:28:41.913589954 CEST | 80 | 49706 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:28:42.416084051 CEST | 49706 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:28:42.718086958 CEST | 80 | 49706 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:28:43.227108955 CEST | 49706 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:28:43.529001951 CEST | 80 | 49706 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:28:44.039699078 CEST | 49706 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:28:44.342246056 CEST | 80 | 49706 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:28:44.852050066 CEST | 49706 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:28:45.154056072 CEST | 80 | 49706 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:28:45.157381058 CEST | 49707 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:45.478352070 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:45.478470087 CEST | 49707 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:45.478671074 CEST | 49707 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:45.798985004 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:45.823420048 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:45.823465109 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:45.823482990 CEST | 49707 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:45.823518991 CEST | 49707 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:45.823529005 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:45.823543072 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:45.823555946 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:45.823566914 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:45.823570013 CEST | 49707 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:45.823582888 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:45.823584080 CEST | 49707 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:45.823606968 CEST | 49707 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:45.823643923 CEST | 49707 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:45.827194929 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:45.827207088 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:45.827227116 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:45.827245951 CEST | 49707 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:45.827272892 CEST | 49707 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:45.931005001 CEST | 49708 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:45.931041002 CEST | 443 | 49708 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:45.931133986 CEST | 49708 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:45.931435108 CEST | 49708 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:45.931453943 CEST | 443 | 49708 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:46.144440889 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:46.144455910 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:46.144465923 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:46.144478083 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:46.144512892 CEST | 49707 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:46.144542933 CEST | 49707 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:46.144623995 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:46.144637108 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:46.144648075 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:46.144659996 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:46.144690990 CEST | 49707 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:46.144700050 CEST | 49707 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:46.144758940 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:46.144769907 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:46.144799948 CEST | 49707 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:46.144824028 CEST | 49707 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:46.144889116 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:46.144901037 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:46.144933939 CEST | 49707 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:46.145045042 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:46.145056963 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:46.145095110 CEST | 49707 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:46.147877932 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:46.147891045 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:46.147932053 CEST | 49707 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:46.148042917 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:46.148053885 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:46.148062944 CEST | 80 | 49707 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:46.148089886 CEST | 49707 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:46.148106098 CEST | 49707 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:46.538861990 CEST | 443 | 49708 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:46.538923025 CEST | 49708 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:46.542124033 CEST | 49708 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:46.542130947 CEST | 443 | 49708 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:46.542548895 CEST | 49708 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:46.542553902 CEST | 443 | 49708 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:47.148036003 CEST | 443 | 49708 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:47.148057938 CEST | 443 | 49708 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:47.148077965 CEST | 443 | 49708 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:47.148124933 CEST | 443 | 49708 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:47.148154974 CEST | 49708 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:47.148227930 CEST | 49708 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:47.148540974 CEST | 49708 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:47.148556948 CEST | 443 | 49708 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:47.149672031 CEST | 49710 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:47.149699926 CEST | 443 | 49710 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:47.149775982 CEST | 49710 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:47.150007963 CEST | 49710 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:47.150016069 CEST | 443 | 49710 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:47.454246044 CEST | 443 | 49710 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:47.454385042 CEST | 49710 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:47.454869032 CEST | 49710 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:47.454874992 CEST | 443 | 49710 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:47.455111027 CEST | 49710 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:47.455115080 CEST | 443 | 49710 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:47.985547066 CEST | 443 | 49710 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:47.985568047 CEST | 443 | 49710 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:47.985582113 CEST | 443 | 49710 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:47.985614061 CEST | 49710 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:47.985629082 CEST | 443 | 49710 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:47.985663891 CEST | 49710 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:47.985702991 CEST | 49710 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:48.132348061 CEST | 443 | 49710 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:48.132390022 CEST | 443 | 49710 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:48.132422924 CEST | 49710 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:48.132432938 CEST | 443 | 49710 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:48.132466078 CEST | 49710 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:48.132489920 CEST | 49710 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:48.158782959 CEST | 443 | 49710 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:48.158823013 CEST | 443 | 49710 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:48.158832073 CEST | 443 | 49710 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:48.158847094 CEST | 49710 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:48.158899069 CEST | 49710 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:48.159080982 CEST | 49710 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:48.159091949 CEST | 443 | 49710 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:48.160125971 CEST | 49714 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:28:48.464035988 CEST | 80 | 49714 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:28:48.980122089 CEST | 49714 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:28:49.284282923 CEST | 80 | 49714 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:28:49.789576054 CEST | 49714 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:28:50.091569901 CEST | 80 | 49714 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:28:50.602062941 CEST | 49714 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:28:50.903773069 CEST | 80 | 49714 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:28:51.414570093 CEST | 49714 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:28:51.716371059 CEST | 80 | 49714 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:28:51.725138903 CEST | 49718 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:52.048841000 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.050321102 CEST | 49718 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:52.053231001 CEST | 49718 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:52.377631903 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.401746988 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.401770115 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.401848078 CEST | 49718 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:52.401891947 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.401909113 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.401926041 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.401937008 CEST | 49718 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:52.401942015 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.401959896 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.401978016 CEST | 49718 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:52.402017117 CEST | 49718 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:52.407480001 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.407619953 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.407643080 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.407736063 CEST | 49718 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:52.509702921 CEST | 49719 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:52.509741068 CEST | 443 | 49719 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:52.509802103 CEST | 49719 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:52.510067940 CEST | 49719 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:52.510078907 CEST | 443 | 49719 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:52.725719929 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.725739956 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.725756884 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.725806952 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.725840092 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.725845098 CEST | 49718 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:52.725857019 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.725872993 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.725881100 CEST | 49718 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:52.725888014 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.725903034 CEST | 49718 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:52.725904942 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.725922108 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.725938082 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.725950956 CEST | 49718 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:52.725954056 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.725965977 CEST | 49718 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:52.725970030 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.725986004 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.726017952 CEST | 49718 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:52.726054907 CEST | 49718 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:52.731120110 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.731141090 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.731158972 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.731177092 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.731215954 CEST | 49718 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:52.731236935 CEST | 80 | 49718 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:28:52.731278896 CEST | 49718 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:52.731278896 CEST | 49718 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:28:53.134331942 CEST | 443 | 49719 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:53.134407043 CEST | 49719 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:53.135243893 CEST | 49719 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:53.135250092 CEST | 443 | 49719 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:53.135476112 CEST | 49719 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:53.135478973 CEST | 443 | 49719 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:53.767123938 CEST | 443 | 49719 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:53.767148018 CEST | 443 | 49719 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:53.767183065 CEST | 443 | 49719 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:53.767210007 CEST | 443 | 49719 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:53.767271996 CEST | 49719 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:53.767329931 CEST | 49719 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:55.118573904 CEST | 49719 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:28:55.118606091 CEST | 443 | 49719 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:28:55.123990059 CEST | 49720 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:55.124030113 CEST | 443 | 49720 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:55.124094963 CEST | 49720 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:55.228760004 CEST | 49720 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:55.228781939 CEST | 443 | 49720 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:55.531719923 CEST | 443 | 49720 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:55.531817913 CEST | 49720 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:55.554574966 CEST | 49720 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:55.554600954 CEST | 443 | 49720 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:55.554807901 CEST | 49720 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:55.554815054 CEST | 443 | 49720 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:56.121072054 CEST | 443 | 49720 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:56.121093035 CEST | 443 | 49720 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:56.121108055 CEST | 443 | 49720 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:56.121187925 CEST | 49720 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:56.121203899 CEST | 443 | 49720 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:56.121217012 CEST | 49720 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:56.121280909 CEST | 49720 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:56.267941952 CEST | 443 | 49720 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:56.267982960 CEST | 443 | 49720 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:56.268066883 CEST | 49720 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:56.268086910 CEST | 443 | 49720 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:56.268131971 CEST | 49720 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:56.294359922 CEST | 443 | 49720 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:56.294401884 CEST | 443 | 49720 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:56.294410944 CEST | 443 | 49720 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:56.294485092 CEST | 49720 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:56.294576883 CEST | 49720 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:56.294789076 CEST | 49720 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:28:56.294804096 CEST | 443 | 49720 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:28:56.296024084 CEST | 49721 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:28:56.595001936 CEST | 80 | 49721 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:28:57.102092028 CEST | 49721 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:28:57.400960922 CEST | 80 | 49721 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:28:57.914602041 CEST | 49721 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:28:58.214267015 CEST | 80 | 49721 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:28:58.727116108 CEST | 49721 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:28:59.026878119 CEST | 80 | 49721 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:28:59.539627075 CEST | 49721 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:28:59.838615894 CEST | 80 | 49721 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:28:59.840384007 CEST | 49722 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:00.157816887 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.157898903 CEST | 49722 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:00.158113956 CEST | 49722 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:00.475723028 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.495250940 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.495270967 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.495316982 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.495318890 CEST | 49722 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:00.495335102 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.495352983 CEST | 49722 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:00.495352983 CEST | 49722 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:00.495353937 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.495373011 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.495381117 CEST | 49722 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:00.495392084 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.495398998 CEST | 49722 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:00.495419025 CEST | 49722 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:00.495436907 CEST | 49722 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:00.497855902 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.497874022 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.497896910 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.497906923 CEST | 49722 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:00.497924089 CEST | 49722 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:00.497946024 CEST | 49722 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:00.696753025 CEST | 49723 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:29:00.696785927 CEST | 443 | 49723 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:29:00.696849108 CEST | 49723 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:29:00.697158098 CEST | 49723 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:29:00.697173119 CEST | 443 | 49723 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:29:00.812949896 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.812969923 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.812985897 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.813004017 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.813018084 CEST | 49722 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:00.813029051 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.813047886 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.813047886 CEST | 49722 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:00.813067913 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.813083887 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.813090086 CEST | 49722 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:00.813102007 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.813114882 CEST | 49722 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:00.813118935 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.813136101 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.813149929 CEST | 49722 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:00.813153982 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.813177109 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.813179016 CEST | 49722 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:00.813194990 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.813200951 CEST | 49722 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:00.813231945 CEST | 49722 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:00.813241959 CEST | 49722 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:00.815129995 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.815149069 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.815179110 CEST | 49722 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:00.815180063 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.815197945 CEST | 49722 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:00.815198898 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.815217972 CEST | 80 | 49722 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:00.815227985 CEST | 49722 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:00.815247059 CEST | 49722 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:00.815277100 CEST | 49722 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:01.304367065 CEST | 443 | 49723 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:29:01.304441929 CEST | 49723 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:29:02.395034075 CEST | 49723 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:29:02.395064116 CEST | 443 | 49723 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:29:02.395248890 CEST | 49723 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:29:02.395253897 CEST | 443 | 49723 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:29:02.703361034 CEST | 443 | 49723 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:29:02.703385115 CEST | 443 | 49723 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:29:02.703417063 CEST | 443 | 49723 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:29:02.703440905 CEST | 443 | 49723 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:29:02.703442097 CEST | 49723 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:29:02.703485966 CEST | 49723 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:29:02.703525066 CEST | 49723 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:29:02.703772068 CEST | 49723 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:29:02.703783989 CEST | 443 | 49723 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:29:02.704725981 CEST | 49724 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:29:02.704742908 CEST | 443 | 49724 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:02.704814911 CEST | 49724 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:29:02.705043077 CEST | 49724 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:29:02.705056906 CEST | 443 | 49724 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:03.009299994 CEST | 443 | 49724 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:03.009382963 CEST | 49724 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:29:03.010071039 CEST | 49724 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:29:03.010077000 CEST | 443 | 49724 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:03.010284901 CEST | 49724 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:29:03.010288954 CEST | 443 | 49724 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:03.531250954 CEST | 443 | 49724 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:03.531270981 CEST | 443 | 49724 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:03.531285048 CEST | 443 | 49724 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:03.531553030 CEST | 49724 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:29:03.531574011 CEST | 443 | 49724 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:03.531712055 CEST | 49724 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:29:03.679445028 CEST | 443 | 49724 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:03.679498911 CEST | 443 | 49724 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:03.679631948 CEST | 49724 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:29:03.679651022 CEST | 443 | 49724 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:03.679759979 CEST | 49724 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:29:03.705770016 CEST | 443 | 49724 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:03.705816031 CEST | 443 | 49724 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:03.705907106 CEST | 49724 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:29:03.705914021 CEST | 443 | 49724 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:03.705939054 CEST | 443 | 49724 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:03.706017971 CEST | 49724 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:29:03.706685066 CEST | 49724 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:29:03.706698895 CEST | 443 | 49724 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:03.709018946 CEST | 49725 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:29:04.017004013 CEST | 80 | 49725 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:29:04.524092913 CEST | 49725 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:29:04.832137108 CEST | 80 | 49725 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:29:05.336621046 CEST | 49725 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:29:05.644573927 CEST | 80 | 49725 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:29:06.148999929 CEST | 49725 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:29:06.457029104 CEST | 80 | 49725 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:29:06.961498022 CEST | 49725 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:29:07.269529104 CEST | 80 | 49725 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:29:07.997663975 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.318206072 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.318356991 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.318876028 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.639256001 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.659967899 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.659986019 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.660026073 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.660027981 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.660046101 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.660048962 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.660063982 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.660064936 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.660088062 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.660124063 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.660145998 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.660162926 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.660185099 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.660203934 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.663454056 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.663472891 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.663490057 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.663501978 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.663518906 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.663537025 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.779964924 CEST | 49727 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:29:08.779994011 CEST | 443 | 49727 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:29:08.780076027 CEST | 49727 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:29:08.783415079 CEST | 49727 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:29:08.783427954 CEST | 443 | 49727 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:29:08.980597973 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.980623960 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.980671883 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.980675936 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.980689049 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.980695009 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.980710030 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.980715036 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.980727911 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.980735064 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.980743885 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.980751991 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.980761051 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.980770111 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.980777979 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.980787039 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.980793953 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.980801105 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.980812073 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.980822086 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.980834007 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.980835915 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.980853081 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.980870008 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.981007099 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.981046915 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.981054068 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.981087923 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.983891964 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.983908892 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.983937025 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.983952999 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.983963013 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.983979940 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.984004021 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.984015942 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:08.984122992 CEST | 80 | 49726 | 65.108.93.119 | 192.168.2.5 |
May 4, 2024 23:29:08.984168053 CEST | 49726 | 80 | 192.168.2.5 | 65.108.93.119 |
May 4, 2024 23:29:09.416714907 CEST | 443 | 49727 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:29:09.416807890 CEST | 49727 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:29:09.417455912 CEST | 49727 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:29:09.417463064 CEST | 443 | 49727 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:29:09.417691946 CEST | 49727 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:29:09.417695999 CEST | 443 | 49727 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:29:10.052851915 CEST | 443 | 49727 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:29:10.052903891 CEST | 443 | 49727 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:29:10.052939892 CEST | 443 | 49727 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:29:10.053066969 CEST | 49727 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:29:10.053085089 CEST | 443 | 49727 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:29:10.053098917 CEST | 443 | 49727 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:29:10.053122997 CEST | 49727 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:29:10.053167105 CEST | 49727 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:29:10.053926945 CEST | 49727 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:29:10.053941965 CEST | 443 | 49727 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:29:10.055486917 CEST | 49728 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:29:10.055509090 CEST | 443 | 49728 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:10.055573940 CEST | 49728 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:29:10.055813074 CEST | 49728 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:29:10.055823088 CEST | 443 | 49728 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:10.365084887 CEST | 443 | 49728 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:10.365196943 CEST | 49728 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:29:10.366307020 CEST | 49728 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:29:10.366312027 CEST | 443 | 49728 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:10.366513968 CEST | 49728 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:29:10.366517067 CEST | 443 | 49728 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:11.063455105 CEST | 443 | 49728 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:11.063483953 CEST | 443 | 49728 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:11.063504934 CEST | 443 | 49728 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:11.063528061 CEST | 49728 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:29:11.063551903 CEST | 443 | 49728 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:11.063575983 CEST | 49728 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:29:11.063632965 CEST | 49728 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:29:11.209904909 CEST | 443 | 49728 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:11.209966898 CEST | 443 | 49728 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:11.210056067 CEST | 49728 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:29:11.210084915 CEST | 443 | 49728 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:11.210107088 CEST | 49728 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:29:11.210130930 CEST | 49728 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:29:11.236181974 CEST | 443 | 49728 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:11.236222982 CEST | 443 | 49728 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:11.236273050 CEST | 443 | 49728 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:11.236299992 CEST | 49728 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:29:11.236360073 CEST | 49728 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:29:11.301209927 CEST | 49728 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:29:11.301229954 CEST | 443 | 49728 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:29:11.660840034 CEST | 49729 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:29:11.962802887 CEST | 80 | 49729 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:29:12.477154970 CEST | 49729 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:29:12.779068947 CEST | 80 | 49729 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:29:13.289653063 CEST | 49729 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:29:13.591510057 CEST | 80 | 49729 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:29:14.102153063 CEST | 49729 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:29:14.404017925 CEST | 80 | 49729 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:29:14.914860964 CEST | 49729 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:29:15.216739893 CEST | 80 | 49729 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:30:15.338051081 CEST | 49731 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:30:15.338082075 CEST | 443 | 49731 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:30:15.338155985 CEST | 49731 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:30:15.338545084 CEST | 49731 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:30:15.338557959 CEST | 443 | 49731 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:30:15.956651926 CEST | 443 | 49731 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:30:15.956818104 CEST | 49731 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:30:15.957384109 CEST | 49731 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:30:15.957391977 CEST | 443 | 49731 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:30:15.957604885 CEST | 49731 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:30:15.957609892 CEST | 443 | 49731 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:30:16.574481010 CEST | 443 | 49731 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:30:16.574541092 CEST | 443 | 49731 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:30:16.574577093 CEST | 443 | 49731 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:30:16.574717999 CEST | 49731 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:30:16.574733973 CEST | 443 | 49731 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:30:16.574836016 CEST | 49731 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:30:16.575102091 CEST | 49731 | 443 | 192.168.2.5 | 149.154.167.99 |
May 4, 2024 23:30:16.575119972 CEST | 443 | 49731 | 149.154.167.99 | 192.168.2.5 |
May 4, 2024 23:30:16.576103926 CEST | 49732 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:30:16.576123953 CEST | 443 | 49732 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:30:16.576194048 CEST | 49732 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:30:16.576426983 CEST | 49732 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:30:16.576438904 CEST | 443 | 49732 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:30:16.886132002 CEST | 443 | 49732 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:30:16.886245012 CEST | 49732 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:30:16.892072916 CEST | 49732 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:30:16.892080069 CEST | 443 | 49732 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:30:16.892285109 CEST | 49732 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:30:16.892288923 CEST | 443 | 49732 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:30:17.588846922 CEST | 443 | 49732 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:30:17.588924885 CEST | 443 | 49732 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:30:17.588968992 CEST | 443 | 49732 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:30:17.588998079 CEST | 49732 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:30:17.589011908 CEST | 443 | 49732 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:30:17.589025974 CEST | 49732 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:30:17.589061975 CEST | 49732 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:30:17.742614985 CEST | 443 | 49732 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:30:17.742675066 CEST | 443 | 49732 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:30:17.742748022 CEST | 49732 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:30:17.742763042 CEST | 443 | 49732 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:30:17.742798090 CEST | 49732 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:30:17.742798090 CEST | 49732 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:30:17.769925117 CEST | 443 | 49732 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:30:17.769973993 CEST | 443 | 49732 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:30:17.770046949 CEST | 49732 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:30:17.770052910 CEST | 443 | 49732 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:30:17.770061016 CEST | 49732 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:30:17.770101070 CEST | 49732 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:30:17.770123959 CEST | 443 | 49732 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:30:17.770203114 CEST | 49732 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:30:17.770349026 CEST | 49732 | 443 | 192.168.2.5 | 23.66.133.162 |
May 4, 2024 23:30:17.770359993 CEST | 443 | 49732 | 23.66.133.162 | 192.168.2.5 |
May 4, 2024 23:30:17.771306038 CEST | 49733 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:30:18.073230982 CEST | 80 | 49733 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:30:18.590706110 CEST | 49733 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:30:18.892688036 CEST | 80 | 49733 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:30:19.399246931 CEST | 49733 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:30:19.701302052 CEST | 80 | 49733 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:30:20.211750031 CEST | 49733 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:30:20.513842106 CEST | 80 | 49733 | 116.202.7.135 | 192.168.2.5 |
May 4, 2024 23:30:21.024250031 CEST | 49733 | 80 | 192.168.2.5 | 116.202.7.135 |
May 4, 2024 23:30:21.328991890 CEST | 80 | 49733 | 116.202.7.135 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 4, 2024 23:28:38.991982937 CEST | 59260 | 53 | 192.168.2.5 | 1.1.1.1 |
May 4, 2024 23:28:39.142644882 CEST | 53 | 59260 | 1.1.1.1 | 192.168.2.5 |
May 4, 2024 23:28:40.361960888 CEST | 62012 | 53 | 192.168.2.5 | 1.1.1.1 |
May 4, 2024 23:28:40.513803005 CEST | 53 | 62012 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 4, 2024 23:28:38.991982937 CEST | 192.168.2.5 | 1.1.1.1 | 0x34a6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 23:28:40.361960888 CEST | 192.168.2.5 | 1.1.1.1 | 0xa3f4 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 4, 2024 23:28:39.142644882 CEST | 1.1.1.1 | 192.168.2.5 | 0x34a6 | No error (0) | 149.154.167.99 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 23:28:40.513803005 CEST | 1.1.1.1 | 192.168.2.5 | 0xa3f4 | No error (0) | 23.66.133.162 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49707 | 65.108.93.119 | 80 | 6192 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
May 4, 2024 23:28:45.478671074 CEST | 42 | OUT | |
May 4, 2024 23:28:45.823420048 CEST | 1289 | IN | |
May 4, 2024 23:28:45.823465109 CEST | 1289 | IN | |
May 4, 2024 23:28:45.823529005 CEST | 1289 | IN | |
May 4, 2024 23:28:45.823543072 CEST | 1289 | IN | |
May 4, 2024 23:28:45.823555946 CEST | 1289 | IN | |
May 4, 2024 23:28:45.823566914 CEST | 1289 | IN | |
May 4, 2024 23:28:45.823582888 CEST | 1068 | IN | |
May 4, 2024 23:28:45.827194929 CEST | 1289 | IN | |
May 4, 2024 23:28:45.827207088 CEST | 1289 | IN | |
May 4, 2024 23:28:45.827227116 CEST | 1289 | IN | |
May 4, 2024 23:28:46.144440889 CEST | 1289 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49718 | 65.108.93.119 | 80 | 6192 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
May 4, 2024 23:28:52.053231001 CEST | 42 | OUT | |
May 4, 2024 23:28:52.401746988 CEST | 1289 | IN | |
May 4, 2024 23:28:52.401770115 CEST | 1289 | IN | |
May 4, 2024 23:28:52.401891947 CEST | 1289 | IN | |
May 4, 2024 23:28:52.401909113 CEST | 1289 | IN | |
May 4, 2024 23:28:52.401926041 CEST | 1289 | IN | |
May 4, 2024 23:28:52.401942015 CEST | 1289 | IN | |
May 4, 2024 23:28:52.401959896 CEST | 1068 | IN | |
May 4, 2024 23:28:52.407480001 CEST | 1289 | IN | |
May 4, 2024 23:28:52.407619953 CEST | 1289 | IN | |
May 4, 2024 23:28:52.407643080 CEST | 1289 | IN | |
May 4, 2024 23:28:52.725719929 CEST | 1289 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49722 | 65.108.93.119 | 80 | 6192 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
May 4, 2024 23:29:00.158113956 CEST | 42 | OUT | |
May 4, 2024 23:29:00.495250940 CEST | 1289 | IN | |
May 4, 2024 23:29:00.495270967 CEST | 1289 | IN | |
May 4, 2024 23:29:00.495316982 CEST | 1289 | IN | |
May 4, 2024 23:29:00.495335102 CEST | 1289 | IN | |
May 4, 2024 23:29:00.495353937 CEST | 1289 | IN | |
May 4, 2024 23:29:00.495373011 CEST | 1289 | IN | |
May 4, 2024 23:29:00.495392084 CEST | 1068 | IN | |
May 4, 2024 23:29:00.497855902 CEST | 1289 | IN | |
May 4, 2024 23:29:00.497874022 CEST | 1289 | IN | |
May 4, 2024 23:29:00.497896910 CEST | 1289 | IN | |
May 4, 2024 23:29:00.812949896 CEST | 1289 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49726 | 65.108.93.119 | 80 | 6192 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
May 4, 2024 23:29:08.318876028 CEST | 42 | OUT | |
May 4, 2024 23:29:08.659967899 CEST | 1289 | IN | |
May 4, 2024 23:29:08.659986019 CEST | 1289 | IN | |
May 4, 2024 23:29:08.660026073 CEST | 1289 | IN | |
May 4, 2024 23:29:08.660046101 CEST | 1289 | IN | |
May 4, 2024 23:29:08.660064936 CEST | 1289 | IN | |
May 4, 2024 23:29:08.660145998 CEST | 1289 | IN | |
May 4, 2024 23:29:08.660162926 CEST | 1068 | IN | |
May 4, 2024 23:29:08.663454056 CEST | 1289 | IN | |
May 4, 2024 23:29:08.663472891 CEST | 1289 | IN | |
May 4, 2024 23:29:08.663490057 CEST | 1289 | IN | |
May 4, 2024 23:29:08.980597973 CEST | 1289 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49704 | 149.154.167.99 | 443 | 6192 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 21:28:39 UTC | 133 | OUT | |
2024-05-04 21:28:40 UTC | 510 | IN | |
2024-05-04 21:28:40 UTC | 9630 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49705 | 23.66.133.162 | 443 | 6192 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 21:28:40 UTC | 160 | OUT | |
2024-05-04 21:28:41 UTC | 1870 | IN | |
2024-05-04 21:28:41 UTC | 14514 | IN | |
2024-05-04 21:28:41 UTC | 10062 | IN | |
2024-05-04 21:28:41 UTC | 10190 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49708 | 149.154.167.99 | 443 | 6192 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 21:28:46 UTC | 191 | OUT | |
2024-05-04 21:28:47 UTC | 368 | IN | |
2024-05-04 21:28:47 UTC | 9630 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49710 | 23.66.133.162 | 443 | 6192 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 21:28:47 UTC | 256 | OUT | |
2024-05-04 21:28:47 UTC | 1686 | IN | |
2024-05-04 21:28:47 UTC | 14698 | IN | |
2024-05-04 21:28:48 UTC | 9878 | IN | |
2024-05-04 21:28:48 UTC | 10190 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49719 | 149.154.167.99 | 443 | 6192 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 21:28:53 UTC | 191 | OUT | |
2024-05-04 21:28:53 UTC | 368 | IN | |
2024-05-04 21:28:53 UTC | 9630 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.5 | 49720 | 23.66.133.162 | 443 | 6192 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 21:28:55 UTC | 256 | OUT | |
2024-05-04 21:28:56 UTC | 1686 | IN | |
2024-05-04 21:28:56 UTC | 14698 | IN | |
2024-05-04 21:28:56 UTC | 9878 | IN | |
2024-05-04 21:28:56 UTC | 10190 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.5 | 49723 | 149.154.167.99 | 443 | 6192 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 21:29:02 UTC | 191 | OUT | |
2024-05-04 21:29:02 UTC | 368 | IN | |
2024-05-04 21:29:02 UTC | 9630 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.5 | 49724 | 23.66.133.162 | 443 | 6192 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 21:29:03 UTC | 256 | OUT | |
2024-05-04 21:29:03 UTC | 1686 | IN | |
2024-05-04 21:29:03 UTC | 14698 | IN | |
2024-05-04 21:29:03 UTC | 9878 | IN | |
2024-05-04 21:29:03 UTC | 10190 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.5 | 49727 | 149.154.167.99 | 443 | 6192 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 21:29:09 UTC | 191 | OUT | |
2024-05-04 21:29:10 UTC | 368 | IN | |
2024-05-04 21:29:10 UTC | 9630 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.5 | 49728 | 23.66.133.162 | 443 | 6192 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 21:29:10 UTC | 256 | OUT | |
2024-05-04 21:29:11 UTC | 1686 | IN | |
2024-05-04 21:29:11 UTC | 14698 | IN | |
2024-05-04 21:29:11 UTC | 9878 | IN | |
2024-05-04 21:29:11 UTC | 10190 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.5 | 49731 | 149.154.167.99 | 443 | 6192 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 21:30:15 UTC | 191 | OUT | |
2024-05-04 21:30:16 UTC | 368 | IN | |
2024-05-04 21:30:16 UTC | 9630 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.5 | 49732 | 23.66.133.162 | 443 | 6192 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 21:30:16 UTC | 256 | OUT | |
2024-05-04 21:30:17 UTC | 1686 | IN | |
2024-05-04 21:30:17 UTC | 14698 | IN | |
2024-05-04 21:30:17 UTC | 9878 | IN | |
2024-05-04 21:30:17 UTC | 10190 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 23:28:27 |
Start date: | 04/05/2024 |
Path: | C:\Users\user\Desktop\BS4GDarWw6.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf30000 |
File size: | 953'344 bytes |
MD5 hash: | 0D964DD9563668C723010679FC5C3705 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 23:28:27 |
Start date: | 04/05/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d64d0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 23:28:28 |
Start date: | 04/05/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x90000 |
File size: | 103'528 bytes |
MD5 hash: | 89D41E1CF478A3D3C2C701A27A5692B2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | false |
Execution Graph
Execution Coverage: | 1% |
Dynamic/Decrypted Code Coverage: | 8% |
Signature Coverage: | 11.2% |
Total number of Nodes: | 251 |
Total number of Limit Nodes: | 9 |
Graph
Function 00FC7181 Relevance: 23.2, APIs: 12, Strings: 1, Instructions: 467threadmemoryinjectionCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F99BF4 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F9714A Relevance: .0, Instructions: 12COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F9A857 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F9C194 Relevance: 7.7, APIs: 5, Instructions: 202COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F99F80 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F9ABAB Relevance: 3.0, APIs: 2, Instructions: 34COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F31689 Relevance: 1.8, APIs: 1, Instructions: 276COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F922C3 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FCEAE0 Relevance: 1.9, APIs: 1, Instructions: 395COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F92535 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F9866B Relevance: 1.6, APIs: 1, Instructions: 140COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F92425 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE2675 Relevance: 1.4, Strings: 1, Instructions: 191COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F9ACF0 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FCC670 Relevance: .4, Instructions: 418COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF35FD Relevance: .4, Instructions: 355COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF3215 Relevance: .3, Instructions: 349COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FCCBD3 Relevance: .3, Instructions: 339COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF2E43 Relevance: .3, Instructions: 332COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF2AA5 Relevance: .3, Instructions: 326COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE73DE Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE4834 Relevance: .1, Instructions: 74COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FCD56E Relevance: .1, Instructions: 74COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FC714C Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD12D5 Relevance: 16.7, APIs: 11, Instructions: 163COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD2375 Relevance: 13.7, APIs: 9, Instructions: 229COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F95261 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FDA1D8 Relevance: 12.3, APIs: 8, Instructions: 341COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FDD24C Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FDD2EA Relevance: 9.0, APIs: 6, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE137E Relevance: 9.0, APIs: 6, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE141A Relevance: 9.0, APIs: 6, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD5ECA Relevance: 9.0, APIs: 6, Instructions: 41COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEBCC9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEB075 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F9716C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FDC7C6 Relevance: 7.6, APIs: 5, Instructions: 140COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEC546 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F96042 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD5680 Relevance: 6.4, APIs: 4, Instructions: 441COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F9C7E6 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD0E50 Relevance: 6.3, APIs: 4, Instructions: 326COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEC7BC Relevance: 6.1, APIs: 4, Instructions: 109COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F9840B Relevance: 6.1, APIs: 4, Instructions: 82COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F997CC Relevance: 6.1, APIs: 4, Instructions: 74COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FDD959 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F9E3C6 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FDCFEC Relevance: 6.0, APIs: 4, Instructions: 27COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F95606 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEADEE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE9247 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 9.9% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 103 |
Total number of Limit Nodes: | 9 |
Graph
Function 0040C69D Relevance: 58.2, APIs: 30, Strings: 3, Instructions: 448stringsleepmemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AAE1 Relevance: 39.1, APIs: 15, Strings: 7, Instructions: 639networkCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416D8E Relevance: 3.0, APIs: 2, Instructions: 24COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041AC8C Relevance: 227.1, APIs: 151, Instructions: 633libraryloaderCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401085 Relevance: 96.4, APIs: 54, Strings: 1, Instructions: 133sleepCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416AE6 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 184memoryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417361 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 56registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B515 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 105stringCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404E36 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMONLIBRARYCODE
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401000 Relevance: 4.5, APIs: 3, Instructions: 41memoryCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401058 Relevance: 4.5, APIs: 3, Instructions: 13memoryCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404BB7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42COMMONLIBRARYCODE
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040419D Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 135memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404A00 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040CD53 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409D28 Relevance: 73.9, APIs: 38, Strings: 4, Instructions: 357stringfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041365A Relevance: 70.3, APIs: 34, Strings: 6, Instructions: 341filestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A2D2 Relevance: 66.8, APIs: 21, Strings: 17, Instructions: 326stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413328 Relevance: 66.7, APIs: 33, Strings: 5, Instructions: 218stringfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D74C Relevance: 56.2, APIs: 27, Strings: 5, Instructions: 191stringfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004125A3 Relevance: 47.4, APIs: 21, Strings: 6, Instructions: 155stringfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DA1C Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 152stringfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004115A5 Relevance: 40.5, APIs: 18, Strings: 5, Instructions: 221fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409358 Relevance: 35.1, APIs: 18, Strings: 2, Instructions: 113filestringmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004187D3 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 129windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C41A Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 92stringfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411926 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 139fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004176BA Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 77memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407F62 Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 395timeCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F793 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 92stringencryptionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042B376 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004172C7 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EB02 Relevance: 184.2, APIs: 85, Strings: 20, Instructions: 441stringnetworkmemoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040BB14 Relevance: 149.2, APIs: 78, Strings: 7, Instructions: 489stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410027 Relevance: 73.8, APIs: 39, Strings: 3, Instructions: 281stringmemoryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410ED4 Relevance: 68.5, APIs: 34, Strings: 5, Instructions: 235stringmemoryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412E4D Relevance: 65.1, APIs: 33, Strings: 4, Instructions: 312stringregistryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409502 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 226stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410C46 Relevance: 61.4, APIs: 33, Strings: 2, Instructions: 179stringfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410462 Relevance: 50.9, APIs: 23, Strings: 6, Instructions: 185stringmemoryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040FD93 Relevance: 43.9, APIs: 23, Strings: 2, Instructions: 171stringfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00425C3E Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B7F7 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 229stringnetworkCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408BB2 Relevance: 35.1, APIs: 18, Strings: 2, Instructions: 148stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041497B Relevance: 35.1, APIs: 17, Strings: 3, Instructions: 107stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408FAD Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 245stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416F22 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 122registrystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A757 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 163stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411B2A Relevance: 30.2, APIs: 16, Strings: 1, Instructions: 410stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004179A1 Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 147memorycomtimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D246 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 347stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004113D8 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 131stringmemoryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041DE05 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 63stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410A77 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 131stringmemoryfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410714 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 129stringmemoryfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E953 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 123networkfilesleepCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004147E4 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 105libraryloaderstringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004185CB Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 74stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411243 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 118stringmemoryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004108D3 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 119stringmemoryfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417B2F Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 136comCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004085BF Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 246filetimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409BDF Relevance: 18.1, APIs: 12, Instructions: 114COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F1AD Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 90networkmemoryfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041DF3C Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 170fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C574 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 79registrystringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004127EC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 98memorystringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004171E8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 48registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416E72 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 48registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042514B Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417118 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 45memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004259C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E8DF Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 38stringnetworkCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040FAA1 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 111memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416DDB Relevance: 9.1, APIs: 6, Instructions: 65COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F34C Relevance: 9.0, APIs: 6, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040FC4C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 106memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004244F7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416A79 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39memorytimeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415C48 Relevance: 7.6, APIs: 5, Instructions: 140COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409806 Relevance: 7.5, APIs: 5, Instructions: 44stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E3A9 Relevance: 6.1, APIs: 4, Instructions: 98timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041802E Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418574 Relevance: 6.0, APIs: 4, Instructions: 34fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041646E Relevance: 6.0, APIs: 4, Instructions: 27COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404B1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404C56 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422829 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424270 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004226C9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |