Windows
Analysis Report
9vZbHuuOq6.exe
Overview
General Information
Sample name: | 9vZbHuuOq6.exerenamed because original name is a hash value |
Original sample name: | 67696e7aa22ad87ce8ccec3a1baf5fd8.exe |
Analysis ID: | 1436575 |
MD5: | 67696e7aa22ad87ce8ccec3a1baf5fd8 |
SHA1: | bd9667590d20f06a917fb4cd3dee90c7263e2f59 |
SHA256: | 737096609aeeedacb11b6bc2c68c020ae35bc485ea3fbe061e07d9acfdceda24 |
Tags: | 32exetrojan |
Infos: | |
Detection
Score: | 96 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- 9vZbHuuOq6.exe (PID: 6584 cmdline:
"C:\Users\ user\Deskt op\9vZbHuu Oq6.exe" MD5: 67696E7AA22AD87CE8CCEC3A1BAF5FD8)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RiseProStealer | Yara detected RisePro Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RiseProStealer | Yara detected RisePro Stealer | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Code function: | 0_2_0041F3EB |
Source: | Static PE information: |
Source: | Binary string: |
Source: | TCP traffic: |
Source: | IP Address: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_0041E220 |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_014DCAC2 |
Source: | Code function: | 0_2_00B121AA | |
Source: | Code function: | 0_2_0044C160 | |
Source: | Code function: | 0_2_00A1012C | |
Source: | Code function: | 0_2_00B5916C | |
Source: | Code function: | 0_2_004E925D | |
Source: | Code function: | 0_2_00487270 | |
Source: | Code function: | 0_2_00CB2298 | |
Source: | Code function: | 0_2_00A30202 | |
Source: | Code function: | 0_2_00BD126B | |
Source: | Code function: | 0_2_0047F360 | |
Source: | Code function: | 0_2_00A1B3F8 | |
Source: | Code function: | 0_2_004E03D0 | |
Source: | Code function: | 0_2_00C164E8 | |
Source: | Code function: | 0_2_00483470 | |
Source: | Code function: | 0_2_00402410 | |
Source: | Code function: | 0_2_00406430 | |
Source: | Code function: | 0_2_00B0C43A | |
Source: | Code function: | 0_2_014D85D6 | |
Source: | Code function: | 0_2_004944E0 | |
Source: | Code function: | 0_2_0048B4F0 | |
Source: | Code function: | 0_2_0040C490 | |
Source: | Code function: | 0_2_00416490 | |
Source: | Code function: | 0_2_0048C560 | |
Source: | Code function: | 0_2_004E959F | |
Source: | Code function: | 0_2_00AE657A | |
Source: | Code function: | 0_2_00402600 | |
Source: | Code function: | 0_2_00A176D0 | |
Source: | Code function: | 0_2_004176B0 | |
Source: | Code function: | 0_2_00438770 | |
Source: | Code function: | 0_2_00D287ED | |
Source: | Code function: | 0_2_0148069F | |
Source: | Code function: | 0_2_0043C800 | |
Source: | Code function: | 0_2_00471830 | |
Source: | Code function: | 0_2_00B27802 | |
Source: | Code function: | 0_2_004378A0 | |
Source: | Code function: | 0_2_00401900 | |
Source: | Code function: | 0_2_004FD9FE | |
Source: | Code function: | 0_2_004099A0 | |
Source: | Code function: | 0_2_0041F9B0 | |
Source: | Code function: | 0_2_00C70AD0 | |
Source: | Code function: | 0_2_00481A30 | |
Source: | Code function: | 0_2_004E3B58 | |
Source: | Code function: | 0_2_0043FB60 | |
Source: | Code function: | 0_2_00B4DB89 | |
Source: | Code function: | 0_2_00434B20 | |
Source: | Code function: | 0_2_00AB7B09 | |
Source: | Code function: | 0_2_0044EB90 | |
Source: | Code function: | 0_2_004E5B90 | |
Source: | Code function: | 0_2_00433C30 | |
Source: | Code function: | 0_2_004F6CC5 | |
Source: | Code function: | 0_2_014C8DB8 | |
Source: | Code function: | 0_2_0040CD50 | |
Source: | Code function: | 0_2_00A21DF6 | |
Source: | Code function: | 0_2_00409D90 | |
Source: | Code function: | 0_2_00414ED0 | |
Source: | Code function: | 0_2_00418EE0 | |
Source: | Code function: | 0_2_00CDAE7E | |
Source: | Code function: | 0_2_00483EF0 | |
Source: | Code function: | 0_2_0040BFC0 | |
Source: | Code function: | 0_2_00482FE0 | |
Source: | Code function: | 0_2_0048BFB0 | |
Source: | Code function: | 0_2_0152DEAD |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | String found in binary or memory: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Binary string: |
Data Obfuscation |
---|
Source: | Unpacked PE file: |
Source: | Code function: | 0_2_00418BB0 |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_0097D09E | |
Source: | Code function: | 0_2_009900CA | |
Source: | Code function: | 0_2_0098800D | |
Source: | Code function: | 0_2_009651B2 | |
Source: | Code function: | 0_2_0095D1C5 | |
Source: | Code function: | 0_2_0097F138 | |
Source: | Code function: | 0_2_004DD19C | |
Source: | Code function: | 0_2_00961D48 | |
Source: | Code function: | 0_2_0097015F | |
Source: | Code function: | 0_2_00977BE3 | |
Source: | Code function: | 0_2_0094D2F3 | |
Source: | Code function: | 0_2_0096C21B | |
Source: | Code function: | 0_2_009782AF | |
Source: | Code function: | 0_2_0094325B | |
Source: | Code function: | 0_2_00956CAA | |
Source: | Code function: | 0_2_0097438E | |
Source: | Code function: | 0_2_00986EFB | |
Source: | Code function: | 0_2_009613DE | |
Source: | Code function: | 0_2_0095D3F2 | |
Source: | Code function: | 0_2_0097E310 | |
Source: | Code function: | 0_2_0097C49A | |
Source: | Code function: | 0_2_0097C4A1 | |
Source: | Code function: | 0_2_00998A38 | |
Source: | Code function: | 0_2_009940F1 | |
Source: | Code function: | 0_2_0095C42B | |
Source: | Code function: | 0_2_00991E5D | |
Source: | Code function: | 0_2_009925F9 | |
Source: | Code function: | 0_2_00962548 | |
Source: | Code function: | 0_2_0095F55B | |
Source: | Code function: | 0_2_0095F604 | |
Source: | Code function: | 0_2_00963565 |
Boot Survival |
---|
Source: | Window searched: | Jump to behavior | ||
Source: | Window searched: | Jump to behavior | ||
Source: | Window searched: | Jump to behavior |
Source: | Code function: | 0_2_00481A30 |
Malware Analysis System Evasion |
---|
Source: | Sandbox detection routine: | graph_0-41809 |
Source: | Evasive API call chain: | graph_0-41810 |
Source: | Stalling execution: | graph_0-41754 |
Source: | System information queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Registry key queried: | Jump to behavior | ||
Source: | Registry key queried: | Jump to behavior | ||
Source: | Registry key queried: | Jump to behavior |
Source: | Code function: | 0_2_0045D9F0 |
Source: | Window / User API: | Jump to behavior |
Source: | Decision node followed by non-executed suspicious API: | graph_0-41761 |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: | 0_2_00464270 | |
Source: | Code function: | 0_2_004624B0 |
Source: | Binary or memory string: |
Source: | System information queried: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Anti Debugging |
---|
Source: | Thread information set: | Jump to behavior |
Source: | Open window title or class name: | ||
Source: | Open window title or class name: | ||
Source: | Open window title or class name: | ||
Source: | Open window title or class name: | ||
Source: | Open window title or class name: | ||
Source: | Open window title or class name: | ||
Source: | Open window title or class name: | ||
Source: | Open window title or class name: |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 0_2_00418BB0 |
Source: | Code function: | 0_2_0045D9F0 | |
Source: | Code function: | 0_2_0045D9F0 | |
Source: | Code function: | 0_2_0041AB90 | |
Source: | Code function: | 0_2_004160B0 | |
Source: | Code function: | 0_2_004146B0 | |
Source: | Code function: | 0_2_0041AB90 | |
Source: | Code function: | 0_2_0041AB90 | |
Source: | Code function: | 0_2_0041AB90 | |
Source: | Code function: | 0_2_00414ED0 | |
Source: | Code function: | 0_2_00414ED0 | |
Source: | Code function: | 0_2_00414ED0 | |
Source: | Code function: | 0_2_00414ED0 | |
Source: | Code function: | 0_2_00414ED0 | |
Source: | Code function: | 0_2_00414ED0 | |
Source: | Code function: | 0_2_00414ED0 | |
Source: | Code function: | 0_2_00414ED0 | |
Source: | Code function: | 0_2_00414ED0 | |
Source: | Code function: | 0_2_00414ED0 | |
Source: | Code function: | 0_2_00414ED0 | |
Source: | Code function: | 0_2_00414ED0 | |
Source: | Code function: | 0_2_0041AB90 | |
Source: | Code function: | 0_2_0041EF10 |
Source: | Code function: | 0_2_00409690 |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 0_2_004149F0 |
Source: | Code function: | 0_2_004DC84D |
Source: | Code function: | 0_2_0040AF70 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 DLL Side-Loading | 43 Virtualization/Sandbox Evasion | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 11 Native API | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 641 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 2 Obfuscated Files or Information | Security Account Manager | 43 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Software Packing | NTDS | 1 Process Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 25 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
68% | Virustotal | Browse | ||
54% | ReversingLabs | Win32.Trojan.Generic |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
193.233.132.253 | unknown | Russian Federation | 2895 | FREE-NET-ASFREEnetEU | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1436575 |
Start date and time: | 2024-05-06 02:58:09 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 48s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 9vZbHuuOq6.exerenamed because original name is a hash value |
Original Sample Name: | 67696e7aa22ad87ce8ccec3a1baf5fd8.exe |
Detection: | MAL |
Classification: | mal96.troj.evad.winEXE@1/0@0/1 |
EGA Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
193.233.132.253 | Get hash | malicious | LummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, Socks5Systemz, Vidar, zgRAT | Browse |
| |
Get hash | malicious | LummaC, PureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | LummaC, RisePro Stealer | Browse |
| ||
Get hash | malicious | LummaC, RisePro Stealer | Browse |
| ||
Get hash | malicious | Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader | Browse |
| ||
Get hash | malicious | GCleaner, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer | Browse |
| ||
Get hash | malicious | LummaC, PureLog Stealer, RisePro Stealer | Browse |
| ||
Get hash | malicious | LummaC, PureLog Stealer, RisePro Stealer | Browse |
| ||
Get hash | malicious | LummaC, PureLog Stealer, RisePro Stealer | Browse |
| ||
Get hash | malicious | LummaC, PureLog Stealer, RisePro Stealer | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
FREE-NET-ASFREEnetEU | Get hash | malicious | DCRat | Browse |
| |
Get hash | malicious | LummaC, Amadey, LummaC Stealer, Mars Stealer, RedLine, RisePro Stealer, SmokeLoader | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
|
File type: | |
Entropy (8bit): | 7.998746823436833 |
TrID: |
|
File name: | 9vZbHuuOq6.exe |
File size: | 8'876'792 bytes |
MD5: | 67696e7aa22ad87ce8ccec3a1baf5fd8 |
SHA1: | bd9667590d20f06a917fb4cd3dee90c7263e2f59 |
SHA256: | 737096609aeeedacb11b6bc2c68c020ae35bc485ea3fbe061e07d9acfdceda24 |
SHA512: | dc678f01245a31053aa0726ad203a952e89c1e57084acccd4388a0cd177a0a8a07464c2de4e5cb01dc8fe3bf031a60968163906fc7c394c8345b484e1245fb7d |
SSDEEP: | 196608:4f356OlETt6y3sx673q1bRUPBHlk7oR7pnaO3uR9J+LaZR:+3YPRqKYsBF7TTE9J+Lar |
TLSH: | 88963358F106FBD5D5E9003E8794E3A6B9397C02AB5A928332F174ECF87BB861D15930 |
File Content Preview: | MZ@.....................................!..L.!Win32 .EXE...$@...PE..L......f...............'.4...p...............P....@..................................!..................................L...L...H....................Z..................................... |
Icon Hash: | 0d4d1a1b696de7c9 |
Entrypoint: | 0x158f394 |
Entrypoint Section: | .MPRESS2 |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x660FE6E7 [Fri Apr 5 11:56:23 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 2f93cd80e5dfeca07d7e8b0f35545fb5 |
Signature Valid: | false |
Signature Issuer: | CN=AVG Technologies USA LLC \ufffd\xa1\xa0@\ufffd |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | A1AEF6A7FEC6D3C8F75A0AC57A3F4DBE |
Thumbprint SHA-1: | EBB7D941B8CF7ED3D52D088AB7AE8AB0E0D8ECE6 |
Thumbprint SHA-256: | 397B03015DBCAE0290503FD5D4A0A2DE50B9EF54118FC7ED8F754BCF0979574A |
Serial: | 123B429C3AFD48A34558FF520D424FC4 |
Instruction |
---|
pushad |
call 00007FEAB55977F5h |
pop eax |
add eax, 00000B5Ah |
mov esi, dword ptr [eax] |
add esi, eax |
sub eax, eax |
mov edi, esi |
lodsw |
shl eax, 0Ch |
mov ecx, eax |
push eax |
lodsd |
sub ecx, eax |
add esi, ecx |
mov ecx, eax |
push edi |
push ecx |
dec ecx |
mov al, byte ptr [ecx+edi+06h] |
mov byte ptr [ecx+esi], al |
jne 00007FEAB55977E8h |
sub eax, eax |
lodsb |
mov ecx, eax |
and cl, FFFFFFF0h |
and al, 0Fh |
shl ecx, 0Ch |
mov ch, al |
lodsb |
or ecx, eax |
push ecx |
add cl, ch |
mov ebp, FFFFFD00h |
shl ebp, cl |
pop ecx |
pop eax |
mov ebx, esp |
lea esp, dword ptr [esp+ebp*2-00000E70h] |
push ecx |
sub ecx, ecx |
push ecx |
push ecx |
mov ecx, esp |
push ecx |
mov dx, word ptr [edi] |
shl edx, 0Ch |
push edx |
push edi |
add ecx, 04h |
push ecx |
push eax |
add ecx, 04h |
push esi |
push ecx |
call 00007FEAB5597853h |
mov esp, ebx |
pop esi |
pop edx |
sub eax, eax |
mov dword ptr [edx+esi], eax |
mov ah, 10h |
sub edx, eax |
sub ecx, ecx |
cmp ecx, edx |
jnc 00007FEAB5597818h |
mov ebx, ecx |
lodsb |
inc ecx |
and al, FEh |
cmp al, E8h |
jne 00007FEAB55977E4h |
inc ebx |
add ecx, 04h |
lodsd |
or eax, eax |
js 00007FEAB55977F8h |
cmp eax, edx |
jnc 00007FEAB55977D7h |
jmp 00007FEAB55977F8h |
add eax, ebx |
js 00007FEAB55977D1h |
add eax, edx |
sub eax, ebx |
mov dword ptr [esi-04h], eax |
jmp 00007FEAB55977C8h |
call 00007FEAB55977F5h |
pop edi |
add edi, FFFFFF4Dh |
mov al, E9h |
stosb |
mov eax, 00000B56h |
stosd |
call 00007FEAB55977F5h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x118f000 | 0x4c | .MPRESS2 |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x118f04c | 0x348 | .MPRESS2 |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x1190000 | 0x85b0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x875a00 | 0x18f8 | .MPRESS1 |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x118ff00 | 0x18 | .MPRESS2 |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x118f178 | 0x68 | .MPRESS2 |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x1039038 | 0x40 | .MPRESS1 |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.MPRESS1 | 0x1000 | 0x118e000 | 0x86c200 | 0b1a2cd39e3ac66beb4072d742814790 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.MPRESS2 | 0x118f000 | 0xf20 | 0x1000 | 7ad997797edb7966c71ff454ec539dbb | False | 0.548095703125 | data | 5.8587231948232095 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x1190000 | 0x85b0 | 0x8600 | 0d29871840debb65436ee64b831e1db3 | False | 0.22353078358208955 | data | 2.8806711510228955 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
DABDUMP | 0x1169594 | 0x102a | empty | English | United States | 0 |
DABDUMP | 0x116a5c0 | 0x867 | empty | English | United States | 0 |
DABDUMP | 0x116ae28 | 0x52a | empty | English | United States | 0 |
DABDUMP | 0x116b354 | 0xa5 | empty | English | United States | 0 |
DABDUMP | 0x116b3fc | 0x316 | empty | English | United States | 0 |
DABDUMP | 0x116b714 | 0x1464 | empty | English | United States | 0 |
DABDUMP | 0x116cb78 | 0x275 | empty | English | United States | 0 |
DABDUMP | 0x116cdf0 | 0x3c6a | empty | English | United States | 0 |
DABDUMP | 0x1170a5c | 0x21a | empty | English | United States | 0 |
DABDUMP | 0x1170c78 | 0x1323 | empty | English | United States | 0 |
DABDUMP | 0x1171f9c | 0xb89 | empty | English | United States | 0 |
DABDUMP | 0x1172b28 | 0x35ca | empty | English | United States | 0 |
DABDUMP | 0x11760f4 | 0x28ea | empty | English | United States | 0 |
DABDUMP | 0x11789e0 | 0x2136 | empty | English | United States | 0 |
DABDUMP | 0x117ab18 | 0x1bc | empty | English | United States | 0 |
DABDUMP | 0x117acd4 | 0x1000 | empty | English | United States | 0 |
DABDUMP | 0x117bcd4 | 0xc22 | empty | English | United States | 0 |
DABDUMP | 0x117c8f8 | 0x5b3 | empty | English | United States | 0 |
DABDUMP | 0x117ceac | 0xbc | empty | English | United States | 0 |
IMAGE | 0x117cf68 | 0xca4 | empty | English | United States | 0 |
IMAGE | 0x117dc0c | 0x1cd5 | empty | English | United States | 0 |
IMAGE | 0x117f8e4 | 0xec3 | empty | English | United States | 0 |
IMAGE | 0x11807a8 | 0x7938 | empty | English | United States | 0 |
IMAGE | 0x11880e0 | 0xca4 | empty | English | United States | 0 |
RT_CURSOR | 0x1188d84 | 0x134 | empty | English | United States | 0 |
RT_CURSOR | 0x1188eb8 | 0x134 | empty | English | United States | 0 |
RT_CURSOR | 0x1188fec | 0x134 | empty | English | United States | 0 |
RT_CURSOR | 0x1189120 | 0x134 | empty | English | United States | 0 |
RT_CURSOR | 0x1189254 | 0x134 | empty | English | United States | 0 |
RT_CURSOR | 0x1189388 | 0xb4 | empty | English | United States | 0 |
RT_BITMAP | 0x118943c | 0x88 | empty | English | United States | 0 |
RT_BITMAP | 0x11894c4 | 0x17be | empty | English | United States | 0 |
RT_BITMAP | 0x118ac84 | 0x5e4 | empty | English | United States | 0 |
RT_BITMAP | 0x118b268 | 0x5e4 | empty | English | United States | 0 |
RT_BITMAP | 0x118b84c | 0xb8 | empty | English | United States | 0 |
RT_ICON | 0x1190ad4 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | English | United States | 0.10549132947976879 |
RT_ICON | 0x1191064 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States | 0.2427797833935018 |
RT_ICON | 0x1191934 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | English | United States | 0.29838709677419356 |
RT_ICON | 0x1191c44 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States | 0.37184115523465705 |
RT_ICON | 0x1192514 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | English | United States | 0.22311827956989247 |
RT_ICON | 0x1192824 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | English | United States | 0.21908602150537634 |
RT_ICON | 0x1192b34 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | English | United States | 0.239247311827957 |
RT_ICON | 0x1192e44 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | English | United States | 0.14516129032258066 |
RT_ICON | 0x1193154 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States | 0.19359205776173286 |
RT_ICON | 0x1193a24 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States | 0.29422382671480146 |
RT_ICON | 0x11942f4 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.20356472795497185 |
RT_ICON | 0x11953c4 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States | 0.1773465703971119 |
RT_ICON | 0x1195c94 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | English | United States | 0.25806451612903225 |
RT_ICON | 0x1195fa4 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States | 0.15162454873646208 |
RT_ICON | 0x1196874 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 256 | English | United States | 0.16776315789473684 |
RT_ICON | 0x11969cc | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 256 | English | United States | 0.1875 |
RT_ICON | 0x1196b24 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 256 | English | United States | 0.16776315789473684 |
RT_ICON | 0x1196c7c | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 256 | English | United States | 0.1611842105263158 |
RT_ICON | 0x1196dd4 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 256 | English | United States | 0.1875 |
RT_ICON | 0x1196f2c | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 256 | English | United States | 0.17105263157894737 |
RT_ICON | 0x1197084 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | English | United States | 0.12634408602150538 |
RT_DIALOG | 0x118b904 | 0x488 | empty | English | United States | 0 |
RT_DIALOG | 0x118bd8c | 0x26e | empty | English | United States | 0 |
RT_DIALOG | 0x118bffc | 0x594 | empty | English | United States | 0 |
RT_DIALOG | 0x118c590 | 0x25e | empty | English | United States | 0 |
RT_STRING | 0x118c7f0 | 0xf0 | empty | English | United States | 0 |
RT_STRING | 0x118c8e0 | 0x3e | empty | English | United States | 0 |
RT_STRING | 0x118c920 | 0x1ca | empty | English | United States | 0 |
RT_STRING | 0x118caec | 0x166 | empty | English | United States | 0 |
RT_STRING | 0x118cc54 | 0x1a0 | empty | English | United States | 0 |
RT_STRING | 0x118cdf4 | 0x1bc | empty | English | United States | 0 |
RT_STRING | 0x118cfb0 | 0x92 | empty | English | United States | 0 |
RT_STRING | 0x118d044 | 0x78 | empty | English | United States | 0 |
RT_STRING | 0x118d0bc | 0x21a | empty | English | United States | 0 |
RT_STRING | 0x118d2d8 | 0x1f8 | empty | English | United States | 0 |
RT_STRING | 0x118d4d0 | 0xde | empty | English | United States | 0 |
RT_STRING | 0x118d5b0 | 0x290 | empty | English | United States | 0 |
RT_STRING | 0x118d840 | 0x152 | empty | English | United States | 0 |
RT_STRING | 0x118d994 | 0x11a | empty | English | United States | 0 |
RT_STRING | 0x118dab0 | 0x2ee | empty | English | United States | 0 |
RT_STRING | 0x118dda0 | 0x196 | empty | English | United States | 0 |
RT_STRING | 0x118df38 | 0x2e2 | empty | English | United States | 0 |
RT_STRING | 0x118e21c | 0x490 | empty | English | United States | 0 |
RT_STRING | 0x118e6ac | 0xb2 | empty | English | United States | 0 |
RT_STRING | 0x118e760 | 0x110 | empty | English | United States | 0 |
RT_STRING | 0x118e870 | 0x126 | empty | English | United States | 0 |
RT_GROUP_CURSOR | 0x118e998 | 0x14 | empty | English | United States | 0 |
RT_GROUP_CURSOR | 0x118e9ac | 0x14 | empty | English | United States | 0 |
RT_GROUP_CURSOR | 0x118e9c0 | 0x14 | empty | English | United States | 0 |
RT_GROUP_CURSOR | 0x118e9d4 | 0x14 | empty | English | United States | 0 |
RT_GROUP_CURSOR | 0x118e9e8 | 0x22 | empty | English | United States | 0 |
RT_GROUP_ICON | 0x1197a48 | 0x22 | data | English | United States | 1.0588235294117647 |
RT_GROUP_ICON | 0x1197a94 | 0x14 | data | English | United States | 1.25 |
RT_GROUP_ICON | 0x1197ad0 | 0x14 | data | English | United States | 1.25 |
RT_GROUP_ICON | 0x1197b0c | 0x14 | data | English | United States | 1.25 |
RT_GROUP_ICON | 0x1197b48 | 0x14 | data | English | United States | 1.25 |
RT_GROUP_ICON | 0x1197b84 | 0x14 | data | English | United States | 1.25 |
RT_GROUP_ICON | 0x1197bc0 | 0x14 | data | English | United States | 1.25 |
RT_GROUP_ICON | 0x1197bfc | 0x14 | data | English | United States | 1.25 |
RT_GROUP_ICON | 0x1197c38 | 0x22 | data | English | United States | 1.0294117647058822 |
RT_GROUP_ICON | 0x1197c84 | 0x14 | data | English | United States | 1.25 |
RT_GROUP_ICON | 0x1197cc0 | 0x14 | data | English | United States | 1.25 |
RT_GROUP_ICON | 0x1197cfc | 0x14 | data | English | United States | 1.25 |
RT_GROUP_ICON | 0x1197d38 | 0x14 | data | English | United States | 1.15 |
RT_GROUP_ICON | 0x1197d74 | 0x14 | data | English | United States | 1.15 |
RT_GROUP_ICON | 0x1197db0 | 0x14 | data | English | United States | 1.15 |
RT_GROUP_ICON | 0x1197dec | 0x14 | data | English | United States | 1.15 |
RT_GROUP_ICON | 0x1197e28 | 0x14 | data | English | United States | 1.15 |
RT_GROUP_ICON | 0x1197e64 | 0x14 | data | English | United States | 1.15 |
RT_GROUP_ICON | 0x1197ea0 | 0x14 | data | English | United States | 1.25 |
RT_VERSION | 0x1197ef4 | 0x3b0 | data | Polish | Poland | 0.4311440677966102 |
RT_MANIFEST | 0x11982e4 | 0x2ca | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5028011204481793 |
DLL | Import |
---|---|
KERNEL32.DLL | GetModuleHandleA, GetProcAddress |
USER32.dll | wsprintfA |
GDI32.dll | CreateCompatibleBitmap |
ADVAPI32.dll | RegQueryValueExA |
SHELL32.dll | ShellExecuteA |
ole32.dll | CoInitialize |
WS2_32.dll | WSAStartup |
CRYPT32.dll | CryptUnprotectData |
SHLWAPI.dll | PathFindExtensionA |
gdiplus.dll | GdipGetImageEncoders |
SETUPAPI.dll | SetupDiEnumDeviceInfo |
ntdll.dll | RtlUnicodeStringToAnsiString |
RstrtMgr.DLL | RmStartSession |
Name | Ordinal | Address |
---|---|---|
Start | 1 | 0x461330 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States | |
Polish | Poland |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 6, 2024 02:59:01.178380013 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:01.448333979 CEST | 50500 | 49732 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:01.969142914 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:02.239106894 CEST | 50500 | 49732 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:02.754468918 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:03.024291039 CEST | 50500 | 49732 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:03.535717964 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:03.805386066 CEST | 50500 | 49732 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:04.316997051 CEST | 49732 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:04.586764097 CEST | 50500 | 49732 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:04.709016085 CEST | 49733 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:04.980067968 CEST | 50500 | 49733 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:05.487328053 CEST | 49733 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:05.758261919 CEST | 50500 | 49733 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:06.270170927 CEST | 49733 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:06.541043997 CEST | 50500 | 49733 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:07.051423073 CEST | 49733 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:07.322325945 CEST | 50500 | 49733 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:07.832602024 CEST | 49733 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:08.103502989 CEST | 50500 | 49733 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:08.247848988 CEST | 49734 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:08.508882046 CEST | 50500 | 49734 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:09.020204067 CEST | 49734 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:09.281312943 CEST | 50500 | 49734 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:09.785799980 CEST | 49734 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:10.046844006 CEST | 50500 | 49734 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:10.551443100 CEST | 49734 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:10.812558889 CEST | 50500 | 49734 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:11.316971064 CEST | 49734 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:11.577980042 CEST | 50500 | 49734 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:12.004964113 CEST | 49735 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:12.274863958 CEST | 50500 | 49735 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:12.785823107 CEST | 49735 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:13.055596113 CEST | 50500 | 49735 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:13.567332029 CEST | 49735 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:13.836966991 CEST | 50500 | 49735 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:14.348351002 CEST | 49735 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:14.618202925 CEST | 50500 | 49735 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:15.129482985 CEST | 49735 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:15.399285078 CEST | 50500 | 49735 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:15.540800095 CEST | 49742 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:15.810971022 CEST | 50500 | 49742 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:16.317102909 CEST | 49742 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:16.587234974 CEST | 50500 | 49742 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:17.098361015 CEST | 49742 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:17.368509054 CEST | 50500 | 49742 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:17.879492044 CEST | 49742 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:18.149641037 CEST | 50500 | 49742 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:18.660747051 CEST | 49742 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:18.930846930 CEST | 50500 | 49742 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:19.051657915 CEST | 49743 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:19.311604023 CEST | 50500 | 49743 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:19.817085981 CEST | 49743 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:20.077068090 CEST | 50500 | 49743 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:20.582638025 CEST | 49743 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:20.845453024 CEST | 50500 | 49743 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:21.348390102 CEST | 49743 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:21.608361006 CEST | 50500 | 49743 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:22.113956928 CEST | 49743 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:22.374006033 CEST | 50500 | 49743 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:22.503684044 CEST | 49744 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:22.762744904 CEST | 50500 | 49744 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:23.270133972 CEST | 49744 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:23.529151917 CEST | 50500 | 49744 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:24.035746098 CEST | 49744 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:24.294852972 CEST | 50500 | 49744 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:24.801383018 CEST | 49744 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:25.060467005 CEST | 50500 | 49744 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:25.567120075 CEST | 49744 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:25.826172113 CEST | 50500 | 49744 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:26.192863941 CEST | 49745 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:26.454266071 CEST | 50500 | 49745 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:26.957608938 CEST | 49745 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:27.219799042 CEST | 50500 | 49745 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:27.723244905 CEST | 49745 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:27.985213995 CEST | 50500 | 49745 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:28.488868952 CEST | 49745 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:28.750087023 CEST | 50500 | 49745 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:29.254504919 CEST | 49745 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:29.515826941 CEST | 50500 | 49745 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:32.265851974 CEST | 49746 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:32.540127039 CEST | 50500 | 49746 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:33.223347902 CEST | 49746 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:33.495963097 CEST | 50500 | 49746 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:34.035974979 CEST | 49746 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:34.308619022 CEST | 50500 | 49746 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:34.817142010 CEST | 49746 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:35.089745045 CEST | 50500 | 49746 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:35.598393917 CEST | 49746 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:35.873050928 CEST | 50500 | 49746 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:36.004797935 CEST | 49747 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:36.259445906 CEST | 50500 | 49747 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:36.770267010 CEST | 49747 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:37.024961948 CEST | 50500 | 49747 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:37.535871029 CEST | 49747 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:37.793184996 CEST | 50500 | 49747 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:38.301383018 CEST | 49747 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:38.556382895 CEST | 50500 | 49747 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:39.067030907 CEST | 49747 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:39.321783066 CEST | 50500 | 49747 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:39.442717075 CEST | 49748 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:39.710298061 CEST | 50500 | 49748 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:40.223429918 CEST | 49748 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:40.490247011 CEST | 50500 | 49748 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:41.004607916 CEST | 49748 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:41.271460056 CEST | 50500 | 49748 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:41.785782099 CEST | 49748 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:42.052716017 CEST | 50500 | 49748 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:42.567037106 CEST | 49748 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:42.833813906 CEST | 50500 | 49748 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:42.965735912 CEST | 49749 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:43.225596905 CEST | 50500 | 49749 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:43.738965034 CEST | 49749 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:43.997947931 CEST | 50500 | 49749 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:44.504512072 CEST | 49749 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:44.763364077 CEST | 50500 | 49749 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:45.270154953 CEST | 49749 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:45.532404900 CEST | 50500 | 49749 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:46.051372051 CEST | 49749 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:46.310308933 CEST | 50500 | 49749 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:46.734625101 CEST | 49750 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:46.990932941 CEST | 50500 | 49750 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:47.504762888 CEST | 49750 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:47.757189989 CEST | 50500 | 49750 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:48.270275116 CEST | 49750 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:48.524605036 CEST | 50500 | 49750 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:49.035947084 CEST | 49750 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:49.288425922 CEST | 50500 | 49750 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:49.801500082 CEST | 49750 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:50.053864002 CEST | 50500 | 49750 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:51.225378990 CEST | 49751 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:51.486432076 CEST | 50500 | 49751 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:51.988917112 CEST | 49751 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:52.247400045 CEST | 50500 | 49751 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:52.754586935 CEST | 49751 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:53.013012886 CEST | 50500 | 49751 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:53.520175934 CEST | 49751 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:53.778549910 CEST | 50500 | 49751 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:54.285767078 CEST | 49751 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:54.544253111 CEST | 50500 | 49751 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:54.667769909 CEST | 49753 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:54.943258047 CEST | 50500 | 49753 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:55.457655907 CEST | 49753 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:55.733251095 CEST | 50500 | 49753 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:56.238922119 CEST | 49753 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:56.514272928 CEST | 50500 | 49753 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:57.020175934 CEST | 49753 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:57.295741081 CEST | 50500 | 49753 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:57.803391933 CEST | 49753 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:58.078835011 CEST | 50500 | 49753 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:58.212994099 CEST | 49754 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:58.485562086 CEST | 50500 | 49754 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:58.988929987 CEST | 49754 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 02:59:59.261439085 CEST | 50500 | 49754 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 02:59:59.770174980 CEST | 49754 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:00.042701960 CEST | 50500 | 49754 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:00.551418066 CEST | 49754 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:00.823935986 CEST | 50500 | 49754 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:01.332657099 CEST | 49754 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:01.605137110 CEST | 50500 | 49754 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:01.727669954 CEST | 49755 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:01.994330883 CEST | 50500 | 49755 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:02.504548073 CEST | 49755 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:02.771244049 CEST | 50500 | 49755 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:03.288460016 CEST | 49755 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:03.555144072 CEST | 50500 | 49755 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:04.067047119 CEST | 49755 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:04.334036112 CEST | 50500 | 49755 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:04.848297119 CEST | 49755 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:05.115024090 CEST | 50500 | 49755 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:05.250725031 CEST | 49756 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:05.505626917 CEST | 50500 | 49756 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:06.020181894 CEST | 49756 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:06.274421930 CEST | 50500 | 49756 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:06.785881996 CEST | 49756 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:07.041157007 CEST | 50500 | 49756 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:07.551480055 CEST | 49756 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:07.806168079 CEST | 50500 | 49756 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:08.317075014 CEST | 49756 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:08.571887016 CEST | 50500 | 49756 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:08.697877884 CEST | 49757 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:08.962774992 CEST | 50500 | 49757 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:09.473297119 CEST | 49757 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:09.738176107 CEST | 50500 | 49757 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:10.239468098 CEST | 49757 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:10.504451990 CEST | 50500 | 49757 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:11.004553080 CEST | 49757 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:11.269273043 CEST | 50500 | 49757 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:11.775635004 CEST | 49757 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:12.040411949 CEST | 50500 | 49757 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:12.427867889 CEST | 49758 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:12.703097105 CEST | 50500 | 49758 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:13.207832098 CEST | 49758 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:13.483172894 CEST | 50500 | 49758 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:13.988982916 CEST | 49758 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:14.264264107 CEST | 50500 | 49758 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:14.770381927 CEST | 49758 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:15.045856953 CEST | 50500 | 49758 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:15.556477070 CEST | 49758 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:15.831576109 CEST | 50500 | 49758 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:16.851356030 CEST | 49759 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:17.117057085 CEST | 50500 | 49759 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:17.629550934 CEST | 49759 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:17.895308971 CEST | 50500 | 49759 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:18.395195007 CEST | 49759 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:18.661062002 CEST | 50500 | 49759 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:19.176426888 CEST | 49759 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:19.442183971 CEST | 50500 | 49759 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:20.051435947 CEST | 49759 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:20.317148924 CEST | 50500 | 49759 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:20.442528963 CEST | 49760 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:20.712065935 CEST | 50500 | 49760 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:21.254579067 CEST | 49760 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:21.524220943 CEST | 50500 | 49760 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:22.035907030 CEST | 49760 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:22.306014061 CEST | 50500 | 49760 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:22.817198992 CEST | 49760 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:23.088584900 CEST | 50500 | 49760 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:23.598347902 CEST | 49760 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:23.867965937 CEST | 50500 | 49760 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:23.998816967 CEST | 49761 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:24.260611057 CEST | 50500 | 49761 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:24.770349979 CEST | 49761 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:25.032130003 CEST | 50500 | 49761 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:25.535826921 CEST | 49761 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:25.797604084 CEST | 50500 | 49761 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:26.301449060 CEST | 49761 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:26.563108921 CEST | 50500 | 49761 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:27.067064047 CEST | 49761 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:27.328790903 CEST | 50500 | 49761 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:27.459606886 CEST | 49762 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:27.720678091 CEST | 50500 | 49762 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:28.223320961 CEST | 49762 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:28.487535954 CEST | 50500 | 49762 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:28.989074945 CEST | 49762 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:29.250139952 CEST | 50500 | 49762 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:29.754666090 CEST | 49762 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:30.016915083 CEST | 50500 | 49762 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:30.520203114 CEST | 49762 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:30.781291962 CEST | 50500 | 49762 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:30.918519020 CEST | 49763 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:31.185955048 CEST | 50500 | 49763 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:31.692076921 CEST | 49763 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:31.959517956 CEST | 50500 | 49763 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:32.473330975 CEST | 49763 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:32.740839958 CEST | 50500 | 49763 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:33.254673004 CEST | 49763 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:33.522083044 CEST | 50500 | 49763 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:34.035953999 CEST | 49763 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:34.303356886 CEST | 50500 | 49763 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:34.427550077 CEST | 49764 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:34.687120914 CEST | 50500 | 49764 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:35.192079067 CEST | 49764 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:35.451719999 CEST | 50500 | 49764 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:35.957742929 CEST | 49764 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:36.218174934 CEST | 50500 | 49764 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:36.723354101 CEST | 49764 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:36.983572006 CEST | 50500 | 49764 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:37.489053965 CEST | 49764 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:37.751811981 CEST | 50500 | 49764 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:37.886632919 CEST | 49765 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:38.139848948 CEST | 50500 | 49765 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:38.645242929 CEST | 49765 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:38.900235891 CEST | 50500 | 49765 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:39.410835981 CEST | 49765 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:39.663880110 CEST | 50500 | 49765 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:40.176454067 CEST | 49765 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:40.432024002 CEST | 50500 | 49765 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:40.942112923 CEST | 49765 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:41.195178986 CEST | 50500 | 49765 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:41.319905043 CEST | 49766 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:41.585621119 CEST | 50500 | 49766 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:42.098366976 CEST | 49766 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:42.364713907 CEST | 50500 | 49766 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:42.879615068 CEST | 49766 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:43.145318031 CEST | 50500 | 49766 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:43.660835028 CEST | 49766 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:43.930756092 CEST | 50500 | 49766 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:44.442079067 CEST | 49766 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:44.707676888 CEST | 50500 | 49766 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:44.899101019 CEST | 49767 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:45.160078049 CEST | 50500 | 49767 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:45.660852909 CEST | 49767 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:45.921685934 CEST | 50500 | 49767 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:46.427891016 CEST | 49767 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:46.688719988 CEST | 50500 | 49767 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:47.192198038 CEST | 49767 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:47.452914000 CEST | 50500 | 49767 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:47.957746983 CEST | 49767 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:48.218477964 CEST | 50500 | 49767 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:48.349479914 CEST | 49768 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:48.615288019 CEST | 50500 | 49768 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:49.129580021 CEST | 49768 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:49.395303011 CEST | 50500 | 49768 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:49.899132967 CEST | 49768 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:50.166145086 CEST | 50500 | 49768 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:50.676563025 CEST | 49768 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:50.942326069 CEST | 50500 | 49768 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:51.457820892 CEST | 49768 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:51.723690987 CEST | 50500 | 49768 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:51.849201918 CEST | 49769 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:52.110811949 CEST | 50500 | 49769 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:52.614181995 CEST | 49769 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:52.875766993 CEST | 50500 | 49769 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:53.395332098 CEST | 49769 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:53.657874107 CEST | 50500 | 49769 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:54.176537037 CEST | 49769 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:54.438163996 CEST | 50500 | 49769 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:54.988998890 CEST | 49769 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:55.250658989 CEST | 50500 | 49769 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:55.396692991 CEST | 49770 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:55.656337976 CEST | 50500 | 49770 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:56.192130089 CEST | 49770 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:56.451601028 CEST | 50500 | 49770 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:56.957734108 CEST | 49770 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:57.217259884 CEST | 50500 | 49770 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:57.723469973 CEST | 49770 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:57.984484911 CEST | 50500 | 49770 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:58.492238998 CEST | 49770 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:58.751828909 CEST | 50500 | 49770 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:58.880347967 CEST | 49771 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:59.150708914 CEST | 50500 | 49771 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:00:59.660963058 CEST | 49771 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:00:59.927459955 CEST | 50500 | 49771 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:01:00.442131042 CEST | 49771 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:01:00.711503983 CEST | 50500 | 49771 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:01:01.223460913 CEST | 49771 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:01:01.490575075 CEST | 50500 | 49771 | 193.233.132.253 | 192.168.2.4 |
May 6, 2024 03:01:02.004632950 CEST | 49771 | 50500 | 192.168.2.4 | 193.233.132.253 |
May 6, 2024 03:01:02.271338940 CEST | 50500 | 49771 | 193.233.132.253 | 192.168.2.4 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 02:58:54 |
Start date: | 06/05/2024 |
Path: | C:\Users\user\Desktop\9vZbHuuOq6.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 8'876'792 bytes |
MD5 hash: | 67696E7AA22AD87CE8CCEC3A1BAF5FD8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 1.2% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 7.5% |
Total number of Nodes: | 389 |
Total number of Limit Nodes: | 58 |
Graph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045D9F0 Relevance: 7.7, APIs: 5, Instructions: 159sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D430 Relevance: 7.6, APIs: 5, Instructions: 92networkCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004F3893 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004F1FB3 Relevance: 2.6, APIs: 2, Instructions: 63COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004E2032 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AD80 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004F42CD Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040CD50 Relevance: 73.2, APIs: 16, Strings: 25, Instructions: 1490registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004099A0 Relevance: 35.3, APIs: 10, Strings: 10, Instructions: 280libraryloaderthreadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004176B0 Relevance: 31.2, APIs: 5, Strings: 12, Instructions: 1401fileregistryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416490 Relevance: 30.9, APIs: 3, Strings: 14, Instructions: 1192fileregistryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00481A30 Relevance: 30.0, APIs: 11, Strings: 6, Instructions: 241libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414ED0 Relevance: 23.8, APIs: 5, Strings: 8, Instructions: 1084registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00482FE0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 169libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433C30 Relevance: 21.0, Strings: 16, Instructions: 1038COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043C800 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 163libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418EE0 Relevance: 18.1, Strings: 13, Instructions: 1835COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409690 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 117memorylibraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C490 Relevance: 14.4, APIs: 2, Strings: 6, Instructions: 416registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AF70 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 69libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004160B0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 162libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00487270 Relevance: 8.2, Strings: 6, Instructions: 742COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004E5B90 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F3EB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34encryptionCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418BB0 Relevance: 5.2, Strings: 4, Instructions: 236COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00471830 Relevance: 5.0, APIs: 3, Instructions: 526COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A1B3F8 Relevance: 3.9, Strings: 3, Instructions: 164COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AE657A Relevance: 3.8, Strings: 3, Instructions: 97COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004DC84D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 27timeCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B5916C Relevance: 2.8, Strings: 2, Instructions: 319COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C164E8 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B121AA Relevance: 2.7, Strings: 2, Instructions: 216COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A176D0 Relevance: 2.6, Strings: 2, Instructions: 103COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C70AD0 Relevance: 2.6, Strings: 2, Instructions: 102COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B0C43A Relevance: 2.6, Strings: 2, Instructions: 94COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044EB90 Relevance: 1.9, Strings: 1, Instructions: 609COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004944E0 Relevance: 1.7, APIs: 1, Instructions: 234COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B27802 Relevance: 1.6, Strings: 1, Instructions: 397COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004E959F Relevance: 1.6, Strings: 1, Instructions: 333COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004E925D Relevance: 1.6, Strings: 1, Instructions: 318COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040BFC0 Relevance: 1.5, Strings: 1, Instructions: 261COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AB7B09 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004146B0 Relevance: 1.4, Strings: 1, Instructions: 166COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CB2298 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00483470 Relevance: .8, Instructions: 763COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0048C560 Relevance: .7, Instructions: 663COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0048B4F0 Relevance: .5, Instructions: 514COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0047F360 Relevance: .4, Instructions: 394COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A21DF6 Relevance: .3, Instructions: 348COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0048BFB0 Relevance: .3, Instructions: 312COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004F6CC5 Relevance: .3, Instructions: 269COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0152DEAD Relevance: .2, Instructions: 248COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402600 Relevance: .2, Instructions: 221COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A30202 Relevance: .2, Instructions: 203COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00483EF0 Relevance: .2, Instructions: 189COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0148069F Relevance: .2, Instructions: 180COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401900 Relevance: .2, Instructions: 171COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014D85D6 Relevance: .2, Instructions: 161COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004E3B58 Relevance: .2, Instructions: 156COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CDAE7E Relevance: .2, Instructions: 153COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402410 Relevance: .2, Instructions: 152COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A1012C Relevance: .1, Instructions: 137COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014C8DB8 Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D287ED Relevance: .1, Instructions: 124COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BD126B Relevance: .1, Instructions: 113COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B4DB89 Relevance: .1, Instructions: 99COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004E03D0 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00464270 Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004624B0 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00482A10 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 216networkCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414A80 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 211registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004F4D9F Relevance: 10.8, APIs: 7, Instructions: 329COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413F60 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 163fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004EAC03 Relevance: 9.3, APIs: 6, Instructions: 285COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409830 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 87libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040BD50 Relevance: 7.6, APIs: 5, Instructions: 132COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D560 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 244libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414233 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 192fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403340 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 178COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004EC863 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004F45B7 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 74COMMONLIBRARYCODE
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004DCFA7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004DD87B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |