e4f18ad115440f9f42bb9fee65f6fac0
PE Executable | MD5: e4f18ad115440f9f42bb9fee65f6fac0 | Size: 49.66 KB | application/x-dosexec
Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | e4f18ad115440f9f42bb9fee65f6fac0
|
| Sha1 | 57506c99816696fb34bd8d7ab17e3ee22609e470
|
| Sha256 | 8c98a849543881cb75453b9e516bffd98805d7191f4c5e10320f2e89007653d8
|
| Sha384 | 5cadd1d50930cb5d4aa3a2bfe19c5f398b5cbd55be3cc3328f8ba3f6a40ead02166257e1bcb02e9d601f2bfb38658a00
|
| Sha512 | 28b8e59ddf9eb887a917cf1f2ac93d6f353b6771700a7b7d4f7516115707c6ed92be23ace0cc1f3a3eca5e498d77f902108edd6adb6e3c4cf480911b6eb8c375
|
| SSDeep | 768:ju9D2RTVAw429WUpbOkmo2qYNHD9Ke5p2qPI7Jm60baU/TiHegwkY7p2/0tKqVBN:ju9iRTVC22Bf527sba2QV7yE/EjdJx
|
| TLSH | FF231B003BE9812BF2BE5F7499F22256867BB2633603D94D1CC452D75A23BC2DA425FD
|
PeID
|
Config. Field0 | Value |
|---|---|
| Key (AES_256) | SkpvUk9XaWx0a0xXV21IUWFJOEF5aVVPdmpPOEhlTms= |
| Pastebin | - |
| Certificate | MIIE8jCCAtqgAwIBAgIQAIZMhXFGE5Y3RoSyBbvf0TANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwNDI4MTExNjI4WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKrwVkcnBgXUyhAooY6q+UJsCi27nP0i2MlJG3HDEhuhS0ISzD0XBuuSXhTlGdvJqomv4I/pFxdEkstobKM7z852Vd01sx19HDSLilbGAke9yRbZp/TqKe60+RK8QQcnPUeJ4kiQijuDXKTrbkCdeytGVkMskvJQCWU2C8u+5LrXSDY2baID7kz4umKqU8PQl4imOQF+ewuxKmL5JC/ns9E11WfYE2KgD04145WLXwBkYRttXyaqTV704yTI6bZ2UpZ+naTLmyGgRVkYNYQqBLdTJ75sFgvkWcE5jECqVHowDv252RT4/qTTod7uYvWo0FG2AO7JjU3mLLxI+paxUA7GuYP+NrdAOVHGajgnWUL2JFv+XtEtQjWtuMRlQs1TDz0IUUwHQktrjYQC0yyUEUf4zMz/Qgb2NvVLziwST+6r38D7i8ckP0oxwO41HH+OQYqJ1Ecsaek5Ukxt/ZyyWSJSOy89jmAepBoogd5lzh+8g5CHB0tQrxl6rk0CdvKMtuspw+em9UT/mv3kWL/cqc5d3JLEYsFNGHPZbdMsoftCS+xWJVGQWObzs8iLabOTuNLmMHnffZUXcTfzSIriphoGejFy6Q9B9HI7WyWpzZLDD/fjb/4RVccUpo+ti8mnLP6owl4/IEkv2db5Lg8yxZgd0bCh+t61PbheRgv3a5vrAgMBAAGjMjAwMB0GA1UdDgQWBBQz9hwirkKpHBfj+59FVOjJgNy05DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQBJXhJGeFKO0O7/1NF2Qzke7rx8Qif9n58/QLGfaVuGqKqVS0PQzVHOJPgiggWcGHaUBKmpKSzffOMGKlRcHAJUegd8j6amZeorYAliD0BpwXu2HsxEWKq/nzEF37pFEL/VTFjPSeYNtgEDgIjRZOHq9sNjr5bnjjZ9Ze4x2GrpSKi69bw+px9/V9XcSMZySRN65Ky7N2m+/SQdt5LLVm+2dsBLuPt/oCawYo3Ja82cKk9frrUPJUASl5Betxmh3WkVf5gvCvNKwY+KWCRDNGIA2rNr1B1RlthRcxIrBrUs8zF7BoliT7A/goaIyVHoiDlthCYKBRFwq7OEvWkh80rrszDFVKcubutcTDdngwYAXYBPQH2JY5RmK9f4efHyuXy3oP5/OfNVmb4j56QXa6fKr3xT+IFApKPrmwLbeKS5dunuW1ULqv7Ph7LGgVJxpZhT16GEtBrONczZDWfSMesvrVUQL42QVNrNLObQNJZtBT0dhXBXI+ErqV7ECcozjL6uaQfDkri8z8cs2l22xK9XEQIbYPEQESaXkyQl5i9IocwuykP9emdj8qERLYTffImvgVCY7XXztrgS+vLTkV12IEYS9qDMs/AtbYwsD3wbiIaIcguymj/Tleus05CcMKhOSCI01QmWaBk5qs4lyOMdc1uFVu9LHmrtfwvBAPTpug== |
| ServerSignature | ikOJlxrFeAIyTomNKY5+DjOkBaSBBmAc4KVQw0Pqed3O6y4pYQtWwp7BpCqJ1GOxLlH9NirKHqRwGIBVbK0yz8DsS+06Lvr7nrxYz8ALJpSbPTHxIwkZTt97dPKONy0dfUwQknZpYp858YQGzYP8DHqia3zNr0baJTf1Y7FYp2GTP4enZMwpHNQcD2N9lxxrqOafY289v3BbV8YgM6A9uFVb2AGnwMorGVoPZOKZyTtDfRvMUcfcWFzdGpmCm/L5n8Kyt1CVUteus0Z1F3YhJlggXkfr0vscaHZl561BaAe7+SP8+cO5q3QjG/v8tz+8aDEgsHiSqfRq6IyxxTcxdwx27i2HhU4ziM9k6QycY3v94my9YUXg3pPmPwms+kX52YFVeSuJSSYapKXozh0zVFQwQDo1xJfhxQ4bX3/UOYDCaFTVj2dTN8MUwhKRjcFVDqdSFh9KM/vq56iEUgJU9kVr3G0lYHbQJCvXzymtY/IRKcLXGacQSnv4HobLXT9zF6p6pGCtV9hw+DK7rNOChxpfc/TlGbcn7IIx4h/bZWhubkyZyffJXwFVfUi+GXrXITBd4myU+RBIwNEtBzSElzjjmCDlGyz7lfRCpDqnKlYpecDa7fq/m7qaF9n0+oi7GWnISheKAxfyKnR/EQJldM7spGon343Fwx4DiY2DmW0= |
| Install | false |
| BDOS | false |
| Anti-VM | false |
| Install-Folder | %AppData% |
| Hosts | backdoor-access.gwos.com,alpha-login.gwos.com,beta-api.gwos.com,cdn-cache.gwos.com,media-edge.gwos.com,auth-gateway.gwos.com,www.gwos.com,gwos.com,static-files.gwos.com,img-delivery.gwos.com,video-stream.gwos.com,docs-portal.gwos.com,status-board.gwos.com,dev-console.gwos.com,telemetry-hub.gwos.com,push-service.gwos.com,token-refresh.gwos.com,packet-watch.gwos.com,mirror-sync.gwos.com,watchtower-ui.gwos.com,collector-backup.gwos.com,node-02.gwos.com,dns-helper.gwos.com |
| Ports | 443,6606,7707,8000,8080,8808,49152,50001,54321,57001,59999,60123,61000,62000,65000,65001,65002,65533,65534,65535 |
| Mutex | t3G5mw659Dxg |
| Version | 0.5.8 |
| Delay | 3 |
| Group | Default |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | RYooWgeFSwdtex |
| Full Name | RYooWgeFSwdtex |
| EntryPoint | System.Void ZgYWuJGqwFud.hzsQRkrsvf::Main() |
| Scope Name | RYooWgeFSwdtex |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | KYC_Verify |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 120 |
| Main Method | System.Void ZgYWuJGqwFud.hzsQRkrsvf::Main() |
| Main IL Instruction Count | 51 |
| Main IL | ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String ZgYWuJGqwFud.BLOFBFzqWWq::wokMhTetbY call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean ZgYWuJGqwFud.BLOFBFzqWWq::AoZYihjKgArah() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean gLxSjmcuyG.uttGjBJJIpw::YqjpeJBjPniGt() brtrue IL_0043: ldsfld System.String ZgYWuJGqwFud.BLOFBFzqWWq::XiDGtLbsiQjbl ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String ZgYWuJGqwFud.BLOFBFzqWWq::XiDGtLbsiQjbl call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String ZgYWuJGqwFud.BLOFBFzqWWq::OhofjMfmFDEDm call System.Void gLxSjmcuyG.guArWvJFGwS::RuwGTEpVXxJOUO() ldsfld System.String ZgYWuJGqwFud.BLOFBFzqWWq::OhofjMfmFDEDm call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String ZgYWuJGqwFud.BLOFBFzqWWq::LkBgncQlnuhjDf call System.Void RaMxNPqOZLBp.DJmOImsWvq::zYGnAnOxxsp() ldsfld System.String ZgYWuJGqwFud.BLOFBFzqWWq::LkBgncQlnuhjDf call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void gLxSjmcuyG.oZVYVkzkETdvHg::pwHCURxWInall() call System.Boolean gLxSjmcuyG.oZVYVkzkETdvHg::sprjIZYaMLaiVT() brfalse IL_0089: call System.Void gLxSjmcuyG.oZVYVkzkETdvHg::pwHCURxWInall() call System.Void gLxSjmcuyG.sqTlfBORoWLHHL::gJGRnsShnbk() call System.Void gLxSjmcuyG.oZVYVkzkETdvHg::pwHCURxWInall() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean ttTVpyDngLW.jCgQsVvRzrLf::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void ttTVpyDngLW.jCgQsVvRzrLf::cJOxZqdGoNfi() call System.Void ttTVpyDngLW.jCgQsVvRzrLf::lezaDMXtiEGcHsC() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop |
| Module Name | RYooWgeFSwdtex |
| Full Name | RYooWgeFSwdtex |
| EntryPoint | System.Void ZgYWuJGqwFud.hzsQRkrsvf::Main() |
| Scope Name | RYooWgeFSwdtex |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | KYC_Verify |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 120 |
| Main Method | System.Void ZgYWuJGqwFud.hzsQRkrsvf::Main() |
| Main IL Instruction Count | 51 |
| Main IL | ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String ZgYWuJGqwFud.BLOFBFzqWWq::wokMhTetbY call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean ZgYWuJGqwFud.BLOFBFzqWWq::AoZYihjKgArah() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean gLxSjmcuyG.uttGjBJJIpw::YqjpeJBjPniGt() brtrue IL_0043: ldsfld System.String ZgYWuJGqwFud.BLOFBFzqWWq::XiDGtLbsiQjbl ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String ZgYWuJGqwFud.BLOFBFzqWWq::XiDGtLbsiQjbl call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String ZgYWuJGqwFud.BLOFBFzqWWq::OhofjMfmFDEDm call System.Void gLxSjmcuyG.guArWvJFGwS::RuwGTEpVXxJOUO() ldsfld System.String ZgYWuJGqwFud.BLOFBFzqWWq::OhofjMfmFDEDm call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String ZgYWuJGqwFud.BLOFBFzqWWq::LkBgncQlnuhjDf call System.Void RaMxNPqOZLBp.DJmOImsWvq::zYGnAnOxxsp() ldsfld System.String ZgYWuJGqwFud.BLOFBFzqWWq::LkBgncQlnuhjDf call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void gLxSjmcuyG.oZVYVkzkETdvHg::pwHCURxWInall() call System.Boolean gLxSjmcuyG.oZVYVkzkETdvHg::sprjIZYaMLaiVT() brfalse IL_0089: call System.Void gLxSjmcuyG.oZVYVkzkETdvHg::pwHCURxWInall() call System.Void gLxSjmcuyG.sqTlfBORoWLHHL::gJGRnsShnbk() call System.Void gLxSjmcuyG.oZVYVkzkETdvHg::pwHCURxWInall() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean ttTVpyDngLW.jCgQsVvRzrLf::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void ttTVpyDngLW.jCgQsVvRzrLf::cJOxZqdGoNfi() call System.Void ttTVpyDngLW.jCgQsVvRzrLf::lezaDMXtiEGcHsC() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop |
|
Name0 | Value |
|---|---|
| Key (AES_256) | SkpvUk9XaWx0a0xXV21IUWFJOEF5aVVPdmpPOEhlTms= |
| CnC | backdoor-access.gwos.com |
| CnC | alpha-login.gwos.com |
| CnC | beta-api.gwos.com |
| CnC | cdn-cache.gwos.com |
| CnC | media-edge.gwos.com |
| CnC | auth-gateway.gwos.com |
| CnC | www.gwos.com |
| CnC | gwos.com |
| CnC | static-files.gwos.com |
| CnC | img-delivery.gwos.com |
| CnC | video-stream.gwos.com |
| CnC | docs-portal.gwos.com |
| CnC | status-board.gwos.com |
| CnC | dev-console.gwos.com |
| CnC | telemetry-hub.gwos.com |
| CnC | push-service.gwos.com |
| CnC | token-refresh.gwos.com |
| CnC | packet-watch.gwos.com |
| CnC | mirror-sync.gwos.com |
| CnC | watchtower-ui.gwos.com |
| CnC | collector-backup.gwos.com |
| CnC | node-02.gwos.com |
| CnC | dns-helper.gwos.com |
| Ports | 443 |
| Ports | 6606 |
| Ports | 7707 |
| Ports | 8000 |
| Ports | 8080 |
| Ports | 8808 |
| Ports | 49152 |
| Ports | 50001 |
| Ports | 54321 |
| Ports | 57001 |
| Ports | 59999 |
| Ports | 60123 |
| Ports | 61000 |
| Ports | 62000 |
| Ports | 65000 |
| Ports | 65001 |
| Ports | 65002 |
| Ports | 65533 |
| Ports | 65534 |
| Ports | 65535 |
| Mutex | t3G5mw659Dxg |
|
Config. Field0 | Value |
|---|---|
| Key (AES_256) | SkpvUk9XaWx0a0xXV21IUWFJOEF5aVVPdmpPOEhlTms= |
| Pastebin | - |
| Certificate | MIIE8jCCAtqgAwIBAgIQAIZMhXFGE5Y3RoSyBbvf0TANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwNDI4MTExNjI4WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKrwVkcnBgXUyhAooY6q+UJsCi27nP0i2MlJG3HDEhuhS0ISzD0XBuuSXhTlGdvJqomv4I/pFxdEkstobKM7z852Vd01sx19HDSLilbGAke9yRbZp/TqKe60+RK8QQcnPUeJ4kiQijuDXKTrbkCdeytGVkMskvJQCWU2C8u+5LrXSDY2baID7kz4umKqU8PQl4imOQF+ewuxKmL5JC/ns9E11WfYE2KgD04145WLXwBkYRttXyaqTV704yTI6bZ2UpZ+naTLmyGgRVkYNYQqBLdTJ75sFgvkWcE5jECqVHowDv252RT4/qTTod7uYvWo0FG2AO7JjU3mLLxI+paxUA7GuYP+NrdAOVHGajgnWUL2JFv+XtEtQjWtuMRlQs1TDz0IUUwHQktrjYQC0yyUEUf4zMz/Qgb2NvVLziwST+6r38D7i8ckP0oxwO41HH+OQYqJ1Ecsaek5Ukxt/ZyyWSJSOy89jmAepBoogd5lzh+8g5CHB0tQrxl6rk0CdvKMtuspw+em9UT/mv3kWL/cqc5d3JLEYsFNGHPZbdMsoftCS+xWJVGQWObzs8iLabOTuNLmMHnffZUXcTfzSIriphoGejFy6Q9B9HI7WyWpzZLDD/fjb/4RVccUpo+ti8mnLP6owl4/IEkv2db5Lg8yxZgd0bCh+t61PbheRgv3a5vrAgMBAAGjMjAwMB0GA1UdDgQWBBQz9hwirkKpHBfj+59FVOjJgNy05DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQBJXhJGeFKO0O7/1NF2Qzke7rx8Qif9n58/QLGfaVuGqKqVS0PQzVHOJPgiggWcGHaUBKmpKSzffOMGKlRcHAJUegd8j6amZeorYAliD0BpwXu2HsxEWKq/nzEF37pFEL/VTFjPSeYNtgEDgIjRZOHq9sNjr5bnjjZ9Ze4x2GrpSKi69bw+px9/V9XcSMZySRN65Ky7N2m+/SQdt5LLVm+2dsBLuPt/oCawYo3Ja82cKk9frrUPJUASl5Betxmh3WkVf5gvCvNKwY+KWCRDNGIA2rNr1B1RlthRcxIrBrUs8zF7BoliT7A/goaIyVHoiDlthCYKBRFwq7OEvWkh80rrszDFVKcubutcTDdngwYAXYBPQH2JY5RmK9f4efHyuXy3oP5/OfNVmb4j56QXa6fKr3xT+IFApKPrmwLbeKS5dunuW1ULqv7Ph7LGgVJxpZhT16GEtBrONczZDWfSMesvrVUQL42QVNrNLObQNJZtBT0dhXBXI+ErqV7ECcozjL6uaQfDkri8z8cs2l22xK9XEQIbYPEQESaXkyQl5i9IocwuykP9emdj8qERLYTffImvgVCY7XXztrgS+vLTkV12IEYS9qDMs/AtbYwsD3wbiIaIcguymj/Tleus05CcMKhOSCI01QmWaBk5qs4lyOMdc1uFVu9LHmrtfwvBAPTpug== |
| ServerSignature | ikOJlxrFeAIyTomNKY5+DjOkBaSBBmAc4KVQw0Pqed3O6y4pYQtWwp7BpCqJ1GOxLlH9NirKHqRwGIBVbK0yz8DsS+06Lvr7nrxYz8ALJpSbPTHxIwkZTt97dPKONy0dfUwQknZpYp858YQGzYP8DHqia3zNr0baJTf1Y7FYp2GTP4enZMwpHNQcD2N9lxxrqOafY289v3BbV8YgM6A9uFVb2AGnwMorGVoPZOKZyTtDfRvMUcfcWFzdGpmCm/L5n8Kyt1CVUteus0Z1F3YhJlggXkfr0vscaHZl561BaAe7+SP8+cO5q3QjG/v8tz+8aDEgsHiSqfRq6IyxxTcxdwx27i2HhU4ziM9k6QycY3v94my9YUXg3pPmPwms+kX52YFVeSuJSSYapKXozh0zVFQwQDo1xJfhxQ4bX3/UOYDCaFTVj2dTN8MUwhKRjcFVDqdSFh9KM/vq56iEUgJU9kVr3G0lYHbQJCvXzymtY/IRKcLXGacQSnv4HobLXT9zF6p6pGCtV9hw+DK7rNOChxpfc/TlGbcn7IIx4h/bZWhubkyZyffJXwFVfUi+GXrXITBd4myU+RBIwNEtBzSElzjjmCDlGyz7lfRCpDqnKlYpecDa7fq/m7qaF9n0+oi7GWnISheKAxfyKnR/EQJldM7spGon343Fwx4DiY2DmW0= |
| Install | false |
| BDOS | false |
| Anti-VM | false |
| Install-Folder | %AppData% |
| Hosts | backdoor-access.gwos.com,alpha-login.gwos.com,beta-api.gwos.com,cdn-cache.gwos.com,media-edge.gwos.com,auth-gateway.gwos.com,www.gwos.com,gwos.com,static-files.gwos.com,img-delivery.gwos.com,video-stream.gwos.com,docs-portal.gwos.com,status-board.gwos.com,dev-console.gwos.com,telemetry-hub.gwos.com,push-service.gwos.com,token-refresh.gwos.com,packet-watch.gwos.com,mirror-sync.gwos.com,watchtower-ui.gwos.com,collector-backup.gwos.com,node-02.gwos.com,dns-helper.gwos.com |
| Ports | 443,6606,7707,8000,8080,8808,49152,50001,54321,57001,59999,60123,61000,62000,65000,65001,65002,65533,65534,65535 |
| Mutex | t3G5mw659Dxg |
| Version | 0.5.8 |
| Delay | 3 |
| Group | Default |
|
Name0 | Value | Location |
|---|---|---|
| Key (AES_256) | SkpvUk9XaWx0a0xXV21IUWFJOEF5aVVPdmpPOEhlTms= Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| CnC | backdoor-access.gwos.com Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| CnC | alpha-login.gwos.com Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| CnC | beta-api.gwos.com Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| CnC | cdn-cache.gwos.com Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| CnC | media-edge.gwos.com Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| CnC | auth-gateway.gwos.com Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| CnC | www.gwos.com Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| CnC | gwos.com Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| CnC | static-files.gwos.com Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| CnC | img-delivery.gwos.com Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| CnC | video-stream.gwos.com Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| CnC | docs-portal.gwos.com Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| CnC | status-board.gwos.com Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| CnC | dev-console.gwos.com Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| CnC | telemetry-hub.gwos.com Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| CnC | push-service.gwos.com Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| CnC | token-refresh.gwos.com Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| CnC | packet-watch.gwos.com Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| CnC | mirror-sync.gwos.com Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| CnC | watchtower-ui.gwos.com Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| CnC | collector-backup.gwos.com Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| CnC | node-02.gwos.com Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| CnC | dns-helper.gwos.com Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| Ports | 443 Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| Ports | 6606 Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| Ports | 7707 Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| Ports | 8000 Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| Ports | 8080 Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| Ports | 8808 Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| Ports | 49152 Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| Ports | 50001 Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| Ports | 54321 Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| Ports | 57001 Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| Ports | 59999 Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| Ports | 60123 Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| Ports | 61000 Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| Ports | 62000 Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| Ports | 65000 Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| Ports | 65001 Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| Ports | 65002 Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| Ports | 65533 Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| Ports | 65534 Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| Ports | 65535 Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |
| Mutex | t3G5mw659Dxg Malicious |
e4f18ad115440f9f42bb9fee65f6fac0 |