Windows
Analysis Report
RFQ.doc
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
- WINWORD.EXE (PID: 3160 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\WINWOR D.EXE" /Au tomation - Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5) - EQNEDT32.EXE (PID: 3240 cmdline:
"C:\Progra m Files\Co mmon Files \Microsoft Shared\EQ UATION\EQN EDT32.EXE" -Embeddin g MD5: A87236E214F6D42A65F5DEDAC816AEC8) - prfilendo93022.scr (PID: 3396 cmdline:
"C:\Users\ user\AppDa ta\Roaming \prfilendo 93022.scr" MD5: 8565C49EC078E51E47691D0BA734E36F) - prfilendo93022.scr (PID: 3428 cmdline:
"C:\Users\ user\AppDa ta\Roaming \prfilendo 93022.scr" MD5: 8565C49EC078E51E47691D0BA734E36F) - EQNEDT32.EXE (PID: 3668 cmdline:
"C:\Progra m Files\Co mmon Files \Microsoft Shared\EQ UATION\EQN EDT32.EXE" -Embeddin g MD5: A87236E214F6D42A65F5DEDAC816AEC8)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Agent Tesla, AgentTesla | A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel. |
{"Exfil Mode": "SMTP", "Host": "smtp.yandex.com", "Username": "viorel5000@yandex.ru", "Password": "floxafzwjqjhrmmh"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
INDICATOR_RTF_MalVer_Objects | Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
MALWARE_Win_DLInjector02 | Detects downloader injector | ditekSHen |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
Click to see the 6 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
MALWARE_Win_DLInjector02 | Detects downloader injector | ditekSHen |
| |
MALWARE_Win_DLInjector02 | Detects downloader injector | ditekSHen |
| |
MALWARE_Win_DLInjector02 | Detects downloader injector | ditekSHen |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
Click to see the 18 entries |
System Summary |
---|
Source: | Author: Max Altgelt (Nextron Systems): |
Source: | Author: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: |
Source: | Author: Christopher Peacock @securepeacock, SCYTHE @scythe_io: |
Source: | Author: Brandon George (blog post), Thomas Patzke: |
Source: | Author: frack113: |
Source: | Author: frack113: |
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Avira: | ||
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Exploits |
---|
Source: | Network connect: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Binary string: |
Software Vulnerabilities |
---|
Source: | Process created: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | File created: | Jump to behavior |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | .Net Code: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Screenshot OCR: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 5_2_00203BB2 | |
Source: | Code function: | 6_2_00293908 | |
Source: | Code function: | 6_2_0029F398 | |
Source: | Code function: | 6_2_00298C18 | |
Source: | Code function: | 6_2_00294520 | |
Source: | Code function: | 6_2_0029BFC8 | |
Source: | Code function: | 6_2_00293C45 | |
Source: | Code function: | 6_2_00293C50 | |
Source: | Code function: | 6_2_004B6540 | |
Source: | Code function: | 6_2_004B2120 | |
Source: | Code function: | 6_2_004BB628 | |
Source: | Code function: | 6_2_004B1A38 | |
Source: | Code function: | 6_2_002992FF |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | LNK file: |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Binary string: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Static PE information: |
Source: | Code function: | 2_2_008F669F | |
Source: | Code function: | 2_2_008F75A7 | |
Source: | Code function: | 2_2_008F64BB | |
Source: | Code function: | 2_2_008F66A7 | |
Source: | Code function: | 2_2_008E4948 | |
Source: | Code function: | 2_2_008F75C7 | |
Source: | Code function: | 2_2_008DF7C2 | |
Source: | Code function: | 2_2_008EC2B1 | |
Source: | Code function: | 2_2_008F75F7 | |
Source: | Code function: | 2_2_008F56DF | |
Source: | Code function: | 2_2_008DFFE0 | |
Source: | Code function: | 2_2_008E64E4 | |
Source: | Code function: | 2_2_008E64F0 | |
Source: | Code function: | 2_2_008F7607 | |
Source: | Code function: | 2_2_008E01F5 | |
Source: | Code function: | 2_2_008E0008 | |
Source: | Code function: | 2_2_008F7627 | |
Source: | Code function: | 2_2_008F7637 | |
Source: | Code function: | 2_2_008F573F | |
Source: | Code function: | 2_2_008F7547 | |
Source: | Code function: | 2_2_008F513B | |
Source: | Code function: | 2_2_008F5747 | |
Source: | Code function: | 2_2_008F7647 | |
Source: | Code function: | 2_2_008F665F | |
Source: | Code function: | 2_2_008EC2B1 | |
Source: | Code function: | 2_2_008F736B | |
Source: | Code function: | 2_2_008E8F61 | |
Source: | Code function: | 2_2_008F6697 | |
Source: | Code function: | 2_2_008F647B |
Source: | Static PE information: | ||
Source: | Static PE information: |
Persistence and Installation Behavior |
---|
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Key value created or modified: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 121 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 11 Disable or Modify Tools | 1 OS Credential Dumping | 1 File and Directory Discovery | Remote Services | 11 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 111 Process Injection | 1 Deobfuscate/Decode Files or Information | 1 Input Capture | 24 System Information Discovery | Remote Desktop Protocol | 1 Data from Local System | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 33 Exploitation for Client Execution | Logon Script (Windows) | Logon Script (Windows) | 21 Obfuscated Files or Information | 1 Credentials in Registry | 11 Security Software Discovery | SMB/Windows Admin Shares | 1 Email Collection | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Install Root Certificate | NTDS | 1 Process Discovery | Distributed Component Object Model | 1 Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 12 Software Packing | LSA Secrets | 141 Virtualization/Sandbox Evasion | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Timestomp | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | 1 Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 11 Masquerading | Proc Filesystem | 1 System Network Configuration Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 1 Modify Registry | /etc/passwd and /etc/shadow | Network Sniffing | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | 141 Virtualization/Sandbox Evasion | Network Sniffing | Network Service Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
Network Security Appliances | Domains | Compromise Software Dependencies and Development Tools | AppleScript | Launchd | Launchd | 111 Process Injection | Input Capture | System Network Connections Discovery | Software Deployment Tools | Remote Data Staging | Mail Protocols | Exfiltration Over Unencrypted Non-C2 Protocol | Firmware Corruption |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
19% | ReversingLabs | Document-RTF.Exploit.CVE-2017-11882 | ||
25% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1363043 | ||
100% | Avira | HEUR/AGEN.1363043 | ||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
23% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
22% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
universalmovies.top | 172.67.162.95 | true | true |
| unknown |
smtp.yandex.ru | 77.88.21.158 | true | false | high | |
api.ipify.org | 172.67.74.152 | true | false | high | |
smtp.yandex.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.67.162.95 | universalmovies.top | United States | 13335 | CLOUDFLARENETUS | true | |
172.67.74.152 | api.ipify.org | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1417031 |
Start date and time: | 2024-03-28 14:33:36 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 9s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | RFQ.doc |
Detection: | MAL |
Classification: | mal100.troj.spyw.expl.evad.winDOC@7/9@7/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, svchost.exe
- Execution Graph export aborted for target EQNEDT32.EXE, PID 3240 because there are no executed function
- Execution Graph export aborted for target prfilendo93022.scr, PID 3428 because it is empty
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
14:34:21 | API Interceptor | |
14:34:24 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
172.67.162.95 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | AgentTesla | Browse | |||
172.67.74.152 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
universalmovies.top | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Nanocore, PureLog Stealer | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
smtp.yandex.ru | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
api.ipify.org | Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| |
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, DBatLoader, PureLog Stealer, RedLine, zgRAT | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
7dcce5b76c8b17472d024758970a406b | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
36f7277af969a6947a61ae0b815907a1 | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\prfilezx[1].scr
Download File
Process: | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 480768 |
Entropy (8bit): | 7.920016769273523 |
Encrypted: | false |
SSDEEP: | 12288:cH+wj33V5L9cPosHd+BU/zNGOmCQS8CJ:c3Ll5hcPdHd+BU/VZ |
MD5: | 8565C49EC078E51E47691D0BA734E36F |
SHA1: | 19C0C4B95ADA01DD79EBA43F5EC907B4D03B7F9F |
SHA-256: | BA6F752D75394B0432685DFC7DBCADC980686CD694B693358F965C591D0E786E |
SHA-512: | 056D668BD51210F6029938210C1158C12BB203A75D0DD1E0BE89BDAFED68349065DFA45079983512F149A92E2346A09907CE9C3235DF9B41F64DCE18FC582DFC |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{E1A524AE-36AC-498D-8120-2A7780773801}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 16384 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | CE338FE6899778AACFC28414F2D9498B |
SHA1: | 897256B6709E1A4DA9DABA92B6BDE39CCFCCD8C1 |
SHA-256: | 4FE7B59AF6DE3B665B67788CC2F99892AB827EFAE3A467342B3BB4E3BC8E5BFE |
SHA-512: | 6EB7F16CF7AFCABE9BDEA88BDAB0469A7937EB715ADA9DFD8F428D9D38D86133945F5F2F2688DDD96062223A39B5D47F07AFC3C48D9DB1D5EE3F41C8D274DCCF |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4AC435D8-F271-426A-93AD-80DB0552C9E7}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 61440 |
Entropy (8bit): | 3.6303251323630588 |
Encrypted: | false |
SSDEEP: | 768:tgI2Q5Q6IQXwvW5Kq2g05gI2Q5Q6IQXwvW5Kq2g05gI2Q5Q6IQXwvW5Kq2g0sBzR:2SyemuSyemuSyemwBgNUZyoZ+g |
MD5: | BBEB562B037071D4C555F9FB4CE1ED95 |
SHA1: | 5EB2C4CABA5E1B83204BEA3B47FDA2484F39F083 |
SHA-256: | DD6A1D3C8DB7C94AAAE511022C75C771FD5047F224F4F8EA69089DB01163E423 |
SHA-512: | F5E4A0742061A6DD81AD2422DB03B26E02EA3F92A1FF1899F04A70D5D642F55FA05C591A267C16034BF02781278EA05FDB9AD314221AF5291F704EDB91FD7602 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D90AF106-D156-44F2-9ED5-5F91931EF9DB}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1024 |
Entropy (8bit): | 0.05390218305374581 |
Encrypted: | false |
SSDEEP: | 3:ol3lYdn:4Wn |
MD5: | 5D4D94EE7E06BBB0AF9584119797B23A |
SHA1: | DBB111419C704F116EFA8E72471DD83E86E49677 |
SHA-256: | 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1 |
SHA-512: | 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 973 |
Entropy (8bit): | 4.493875683470364 |
Encrypted: | false |
SSDEEP: | 12:8D1sZKq0gXg/XAlCPCHaXQTBdB/Dr8xX+Waaep2sONicvbsa18qDtZ3YilMMEpxd:8Dx/XTq3xOG2snehnDv3qNAk7N |
MD5: | CD60104813328F03B61317FDD6329753 |
SHA1: | FC1DD74E8CD493FBC867C883C0C104A86C2919D9 |
SHA-256: | FBDD0C3621DCE174D744B758FDF922999191BFDB81A14A38583D6CED516EE092 |
SHA-512: | 79BD72021D28A1E7962BCFFE6146B3DFF96113ED1A66B5CDCA47C0073D33D09A02BAB9681B67EAA8F5D65F824CFAA5D499589FD7E8C28517909AEB248F39219A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 40 |
Entropy (8bit): | 4.271928094887363 |
Encrypted: | false |
SSDEEP: | 3:M1Gp6YVom4+p6YVov:M9YVCYVy |
MD5: | E97326D5B692FB93040969C4695744E4 |
SHA1: | FF775E97E4446268E407F8EA62042AEBC4B5BB2C |
SHA-256: | AA7DDEC9422FC8D599519EEBA4A6F2F4AC4B6A70F92242C6D98FAA9966B4F9B4 |
SHA-512: | 09044B1CFB946EE6B9266C9A54AEB9469316F7CC7F454DB42200A9A1FD55D7204E848B3BA457B657DAB73167C849A3E3CFEE622021672E70770AF7A61A40C951 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.4797606462020307 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyHlqlzl0pbklMWjV4lc+/dllln:vdsCkWtWYlz21kF2JV/l |
MD5: | 2CF7D3B8DED3F1D5CE1AC92F3E51D4ED |
SHA1: | 95E13378EA9CACA068B2687F01E9EF13F56627C2 |
SHA-256: | 60DF94CDE4FD9B4A73BB13775079D75CE954B75DED5A2878277FA64AD767CAB1 |
SHA-512: | 2D5797FBBE44766D93A5DE3D92911358C70D8BE60D5DF542ECEDB77D1195DC1EEF85E4CA1445595BE81550335A20AB3F11B512385FE20F75B1E269D6AB048E0A |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 480768 |
Entropy (8bit): | 7.920016769273523 |
Encrypted: | false |
SSDEEP: | 12288:cH+wj33V5L9cPosHd+BU/zNGOmCQS8CJ:c3Ll5hcPdHd+BU/VZ |
MD5: | 8565C49EC078E51E47691D0BA734E36F |
SHA1: | 19C0C4B95ADA01DD79EBA43F5EC907B4D03B7F9F |
SHA-256: | BA6F752D75394B0432685DFC7DBCADC980686CD694B693358F965C591D0E786E |
SHA-512: | 056D668BD51210F6029938210C1158C12BB203A75D0DD1E0BE89BDAFED68349065DFA45079983512F149A92E2346A09907CE9C3235DF9B41F64DCE18FC582DFC |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.4797606462020307 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyHlqlzl0pbklMWjV4lc+/dllln:vdsCkWtWYlz21kF2JV/l |
MD5: | 2CF7D3B8DED3F1D5CE1AC92F3E51D4ED |
SHA1: | 95E13378EA9CACA068B2687F01E9EF13F56627C2 |
SHA-256: | 60DF94CDE4FD9B4A73BB13775079D75CE954B75DED5A2878277FA64AD767CAB1 |
SHA-512: | 2D5797FBBE44766D93A5DE3D92911358C70D8BE60D5DF542ECEDB77D1195DC1EEF85E4CA1445595BE81550335A20AB3F11B512385FE20F75B1E269D6AB048E0A |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 4.008499448669561 |
TrID: |
|
File name: | RFQ.doc |
File size: | 97'331 bytes |
MD5: | 85e4e63dbd2c863f61a33c9e22e596dc |
SHA1: | a6ff73e08b4c77b4c00e2e15fdb5196ddb954016 |
SHA256: | 60d9b4fd251539aa37f0bd3d453f36a9a487dc8827a741f4d7f1b869b768e68c |
SHA512: | 27c906436dcb04189537e0f1de055238770cbc9c8cf0a8c07610fe8dc25756051604773cb6f887a5f8c67ca2faa9bb683ed22dc55dbe7dc96fa9b5ca706f4f23 |
SSDEEP: | 1536:mwAlRkwAlRkwAlRqWuoUqfjmM9tDFO9Mpx9XDk:mwAlawAlawAl5uo/fjH9tDFO9erzk |
TLSH: | 8E93382DD34B02598F620376AB1B1E5142BDBB7EF39552B1305C437933EAC39A1252BE |
File Content Preview: | {\rtf1..{\*\qfAhEd7XrbtSjNf9ou6027zvjvEW7P3VBSOGkRhrlGn3we9nYZInW9XRgXuxVHNkllI6j340RqDNIjQKsm7y3F6A}..{\136659558please click Enable editing from the yellow bar above.The independent auditors. opinion says the financial statements are fairly stated in ac |
Icon Hash: | 2764a3aaaeb7bdbf |
Id | Start | Format ID | Format | Classname | Datasize | Filename | Sourcepath | Temppath | Exploit |
---|---|---|---|---|---|---|---|---|---|
0 | 0000775Ah | no |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 28, 2024 14:34:24.005995989 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.006033897 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.006087065 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.015124083 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.015139103 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.223028898 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.223097086 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.228234053 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.228250027 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.228518963 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.228566885 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.298425913 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.344243050 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.685889959 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.685960054 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.685985088 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.686002970 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.686031103 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.686053991 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.686053991 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.686067104 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.686070919 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.686099052 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.686108112 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.686125040 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.686145067 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.686157942 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.686208963 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.686250925 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.686263084 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.686321974 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.686501980 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.686501980 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.686510086 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.686548948 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.686719894 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.686764956 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.691328049 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.793188095 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.793287039 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.793395042 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.793416977 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.793457031 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.793462992 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.793497086 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.793499947 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.793514013 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.793535948 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.793555021 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.793904066 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.793999910 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.794048071 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.794054985 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.794087887 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.794091940 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.794097900 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.794126034 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.794131041 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.794836998 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.794868946 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.794898033 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.794904947 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.794917107 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.794951916 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.794982910 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.794991016 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.795020103 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.795026064 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.795057058 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.795718908 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.795783043 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.795789957 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.795825005 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.901274920 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.901348114 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.901355028 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.901370049 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.901396990 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.901424885 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.901465893 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.901550055 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.901591063 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.901603937 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.901648998 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.901659012 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.901699066 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.901705980 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.901743889 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.902201891 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.902261019 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.902302980 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.902344942 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.902348042 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.902359009 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.902393103 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.903218985 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.903274059 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.903286934 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.903297901 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.903322935 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.904238939 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.904283047 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.904287100 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.904304028 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.904324055 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.904330969 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.904340029 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.904345989 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.904367924 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.904382944 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.905150890 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.905204058 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.905245066 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.905283928 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.906090021 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.906136990 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.906158924 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.906197071 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:24.906207085 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:24.906240940 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.011141062 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.011188984 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.011218071 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.011230946 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.011254072 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.011276007 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.011276007 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.011293888 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.011390924 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.011980057 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.012032032 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.012048960 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.012093067 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.012969971 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.013014078 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.013103008 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.013144016 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.013838053 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.013895035 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.013926983 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.013969898 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.014889956 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.014945030 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.014946938 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.014960051 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.014986038 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.015002012 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.015042067 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.015867949 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.015911102 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.015974045 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.016247034 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.016828060 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.016875029 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.016887903 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.016921997 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.017798901 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.017852068 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.017853975 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.017872095 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.017887115 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.017982006 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.018733978 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.018795013 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.018821955 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.018862009 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.019949913 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.019994020 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.020009041 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.020051003 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.020634890 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.020685911 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.020714998 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.020756960 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.020764112 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.020775080 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.020802975 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.021951914 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.021995068 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.022005081 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.022020102 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.022034883 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.022047043 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.121382952 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.121443033 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.121474028 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.121519089 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.122472048 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.122526884 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.124351025 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.124397039 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.124412060 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.124439001 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.124463081 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.124480963 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.124485970 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.124517918 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.126262903 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.126318932 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.126318932 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.126332998 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.126357079 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.126379967 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.127295971 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.127341032 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.127367973 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.127376080 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.127387047 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.127654076 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.129240990 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.129281998 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.129314899 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.129322052 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.129333019 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.129364014 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.131167889 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.131212950 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.131253958 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.131262064 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.131288052 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.131294012 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.133279085 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.133330107 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.133332014 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.133347034 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.133380890 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.133408070 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.135312080 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.135371923 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.135387897 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.135396957 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.135417938 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.135437965 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.135554075 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.136667013 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.136718035 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.136732101 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.136739969 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.136760950 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.136780977 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.136888027 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.138346910 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.138398886 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.138407946 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.138415098 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.138451099 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.138501883 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.139282942 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.139338970 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.141383886 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.141436100 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.141442060 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.141449928 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.141483068 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.141519070 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.143357038 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.143384933 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.143410921 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.143418074 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.143428087 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.143446922 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.143572092 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.144294024 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.144330025 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.144347906 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.144351959 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.144368887 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.145782948 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.145782948 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.232949018 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.232994080 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.233026028 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.233052015 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.233066082 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.233087063 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.233197927 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.234699011 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.234745979 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.234765053 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.234771013 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.234786987 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.234805107 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.234836102 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.236625910 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.236663103 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.236682892 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.236690998 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.236704111 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.236721992 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.236787081 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.238512993 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.238544941 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.238574028 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.238579988 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.238591909 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.238605022 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.238610983 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:25.238640070 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.238658905 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.238982916 CET | 49163 | 443 | 192.168.2.22 | 172.67.162.95 |
Mar 28, 2024 14:34:25.238997936 CET | 443 | 49163 | 172.67.162.95 | 192.168.2.22 |
Mar 28, 2024 14:34:26.637100935 CET | 49164 | 443 | 192.168.2.22 | 172.67.74.152 |
Mar 28, 2024 14:34:26.637145996 CET | 443 | 49164 | 172.67.74.152 | 192.168.2.22 |
Mar 28, 2024 14:34:26.637208939 CET | 49164 | 443 | 192.168.2.22 | 172.67.74.152 |
Mar 28, 2024 14:34:26.690099955 CET | 49164 | 443 | 192.168.2.22 | 172.67.74.152 |
Mar 28, 2024 14:34:26.690129995 CET | 443 | 49164 | 172.67.74.152 | 192.168.2.22 |
Mar 28, 2024 14:34:26.892735958 CET | 443 | 49164 | 172.67.74.152 | 192.168.2.22 |
Mar 28, 2024 14:34:26.893002987 CET | 49164 | 443 | 192.168.2.22 | 172.67.74.152 |
Mar 28, 2024 14:34:26.904280901 CET | 49164 | 443 | 192.168.2.22 | 172.67.74.152 |
Mar 28, 2024 14:34:26.904290915 CET | 443 | 49164 | 172.67.74.152 | 192.168.2.22 |
Mar 28, 2024 14:34:26.904611111 CET | 443 | 49164 | 172.67.74.152 | 192.168.2.22 |
Mar 28, 2024 14:34:27.008650064 CET | 49164 | 443 | 192.168.2.22 | 172.67.74.152 |
Mar 28, 2024 14:34:27.052236080 CET | 443 | 49164 | 172.67.74.152 | 192.168.2.22 |
Mar 28, 2024 14:34:27.201674938 CET | 443 | 49164 | 172.67.74.152 | 192.168.2.22 |
Mar 28, 2024 14:34:27.201745987 CET | 443 | 49164 | 172.67.74.152 | 192.168.2.22 |
Mar 28, 2024 14:34:27.201791048 CET | 49164 | 443 | 192.168.2.22 | 172.67.74.152 |
Mar 28, 2024 14:34:27.205496073 CET | 49164 | 443 | 192.168.2.22 | 172.67.74.152 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 28, 2024 14:34:23.874147892 CET | 54562 | 53 | 192.168.2.22 | 8.8.8.8 |
Mar 28, 2024 14:34:23.993099928 CET | 53 | 54562 | 8.8.8.8 | 192.168.2.22 |
Mar 28, 2024 14:34:26.352861881 CET | 52917 | 53 | 192.168.2.22 | 8.8.8.8 |
Mar 28, 2024 14:34:26.461355925 CET | 53 | 52917 | 8.8.8.8 | 192.168.2.22 |
Mar 28, 2024 14:34:28.374340057 CET | 62751 | 53 | 192.168.2.22 | 8.8.8.8 |
Mar 28, 2024 14:34:28.480721951 CET | 53 | 62751 | 8.8.8.8 | 192.168.2.22 |
Mar 28, 2024 14:34:28.480982065 CET | 62751 | 53 | 192.168.2.22 | 8.8.8.8 |
Mar 28, 2024 14:34:28.586987019 CET | 53 | 62751 | 8.8.8.8 | 192.168.2.22 |
Mar 28, 2024 14:34:28.587219000 CET | 62751 | 53 | 192.168.2.22 | 8.8.8.8 |
Mar 28, 2024 14:34:28.693026066 CET | 53 | 62751 | 8.8.8.8 | 192.168.2.22 |
Mar 28, 2024 14:34:28.693944931 CET | 62751 | 53 | 192.168.2.22 | 8.8.8.8 |
Mar 28, 2024 14:34:29.046539068 CET | 53 | 62751 | 8.8.8.8 | 192.168.2.22 |
Mar 28, 2024 14:34:29.046801090 CET | 62751 | 53 | 192.168.2.22 | 8.8.8.8 |
Mar 28, 2024 14:34:29.152429104 CET | 53 | 62751 | 8.8.8.8 | 192.168.2.22 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 28, 2024 14:34:23.874147892 CET | 192.168.2.22 | 8.8.8.8 | 0xd599 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 28, 2024 14:34:26.352861881 CET | 192.168.2.22 | 8.8.8.8 | 0xf040 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 28, 2024 14:34:28.374340057 CET | 192.168.2.22 | 8.8.8.8 | 0xc48 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 28, 2024 14:34:28.480982065 CET | 192.168.2.22 | 8.8.8.8 | 0xc48 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 28, 2024 14:34:28.587219000 CET | 192.168.2.22 | 8.8.8.8 | 0xc48 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 28, 2024 14:34:28.693944931 CET | 192.168.2.22 | 8.8.8.8 | 0xc48 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 28, 2024 14:34:29.046801090 CET | 192.168.2.22 | 8.8.8.8 | 0xc48 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 28, 2024 14:34:23.993099928 CET | 8.8.8.8 | 192.168.2.22 | 0xd599 | No error (0) | 172.67.162.95 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 14:34:23.993099928 CET | 8.8.8.8 | 192.168.2.22 | 0xd599 | No error (0) | 104.21.74.191 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 14:34:26.461355925 CET | 8.8.8.8 | 192.168.2.22 | 0xf040 | No error (0) | 172.67.74.152 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 14:34:26.461355925 CET | 8.8.8.8 | 192.168.2.22 | 0xf040 | No error (0) | 104.26.13.205 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 14:34:26.461355925 CET | 8.8.8.8 | 192.168.2.22 | 0xf040 | No error (0) | 104.26.12.205 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 14:34:28.480721951 CET | 8.8.8.8 | 192.168.2.22 | 0xc48 | No error (0) | smtp.yandex.ru | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 28, 2024 14:34:28.480721951 CET | 8.8.8.8 | 192.168.2.22 | 0xc48 | No error (0) | 77.88.21.158 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 14:34:28.586987019 CET | 8.8.8.8 | 192.168.2.22 | 0xc48 | No error (0) | smtp.yandex.ru | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 28, 2024 14:34:28.586987019 CET | 8.8.8.8 | 192.168.2.22 | 0xc48 | No error (0) | 77.88.21.158 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 14:34:28.693026066 CET | 8.8.8.8 | 192.168.2.22 | 0xc48 | No error (0) | smtp.yandex.ru | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 28, 2024 14:34:28.693026066 CET | 8.8.8.8 | 192.168.2.22 | 0xc48 | No error (0) | 77.88.21.158 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 14:34:29.046539068 CET | 8.8.8.8 | 192.168.2.22 | 0xc48 | No error (0) | smtp.yandex.ru | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 28, 2024 14:34:29.046539068 CET | 8.8.8.8 | 192.168.2.22 | 0xc48 | No error (0) | 77.88.21.158 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 14:34:29.152429104 CET | 8.8.8.8 | 192.168.2.22 | 0xc48 | No error (0) | smtp.yandex.ru | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 28, 2024 14:34:29.152429104 CET | 8.8.8.8 | 192.168.2.22 | 0xc48 | No error (0) | 77.88.21.158 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.22 | 49163 | 172.67.162.95 | 443 | 3240 | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-28 13:34:24 UTC | 318 | OUT | |
2024-03-28 13:34:24 UTC | 777 | IN | |
2024-03-28 13:34:24 UTC | 592 | IN | |
2024-03-28 13:34:24 UTC | 1369 | IN | |
2024-03-28 13:34:24 UTC | 1369 | IN | |
2024-03-28 13:34:24 UTC | 1369 | IN | |
2024-03-28 13:34:24 UTC | 1369 | IN | |
2024-03-28 13:34:24 UTC | 1369 | IN | |
2024-03-28 13:34:24 UTC | 1369 | IN | |
2024-03-28 13:34:24 UTC | 1369 | IN | |
2024-03-28 13:34:24 UTC | 1369 | IN | |
2024-03-28 13:34:24 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.22 | 49164 | 172.67.74.152 | 443 | 3428 | C:\Users\user\AppData\Roaming\prfilendo93022.scr |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-28 13:34:27 UTC | 155 | OUT | |
2024-03-28 13:34:27 UTC | 211 | IN | |
2024-03-28 13:34:27 UTC | 13 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 14:34:20 |
Start date: | 28/03/2024 |
Path: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f190000 |
File size: | 1'423'704 bytes |
MD5 hash: | 9EE74859D22DAE61F1750B3A1BACB6F5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 2 |
Start time: | 14:34:21 |
Start date: | 28/03/2024 |
Path: | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 543'304 bytes |
MD5 hash: | A87236E214F6D42A65F5DEDAC816AEC8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 14:34:24 |
Start date: | 28/03/2024 |
Path: | C:\Users\user\AppData\Roaming\prfilendo93022.scr |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xc0000 |
File size: | 480'768 bytes |
MD5 hash: | 8565C49EC078E51E47691D0BA734E36F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 6 |
Start time: | 14:34:24 |
Start date: | 28/03/2024 |
Path: | C:\Users\user\AppData\Roaming\prfilendo93022.scr |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xc0000 |
File size: | 480'768 bytes |
MD5 hash: | 8565C49EC078E51E47691D0BA734E36F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Target ID: | 7 |
Start time: | 14:34:43 |
Start date: | 28/03/2024 |
Path: | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 543'304 bytes |
MD5 hash: | A87236E214F6D42A65F5DEDAC816AEC8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Execution Graph
Execution Coverage: | 20.8% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 33.3% |
Total number of Nodes: | 39 |
Total number of Limit Nodes: | 1 |
Graph
Function 00203BB2 Relevance: 1.9, Strings: 1, Instructions: 622COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002038E8 Relevance: 1.6, APIs: 1, Instructions: 110memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002038F0 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00203670 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00203A08 Relevance: 1.6, APIs: 1, Instructions: 77threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00203A10 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00204F20 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00204F28 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000BD4CC Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000BD4C7 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00298C18 Relevance: 3.1, Instructions: 3127COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0029BFC8 Relevance: 2.3, Instructions: 2312COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002992FF Relevance: 1.9, Instructions: 1925COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0029F398 Relevance: 1.8, Strings: 1, Instructions: 545COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B2120 Relevance: 1.7, Strings: 1, Instructions: 476COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B6540 Relevance: .6, Instructions: 643COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00294520 Relevance: .3, Instructions: 266COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00293908 Relevance: .2, Instructions: 238COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004BAC28 Relevance: 6.6, Strings: 5, Instructions: 394COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002965B0 Relevance: 4.3, Strings: 3, Instructions: 577COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004BCA80 Relevance: 2.9, Strings: 2, Instructions: 395COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B9B48 Relevance: 2.6, Strings: 2, Instructions: 94COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B1430 Relevance: 1.7, Strings: 1, Instructions: 405COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B1429 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0029E50D Relevance: 1.4, Strings: 1, Instructions: 112COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B7310 Relevance: .8, Instructions: 797COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B0DB8 Relevance: .5, Instructions: 492COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B5A10 Relevance: .5, Instructions: 469COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004BA087 Relevance: .3, Instructions: 333COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00298048 Relevance: .3, Instructions: 332COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B55EF Relevance: .3, Instructions: 302COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004BA840 Relevance: .3, Instructions: 287COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00294514 Relevance: .3, Instructions: 261COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00295090 Relevance: .3, Instructions: 258COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002938FC Relevance: .2, Instructions: 237COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B3500 Relevance: .2, Instructions: 231COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00298978 Relevance: .2, Instructions: 216COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004BA4E8 Relevance: .2, Instructions: 209COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B8EF0 Relevance: .2, Instructions: 201COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B9DB9 Relevance: .2, Instructions: 198COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B9DC8 Relevance: .2, Instructions: 193COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004BC279 Relevance: .2, Instructions: 173COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004BC5C7 Relevance: .2, Instructions: 169COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004BC5D8 Relevance: .2, Instructions: 163COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002983B0 Relevance: .1, Instructions: 143COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004BBEA8 Relevance: .1, Instructions: 138COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00295080 Relevance: .1, Instructions: 136COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B7E86 Relevance: .1, Instructions: 125COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004BC0A6 Relevance: .1, Instructions: 121COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00291375 Relevance: .1, Instructions: 110COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0029E3D0 Relevance: .1, Instructions: 99COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00295C30 Relevance: .1, Instructions: 99COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0029E3E0 Relevance: .1, Instructions: 91COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00292170 Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0029FDD8 Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0029FDE8 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00297F30 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002983A8 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0020D030 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00297E30 Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00294E10 Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00291718 Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00291540 Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00294E20 Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B10A8 Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B19C2 Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B99FC Relevance: .1, Instructions: 67COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00290848 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00291651 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002961B8 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0029FEF8 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B01A7 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002961C4 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0029FEE8 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B915F Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B46C8 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0029896A Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0029FBB0 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002914A0 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0020D02B Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B01B8 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B9170 Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B46D8 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00296DC0 Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004BA706 Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00295D48 Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00296DD0 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B269F Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004BC4CF Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B9D68 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004BA7F8 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004BA470 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B9CE7 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004B91F8 Relevance: 5.2, Strings: 4, Instructions: 207COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |