Windows
Analysis Report
ATTHACHED SCAN-P.O SPECIFICATIONS.009.24. 001.doc
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
- WINWORD.EXE (PID: 2352 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\WINWOR D.EXE" /Au tomation - Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5) - EQNEDT32.EXE (PID: 2160 cmdline:
"C:\Progra m Files\Co mmon Files \Microsoft Shared\EQ UATION\EQN EDT32.EXE" -Embeddin g MD5: A87236E214F6D42A65F5DEDAC816AEC8) - mpoom39002.scr (PID: 3216 cmdline:
"C:\Users\ user\AppDa ta\Roaming \mpoom3900 2.scr" MD5: 37383DB5D0AAF3A258780342654AE739) - mpoom39002.scr (PID: 3248 cmdline:
"C:\Users\ user\AppDa ta\Roaming \mpoom3900 2.scr" MD5: 37383DB5D0AAF3A258780342654AE739) - EQNEDT32.EXE (PID: 3444 cmdline:
"C:\Progra m Files\Co mmon Files \Microsoft Shared\EQ UATION\EQN EDT32.EXE" -Embeddin g MD5: A87236E214F6D42A65F5DEDAC816AEC8)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
{"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot5611396317:AAGsgxx4hwlHZa8kVodTZpCQipWRFwFvBO0/sendMessage?chat_id=5237953097"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
INDICATOR_RTF_MalVer_Objects | Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
MALWARE_Win_DLInjector02 | Detects downloader injector | ditekSHen |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown |
| |
Click to see the 18 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
MALWARE_Win_DLInjector02 | Detects downloader injector | ditekSHen |
| |
MALWARE_Win_DLInjector02 | Detects downloader injector | ditekSHen |
| |
MALWARE_Win_DLInjector02 | Detects downloader injector | ditekSHen |
| |
MALWARE_Win_DLInjector02 | Detects downloader injector | ditekSHen |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 39 entries |
System Summary |
---|
Source: | Author: Max Altgelt (Nextron Systems): |
Source: | Author: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: |
Source: | Author: Christopher Peacock @securepeacock, SCYTHE @scythe_io: |
Source: | Author: Brandon George (blog post), Thomas Patzke: |
Source: | Author: frack113: |
Source: | Author: frack113: |
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Exploits |
---|
Source: | Network connect: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: |
Source: | Binary string: |
Software Vulnerabilities |
---|
Source: | Process created: |
Source: | Code function: | 6_2_001F608D | |
Source: | Code function: | 6_2_001FF128 | |
Source: | Code function: | 6_2_001FF9D8 | |
Source: | Code function: | 6_2_001F51C1 | |
Source: | Code function: | 6_2_001F6A38 | |
Source: | Code function: | 6_2_001F72F8 | |
Source: | Code function: | 6_2_001F3B30 | |
Source: | Code function: | 6_2_001FF580 | |
Source: | Code function: | 6_2_001F65D9 | |
Source: | Code function: | 6_2_001F5630 | |
Source: | Code function: | 6_2_001F6E99 | |
Source: | Code function: | 6_2_001F5972 | |
Source: | Code function: | 6_2_001F4162 | |
Source: | Code function: | 6_2_001F4342 | |
Source: | Code function: | 6_2_001F5620 | |
Source: | Code function: | 6_2_001F47FD | |
Source: | Code function: | 6_2_003F8228 | |
Source: | Code function: | 6_2_003F4A18 | |
Source: | Code function: | 6_2_003F3008 | |
Source: | Code function: | 6_2_003F9808 | |
Source: | Code function: | 6_2_003F3460 | |
Source: | Code function: | 6_2_003F9C60 | |
Source: | Code function: | 6_2_003F1A50 | |
Source: | Code function: | 6_2_003F0040 | |
Source: | Code function: | 6_2_003FB240 | |
Source: | Code function: | 6_2_003F38B8 | |
Source: | Code function: | 6_2_003F1EA8 | |
Source: | Code function: | 6_2_003F86A8 | |
Source: | Code function: | 6_2_003F0498 | |
Source: | Code function: | 6_2_003FB698 | |
Source: | Code function: | 6_2_003F08F0 | |
Source: | Code function: | 6_2_003FBAF0 | |
Source: | Code function: | 6_2_003FA0E0 | |
Source: | Code function: | 6_2_003FA538 | |
Source: | Code function: | 6_2_003F3D10 | |
Source: | Code function: | 6_2_003F2300 | |
Source: | Code function: | 6_2_003F8B00 | |
Source: | Code function: | 6_2_003F4168 | |
Source: | Code function: | 6_2_003F2758 | |
Source: | Code function: | 6_2_003F8F58 | |
Source: | Code function: | 6_2_003F0D48 | |
Source: | Code function: | 6_2_003FBF48 | |
Source: | Code function: | 6_2_003F2BB0 | |
Source: | Code function: | 6_2_003F93B0 | |
Source: | Code function: | 6_2_003F11A0 | |
Source: | Code function: | 6_2_003FA990 | |
Source: | Code function: | 6_2_003F15F8 | |
Source: | Code function: | 6_2_003FADE8 | |
Source: | Code function: | 6_2_003F45C0 | |
Source: | Code function: | 6_2_003F6458 | |
Source: | Code function: | 6_2_003F644A | |
Source: | Code function: | 6_2_003F676E |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Networking |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | File created: | Jump to behavior |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Screenshot OCR: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 2_2_0033B860 | |
Source: | Code function: | 2_2_0033C0C6 | |
Source: | Code function: | 2_2_003414C8 | |
Source: | Code function: | 2_2_0034150D | |
Source: | Code function: | 2_2_0033C1E4 | |
Source: | Code function: | 5_2_001E3D30 | |
Source: | Code function: | 6_2_001F608D | |
Source: | Code function: | 6_2_001FF128 | |
Source: | Code function: | 6_2_001FF9D8 | |
Source: | Code function: | 6_2_001F51C1 | |
Source: | Code function: | 6_2_001F79F9 | |
Source: | Code function: | 6_2_001F6A38 | |
Source: | Code function: | 6_2_001F5AB8 | |
Source: | Code function: | 6_2_001F72F8 | |
Source: | Code function: | 6_2_001F3B30 | |
Source: | Code function: | 6_2_001FF580 | |
Source: | Code function: | 6_2_001F65D9 | |
Source: | Code function: | 6_2_001FBDD9 | |
Source: | Code function: | 6_2_001F4610 | |
Source: | Code function: | 6_2_001F6E99 | |
Source: | Code function: | 6_2_001F6101 | |
Source: | Code function: | 6_2_001FB578 | |
Source: | Code function: | 6_2_001FB568 | |
Source: | Code function: | 6_2_003FDC38 | |
Source: | Code function: | 6_2_003F8228 | |
Source: | Code function: | 6_2_003F4A18 | |
Source: | Code function: | 6_2_003F3008 | |
Source: | Code function: | 6_2_003F9808 | |
Source: | Code function: | 6_2_003F4E70 | |
Source: | Code function: | 6_2_003F3460 | |
Source: | Code function: | 6_2_003F9C60 | |
Source: | Code function: | 6_2_003F1A50 | |
Source: | Code function: | 6_2_003F0040 | |
Source: | Code function: | 6_2_003FB240 | |
Source: | Code function: | 6_2_003F38B8 | |
Source: | Code function: | 6_2_003F1EA8 | |
Source: | Code function: | 6_2_003F86A8 | |
Source: | Code function: | 6_2_003F0498 | |
Source: | Code function: | 6_2_003FB698 | |
Source: | Code function: | 6_2_003FE280 | |
Source: | Code function: | 6_2_003F08F0 | |
Source: | Code function: | 6_2_003FBAF0 | |
Source: | Code function: | 6_2_003F5CE0 | |
Source: | Code function: | 6_2_003FA0E0 | |
Source: | Code function: | 6_2_003FE8D0 | |
Source: | Code function: | 6_2_003F74C8 | |
Source: | Code function: | 6_2_003FA538 | |
Source: | Code function: | 6_2_003FEF20 | |
Source: | Code function: | 6_2_003F3D10 | |
Source: | Code function: | 6_2_003F2300 | |
Source: | Code function: | 6_2_003F8B00 | |
Source: | Code function: | 6_2_003FF570 | |
Source: | Code function: | 6_2_003F4168 | |
Source: | Code function: | 6_2_003F2758 | |
Source: | Code function: | 6_2_003F8F58 | |
Source: | Code function: | 6_2_003FC950 | |
Source: | Code function: | 6_2_003F0D48 | |
Source: | Code function: | 6_2_003FBF48 | |
Source: | Code function: | 6_2_003F2BB0 | |
Source: | Code function: | 6_2_003F93B0 | |
Source: | Code function: | 6_2_003F11A0 | |
Source: | Code function: | 6_2_003FCFA0 | |
Source: | Code function: | 6_2_003FA990 | |
Source: | Code function: | 6_2_003F15F8 | |
Source: | Code function: | 6_2_003FD5F0 | |
Source: | Code function: | 6_2_003FADE8 | |
Source: | Code function: | 6_2_003F67D0 | |
Source: | Code function: | 6_2_003F45C0 | |
Source: | Code function: | 6_2_003FB230 | |
Source: | Code function: | 6_2_003FDC28 | |
Source: | Code function: | 6_2_003F8219 | |
Source: | Code function: | 6_2_003F4A09 | |
Source: | Code function: | 6_2_003F6458 | |
Source: | Code function: | 6_2_003F3451 | |
Source: | Code function: | 6_2_003F9C50 | |
Source: | Code function: | 6_2_003F644A | |
Source: | Code function: | 6_2_003F1A40 | |
Source: | Code function: | 6_2_003F38A8 | |
Source: | Code function: | 6_2_003F1E98 | |
Source: | Code function: | 6_2_003F8698 | |
Source: | Code function: | 6_2_003F048A | |
Source: | Code function: | 6_2_003FB688 | |
Source: | Code function: | 6_2_003F22F0 | |
Source: | Code function: | 6_2_003F8AF0 | |
Source: | Code function: | 6_2_003F08E0 | |
Source: | Code function: | 6_2_003F5CD2 | |
Source: | Code function: | 6_2_003FA0D1 | |
Source: | Code function: | 6_2_003F0D38 | |
Source: | Code function: | 6_2_003FA52C | |
Source: | Code function: | 6_2_003FEF11 | |
Source: | Code function: | 6_2_003F3D0C | |
Source: | Code function: | 6_2_003F4158 | |
Source: | Code function: | 6_2_003F8F4C | |
Source: | Code function: | 6_2_003F2749 | |
Source: | Code function: | 6_2_003FC940 | |
Source: | Code function: | 6_2_003F45B0 | |
Source: | Code function: | 6_2_003F2BA0 | |
Source: | Code function: | 6_2_003F93A0 | |
Source: | Code function: | 6_2_003F1192 | |
Source: | Code function: | 6_2_003FA980 | |
Source: | Code function: | 6_2_003F2FF9 | |
Source: | Code function: | 6_2_003F97F9 | |
Source: | Code function: | 6_2_003F15EA | |
Source: | Code function: | 6_2_003FADD9 | |
Source: | Code function: | 6_2_00590040 | |
Source: | Code function: | 6_2_00590688 |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | LNK file: |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Binary string: |
Source: | Static PE information: |
Source: | Code function: | 2_2_00346E37 | |
Source: | Code function: | 2_2_00346843 | |
Source: | Code function: | 2_2_0034683B | |
Source: | Code function: | 2_2_00346A27 | |
Source: | Code function: | 2_2_003491F3 | |
Source: | Code function: | 2_2_00346E2F | |
Source: | Code function: | 2_2_00333E1C | |
Source: | Code function: | 2_2_00346E27 | |
Source: | Code function: | 2_2_00346473 | |
Source: | Code function: | 2_2_0034647B | |
Source: | Code function: | 2_2_00346A67 | |
Source: | Code function: | 2_2_00346A6F | |
Source: | Code function: | 2_2_0034445F | |
Source: | Code function: | 2_2_00346A5F | |
Source: | Code function: | 2_2_003491F3 | |
Source: | Code function: | 2_2_003464BB | |
Source: | Code function: | 2_2_003464C3 | |
Source: | Code function: | 2_2_003464B3 | |
Source: | Code function: | 2_2_00348897 | |
Source: | Code function: | 2_2_00346883 | |
Source: | Code function: | 2_2_0034888F | |
Source: | Code function: | 2_2_0034688B | |
Source: | Code function: | 2_2_003491F3 | |
Source: | Code function: | 2_2_003462D7 | |
Source: | Code function: | 2_2_003462DF | |
Source: | Code function: | 2_2_003462CF | |
Source: | Code function: | 2_2_0033A349 | |
Source: | Code function: | 2_2_00345057 | |
Source: | Code function: | 2_2_00338F61 | |
Source: | Code function: | 2_2_003491F3 | |
Source: | Code function: | 2_2_003301F5 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Persistence and Installation Behavior |
---|
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior | ||
Source: | Registry value created: | Jump to behavior |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Key value created or modified: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 6_2_001F608D |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 11 Disable or Modify Tools | 2 OS Credential Dumping | 1 File and Directory Discovery | Remote Services | 11 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 33 Exploitation for Client Execution | Boot or Logon Initialization Scripts | 111 Process Injection | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 13 System Information Discovery | Remote Desktop Protocol | 2 Data from Local System | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 31 Obfuscated Files or Information | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | 1 Email Collection | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Install Root Certificate | NTDS | 31 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Software Packing | LSA Secrets | 1 Remote System Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Timestomp | Cached Domain Credentials | 1 System Network Configuration Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 11 Masquerading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 1 Modify Registry | /etc/passwd and /etc/shadow | Network Sniffing | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | 31 Virtualization/Sandbox Evasion | Network Sniffing | Network Service Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
Network Security Appliances | Domains | Compromise Software Dependencies and Development Tools | AppleScript | Launchd | Launchd | 111 Process Injection | Input Capture | System Network Connections Discovery | Software Deployment Tools | Remote Data Staging | Mail Protocols | Exfiltration Over Unencrypted Non-C2 Protocol | Firmware Corruption |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
42% | ReversingLabs | Document-RTF.Exploit.CVE-2017-11882 |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
26% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
25% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
dukeenergyltd.top | 172.67.134.136 | true | true |
| unknown |
checkip.dyndns.com | 193.122.6.168 | true | false |
| unknown |
checkip.dyndns.org | unknown | unknown | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
true | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | unknown | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
193.122.6.168 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false | |
172.67.134.136 | dukeenergyltd.top | United States | 13335 | CLOUDFLARENETUS | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1430108 |
Start date and time: | 2024-04-23 07:49:08 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 23s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | ATTHACHED SCAN-P.O SPECIFICATIONS.009.24. 001.doc |
Detection: | MAL |
Classification: | mal100.troj.spyw.expl.evad.winDOC@7/10@3/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, svchost.exe
- Execution Graph export aborted for target EQNEDT32.EXE, PID 2160 because there are no executed function
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
07:49:54 | API Interceptor | |
07:49:57 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
193.122.6.168 | Get hash | malicious | Agent Tesla, AgentTesla | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
172.67.134.136 | Get hash | malicious | AgentTesla | Browse | ||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
dukeenergyltd.top | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
checkip.dyndns.com | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Agent Tesla, AgentTesla | Browse |
| ||
Get hash | malicious | Agent Tesla, AgentTesla | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | SeclesBot, TrojanRansom | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ORACLE-BMC-31898US | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Bazar Loader, Qbot | Browse |
| ||
Get hash | malicious | Agent Tesla, AgentTesla | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | BitRAT, HTMLPhisher | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
7dcce5b76c8b17472d024758970a406b | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Remcos | Browse |
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\mpoom[1].scr
Download File
Process: | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 331264 |
Entropy (8bit): | 7.627305719102204 |
Encrypted: | false |
SSDEEP: | 6144:rOj1a7g+3FrDC0X4mowIsa8IaG8VdKmR5gwJgbDjamdLW9tHQB:q07g+3lv4mowAMJJgbDjamdLWQ |
MD5: | 37383DB5D0AAF3A258780342654AE739 |
SHA1: | 67C7CCFF56B2CE1C9ED11B18507557077CDC07D9 |
SHA-256: | 69F201E15280F32573FFDAFDE0CF139DEADCB9FA7D56BFD733B67F795560FEA4 |
SHA-512: | 93D2CFB22EC9F8CA3D0E75995753AF0143ABB700333F4D1FA2C89AF369ABA1EF84041B2AE41047D5DED9A328B4C5E59CAE81F3F23CC7ABDA323BD2DB8DBC74B0 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{2F038898-13C8-4096-9A4F-B491A2488798}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 16384 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | CE338FE6899778AACFC28414F2D9498B |
SHA1: | 897256B6709E1A4DA9DABA92B6BDE39CCFCCD8C1 |
SHA-256: | 4FE7B59AF6DE3B665B67788CC2F99892AB827EFAE3A467342B3BB4E3BC8E5BFE |
SHA-512: | 6EB7F16CF7AFCABE9BDEA88BDAB0469A7937EB715ADA9DFD8F428D9D38D86133945F5F2F2688DDD96062223A39B5D47F07AFC3C48D9DB1D5EE3F41C8D274DCCF |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{46F363FE-A7DD-406F-B1C8-7F7D7988C666}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1024 |
Entropy (8bit): | 0.05390218305374581 |
Encrypted: | false |
SSDEEP: | 3:ol3lYdn:4Wn |
MD5: | 5D4D94EE7E06BBB0AF9584119797B23A |
SHA1: | DBB111419C704F116EFA8E72471DD83E86E49677 |
SHA-256: | 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1 |
SHA-512: | 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B7378A9E-77CE-4569-96A5-44AF778C0CBC}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 61952 |
Entropy (8bit): | 3.624259440720678 |
Encrypted: | false |
SSDEEP: | 768:jgI2Q5Q6IQXwvW5Kq2g05gI2Q5Q6IQXwvW5Kq2g05gI2Q5Q6IQXwvW5Kq2g0ON85:oSyemuSyemuSyemyN8ToQ7OMus |
MD5: | BAA24A774E0BADCB35F9BF233587A06E |
SHA1: | ABBF95BC27A25FA319E71C59DF5CCB013F0D375C |
SHA-256: | 46E2D4310F7C18BA282FAA3F626D22BED15FD2DBFA185882C3BD86D8EC2EB101 |
SHA-512: | 83274DB8E20DCCEA75E196BB85E5C116B802C6E6C5E6AECC4DC0CBEC7CD30BB20C372CED080473D0CA141A15338A21746E2428B13C588ACB4EE217F6CA56BAF2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C64928E2-7CB9-43A4-ADFC-459F6DAC0FA3}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1536 |
Entropy (8bit): | 1.3560167139182788 |
Encrypted: | false |
SSDEEP: | 3:Iiiiiiiiiif3l/Hlnl/bl//l/bllBl/PvvvvvvvvvvFl/l/lAqsalHl3lldHzlbI:IiiiiiiiiifdLloZQc8++lsJe1Mz3/ |
MD5: | B26F1521ACF9ABE833D567E6534A139A |
SHA1: | 1AE73A78FF4EF7E4F144D0293E5192949D41114C |
SHA-256: | 4C5B20D1155954E5D26B7A76DE6B35A4C7BA6148AADDDC5C671555D0FDDF3E52 |
SHA-512: | CE5E2C6D45F47223A83A816A8047CB633C06743A4D5F1650A86D4BF0697696E705D15856B0C822BD894D430D101CB6E7E018964D44CAFA31800C5BD0EB33AA3A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\ATTHACHED SCAN-P.O SPECIFICATIONS.009.24. 001.LNK
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1189 |
Entropy (8bit): | 4.547298904247192 |
Encrypted: | false |
SSDEEP: | 24:8aVX/XTzUc986JrtA2o0ehe8dJfQtA2o02Dv3qaik7N:8ax/XTYcC6JrtAp0cPdJfQtAp0dNiN |
MD5: | 8C3014AB4FA907789AB58EB780E73990 |
SHA1: | B8982001AA3B3662A507E771432F323F923E4120 |
SHA-256: | 0D144BD4F269457067F2461BFD5294B255F0C2DEC213AFF6AB084A7FC16226AC |
SHA-512: | 3C755E919DC057AA11E45997750299A23A5BE8FC37D87AE16857797F0B56E077DB21DD47A1DB6462915D2ED16479F267188475BD737B4C6CEEA8D00CDA743737 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 124 |
Entropy (8bit): | 4.7930073029725015 |
Encrypted: | false |
SSDEEP: | 3:M14x7gTSJG9LBLXS2m4ghgTSJG9LBLXS2v:M+x7MSJSFChMSJSFl |
MD5: | F4365DCB33163821E292273391E955E2 |
SHA1: | 56857D8E6E172C48FA139262FEA7ADD7CEC7A7AE |
SHA-256: | 6B79EDF535382412A5D8D8E908A2F7B934AF15F2AC24CB55339FA8D17429C600 |
SHA-512: | ED0172835E4901A93284B8C312ED8B945B8E70FECC8F2043E50ACAE1A3AE061DA4F1634A35FF3D5B5C51A179EA8A9DC5DA7D32AC50E41317B3E7E888F5A19991 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.4797606462020307 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyxblgl0nGltlMWtVGXlcNOllln:vdsCkWtMe2G/LkXh/l |
MD5: | 89AFCB26CA4D4A770472A95DF4A52BA8 |
SHA1: | C3B3FEAEF38C3071AC81BC6A32242E6C39BEE9B5 |
SHA-256: | EF0F4A287E5375B5BFFAE39536E50FDAE97CD185C0F7892C7D25BD733E7D2F17 |
SHA-512: | EA44D55E57AEFA8D6F586F144CB982145384F681D0391C5AD8E616A67D77913152DB7B0F927E57CDA3D1ECEC3D343A1D6E060EAFF8E8FEDBE38394DFED8224CC |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 331264 |
Entropy (8bit): | 7.627305719102204 |
Encrypted: | false |
SSDEEP: | 6144:rOj1a7g+3FrDC0X4mowIsa8IaG8VdKmR5gwJgbDjamdLW9tHQB:q07g+3lv4mowAMJJgbDjamdLWQ |
MD5: | 37383DB5D0AAF3A258780342654AE739 |
SHA1: | 67C7CCFF56B2CE1C9ED11B18507557077CDC07D9 |
SHA-256: | 69F201E15280F32573FFDAFDE0CF139DEADCB9FA7D56BFD733B67F795560FEA4 |
SHA-512: | 93D2CFB22EC9F8CA3D0E75995753AF0143ABB700333F4D1FA2C89AF369ABA1EF84041B2AE41047D5DED9A328B4C5E59CAE81F3F23CC7ABDA323BD2DB8DBC74B0 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.4797606462020307 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyxblgl0nGltlMWtVGXlcNOllln:vdsCkWtMe2G/LkXh/l |
MD5: | 89AFCB26CA4D4A770472A95DF4A52BA8 |
SHA1: | C3B3FEAEF38C3071AC81BC6A32242E6C39BEE9B5 |
SHA-256: | EF0F4A287E5375B5BFFAE39536E50FDAE97CD185C0F7892C7D25BD733E7D2F17 |
SHA-512: | EA44D55E57AEFA8D6F586F144CB982145384F681D0391C5AD8E616A67D77913152DB7B0F927E57CDA3D1ECEC3D343A1D6E060EAFF8E8FEDBE38394DFED8224CC |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 3.1325400825369365 |
TrID: |
|
File name: | ATTHACHED SCAN-P.O SPECIFICATIONS.009.24. 001.doc |
File size: | 212'028 bytes |
MD5: | d90ae35b86323a7495fbd0f89b74ad08 |
SHA1: | a913d6148cbfb3a5be68a34052a4d1ab7d9de989 |
SHA256: | 88ad296056a6be66969f1e5ce6694398944804a39d8465b42e0af73c5af12cb0 |
SHA512: | 54e720b166c2a2e780c973d4da1b93403e098526cea1ac11a49ef8915eeea7c97faa905b233905d86adb2a0ec7e02ea412eb31608b5634bdd3685f9f183a9e94 |
SSDEEP: | 768:sfDwAbZSibMX9gRWjtwAbZSibMX9gRWjtwAbZSibMX9gRWjAFU+Gt8ygBa75ZtaM:OwAlRkwAlRkwAlRPU+G+Xa75ZcqT |
TLSH: | B624792DC34B02598F620376AB175E5142BDBA7EF38552B1346C437933EEC39A1252BE |
File Content Preview: | {\rtf1..{\*\2Gg1NgJmSXbTxemlqsiLDkQRN9no9PRoVU1qJYcyTiTnF1tamoZl18rPgWfFi7FlimUYuhO29AgIEYqEYYFwoniNFT5GnTI9ocVtp8XFcTflaGUxHeAdGlseBUTd4WXHxZReiuxs37oywAm38bkf04GTe9F8BJqQJ9jdE1YEcfXiyKaoHwMmiln9pymYnq8r2uma2XEZRdFlKkqUrERm2qMyrTVgY9KsGMzKnSuAhYLtfTRP2yN |
Icon Hash: | 2764a3aaaeb7bdbf |
Id | Start | Format ID | Format | Classname | Datasize | Filename | Sourcepath | Temppath | Exploit |
---|---|---|---|---|---|---|---|---|---|
0 | 0000789Ah | no |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 23, 2024 07:49:56.795392036 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:56.795474052 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:56.795552969 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:56.806135893 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:56.806162119 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.010586023 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.010796070 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.015976906 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.015988111 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.016307116 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.016351938 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.088438988 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.132141113 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.432013988 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.432171106 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.432203054 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.432379007 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.432390928 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.432437897 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.432480097 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.432532072 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.432609081 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.432661057 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.432738066 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.432791948 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.432863951 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.432915926 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.432990074 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.433036089 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.433116913 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.433171988 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.433262110 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.433360100 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.433429003 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.433480978 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.433532000 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.433579922 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.437666893 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.532226086 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.532288074 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.532295942 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.532327890 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.532330036 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.532367945 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.532376051 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.532408953 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.532422066 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.532453060 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.532455921 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.532488108 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.532764912 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.532804012 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.532816887 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.532851934 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.532855034 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.532887936 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.533216953 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.533256054 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.533258915 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.533292055 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.533293962 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.533323050 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.533613920 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.533652067 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.533654928 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.533695936 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.533739090 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.533771038 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.533782005 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.533814907 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.533817053 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.533849001 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.533852100 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.533885956 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.534393072 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.534434080 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.534435987 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.534466028 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.633590937 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.633663893 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.633790970 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.633841038 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.633920908 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.633968115 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.634053946 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.634118080 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.634201050 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.634253025 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.634344101 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.634393930 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.634466887 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.634514093 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.634604931 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.634654045 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.634727001 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.634769917 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.634881020 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.634932041 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.635025978 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.635077000 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.635164022 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.635219097 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.635559082 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.635618925 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.635804892 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.635863066 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.636286974 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.636373997 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.636563063 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.636624098 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.637589931 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.637645960 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.637945890 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.638004065 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.638134003 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.638196945 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.638375044 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.638432026 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.638489962 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.638539076 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.735409021 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.735502005 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.735591888 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.735760927 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.735773087 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.735819101 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.735867977 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.735919952 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.736217022 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.736287117 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.736376047 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.736437082 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.737341881 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.737417936 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.737648964 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.737715960 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.737885952 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.737956047 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.738246918 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.738317966 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.738631964 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.738694906 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.738807917 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.738867998 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.739027977 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.739094019 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.739473104 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.739536047 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.739993095 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.740056038 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.740149021 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.740200043 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.740519047 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.740581036 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.740659952 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.740704060 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.740823030 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.740880966 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.740942001 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.740993977 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.741529942 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.741595030 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.741736889 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.741800070 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.742397070 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.742475986 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.742656946 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.742726088 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.743184090 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.743249893 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.743388891 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.743449926 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.743686914 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.743757010 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.744041920 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.744148970 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.744307041 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.744371891 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.744679928 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.744740009 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.745429039 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.745448112 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.745501995 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.836749077 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.836942911 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.837934017 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.838012934 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.838085890 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.838141918 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.838541031 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.838615894 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.840291023 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.840365887 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.840471029 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.840533972 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.840627909 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.840677977 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.841244936 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.841319084 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.841336966 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.841384888 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.842679024 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.842753887 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.842772007 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.842823982 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.843786955 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.843854904 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.843877077 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.843919992 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.844084024 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.844151020 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.844608068 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.844679117 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.845371962 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.845484972 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.845901012 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.845972061 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.846826077 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.846882105 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.846893072 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.846899033 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.846927881 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.846935987 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.847085953 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.847145081 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.848206043 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.848267078 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.848269939 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.848304033 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:57.848323107 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.848342896 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.849652052 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.849901915 CEST | 49161 | 443 | 192.168.2.22 | 172.67.134.136 |
Apr 23, 2024 07:49:57.849910021 CEST | 443 | 49161 | 172.67.134.136 | 192.168.2.22 |
Apr 23, 2024 07:49:59.613476038 CEST | 49162 | 80 | 192.168.2.22 | 193.122.6.168 |
Apr 23, 2024 07:49:59.786726952 CEST | 80 | 49162 | 193.122.6.168 | 192.168.2.22 |
Apr 23, 2024 07:49:59.786804914 CEST | 49162 | 80 | 192.168.2.22 | 193.122.6.168 |
Apr 23, 2024 07:49:59.788209915 CEST | 49162 | 80 | 192.168.2.22 | 193.122.6.168 |
Apr 23, 2024 07:49:59.961425066 CEST | 80 | 49162 | 193.122.6.168 | 192.168.2.22 |
Apr 23, 2024 07:50:00.892457008 CEST | 80 | 49162 | 193.122.6.168 | 192.168.2.22 |
Apr 23, 2024 07:50:01.187113047 CEST | 49162 | 80 | 192.168.2.22 | 193.122.6.168 |
Apr 23, 2024 07:51:05.884891987 CEST | 80 | 49162 | 193.122.6.168 | 192.168.2.22 |
Apr 23, 2024 07:51:05.885220051 CEST | 49162 | 80 | 192.168.2.22 | 193.122.6.168 |
Apr 23, 2024 07:51:40.935224056 CEST | 49162 | 80 | 192.168.2.22 | 193.122.6.168 |
Apr 23, 2024 07:51:41.108491898 CEST | 80 | 49162 | 193.122.6.168 | 192.168.2.22 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 23, 2024 07:49:56.673778057 CEST | 54562 | 53 | 192.168.2.22 | 8.8.8.8 |
Apr 23, 2024 07:49:56.782021999 CEST | 53 | 54562 | 8.8.8.8 | 192.168.2.22 |
Apr 23, 2024 07:49:59.261459112 CEST | 52917 | 53 | 192.168.2.22 | 8.8.8.8 |
Apr 23, 2024 07:49:59.352401972 CEST | 53 | 52917 | 8.8.8.8 | 192.168.2.22 |
Apr 23, 2024 07:49:59.507497072 CEST | 62751 | 53 | 192.168.2.22 | 8.8.8.8 |
Apr 23, 2024 07:49:59.595150948 CEST | 53 | 62751 | 8.8.8.8 | 192.168.2.22 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 23, 2024 07:49:56.673778057 CEST | 192.168.2.22 | 8.8.8.8 | 0xe3cd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 23, 2024 07:49:59.261459112 CEST | 192.168.2.22 | 8.8.8.8 | 0xade5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 23, 2024 07:49:59.507497072 CEST | 192.168.2.22 | 8.8.8.8 | 0x4465 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 23, 2024 07:49:56.782021999 CEST | 8.8.8.8 | 192.168.2.22 | 0xe3cd | No error (0) | 172.67.134.136 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 07:49:56.782021999 CEST | 8.8.8.8 | 192.168.2.22 | 0xe3cd | No error (0) | 104.21.25.202 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 07:49:59.352401972 CEST | 8.8.8.8 | 192.168.2.22 | 0xade5 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 23, 2024 07:49:59.352401972 CEST | 8.8.8.8 | 192.168.2.22 | 0xade5 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 07:49:59.352401972 CEST | 8.8.8.8 | 192.168.2.22 | 0xade5 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 07:49:59.352401972 CEST | 8.8.8.8 | 192.168.2.22 | 0xade5 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 07:49:59.352401972 CEST | 8.8.8.8 | 192.168.2.22 | 0xade5 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 07:49:59.352401972 CEST | 8.8.8.8 | 192.168.2.22 | 0xade5 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 07:49:59.595150948 CEST | 8.8.8.8 | 192.168.2.22 | 0x4465 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 23, 2024 07:49:59.595150948 CEST | 8.8.8.8 | 192.168.2.22 | 0x4465 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 07:49:59.595150948 CEST | 8.8.8.8 | 192.168.2.22 | 0x4465 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 07:49:59.595150948 CEST | 8.8.8.8 | 192.168.2.22 | 0x4465 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 07:49:59.595150948 CEST | 8.8.8.8 | 192.168.2.22 | 0x4465 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 07:49:59.595150948 CEST | 8.8.8.8 | 192.168.2.22 | 0x4465 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.22 | 49162 | 193.122.6.168 | 80 | 3248 | C:\Users\user\AppData\Roaming\mpoom39002.scr |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 23, 2024 07:49:59.788209915 CEST | 151 | OUT | |
Apr 23, 2024 07:50:00.892457008 CEST | 323 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.22 | 49161 | 172.67.134.136 | 443 | 2160 | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 05:49:57 UTC | 313 | OUT | |
2024-04-23 05:49:57 UTC | 775 | IN | |
2024-04-23 05:49:57 UTC | 594 | IN | |
2024-04-23 05:49:57 UTC | 1369 | IN | |
2024-04-23 05:49:57 UTC | 1369 | IN | |
2024-04-23 05:49:57 UTC | 1369 | IN | |
2024-04-23 05:49:57 UTC | 1369 | IN | |
2024-04-23 05:49:57 UTC | 1369 | IN | |
2024-04-23 05:49:57 UTC | 1369 | IN | |
2024-04-23 05:49:57 UTC | 1369 | IN | |
2024-04-23 05:49:57 UTC | 1369 | IN | |
2024-04-23 05:49:57 UTC | 1369 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 07:49:53 |
Start date: | 23/04/2024 |
Path: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f1c0000 |
File size: | 1'423'704 bytes |
MD5 hash: | 9EE74859D22DAE61F1750B3A1BACB6F5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 2 |
Start time: | 07:49:54 |
Start date: | 23/04/2024 |
Path: | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 543'304 bytes |
MD5 hash: | A87236E214F6D42A65F5DEDAC816AEC8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 07:49:57 |
Start date: | 23/04/2024 |
Path: | C:\Users\user\AppData\Roaming\mpoom39002.scr |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x260000 |
File size: | 331'264 bytes |
MD5 hash: | 37383DB5D0AAF3A258780342654AE739 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 6 |
Start time: | 07:49:57 |
Start date: | 23/04/2024 |
Path: | C:\Users\user\AppData\Roaming\mpoom39002.scr |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x260000 |
File size: | 331'264 bytes |
MD5 hash: | 37383DB5D0AAF3A258780342654AE739 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Target ID: | 7 |
Start time: | 07:50:16 |
Start date: | 23/04/2024 |
Path: | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 543'304 bytes |
MD5 hash: | A87236E214F6D42A65F5DEDAC816AEC8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Function 0033B860 Relevance: 1.1, Instructions: 1092COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003414C8 Relevance: .3, Instructions: 344COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0034150D Relevance: .3, Instructions: 320COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0033C0C6 Relevance: .2, Instructions: 235COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0033C1E4 Relevance: .1, Instructions: 110COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 17% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 40 |
Total number of Limit Nodes: | 1 |
Graph
Function 001E3908 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 118injectionCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001E3A60 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001E3A68 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001E4C98 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001E37E8 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001E3B88 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0012D4CC Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0012D4C7 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 22.2% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 46.5% |
Total number of Nodes: | 258 |
Total number of Limit Nodes: | 4 |
Graph
Function 001F3B30 Relevance: 1.8, Strings: 1, Instructions: 596COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F1E98 Relevance: 1.6, APIs: 1, Instructions: 99libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003FB230 Relevance: 1.6, APIs: 1, Instructions: 98libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F38A8 Relevance: 1.6, APIs: 1, Instructions: 98libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F3D0C Relevance: 1.6, APIs: 1, Instructions: 97libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F048A Relevance: 1.6, APIs: 1, Instructions: 96libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001F72F8 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001F608D Relevance: .3, Instructions: 336COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001FF9D8 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001F6A38 Relevance: .3, Instructions: 289COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001FF580 Relevance: .3, Instructions: 276COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001FF128 Relevance: .3, Instructions: 275COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001F6E99 Relevance: .3, Instructions: 275COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001F65D9 Relevance: .3, Instructions: 274COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001F5620 Relevance: .2, Instructions: 222COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001F5630 Relevance: .2, Instructions: 220COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00590688 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00590040 Relevance: .2, Instructions: 218COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001F5972 Relevance: .2, Instructions: 199COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001FED3B Relevance: 1.6, APIs: 1, Instructions: 122COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0016D01C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0016D006 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001F47FD Relevance: .6, Instructions: 588COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F6458 Relevance: .2, Instructions: 222COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001F4162 Relevance: .2, Instructions: 193COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F644A Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001F4342 Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F676E Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |