Analysis Report Quotation_Order.pdf.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
Threatname: NanoCore |
---|
{"Version": "1.2.2.0", "Mutex": "6f656d69-7475-8807-1300-000c0a4c", "Domain1": "185.140.53.138", "Domain2": "wealth2021.ddns.net", "Port": 20221, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Disable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Disable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
Click to see the 20 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
Click to see the 34 entries |
Sigma Overview |
---|
AV Detection: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
E-Banking Fraud: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
System Summary: |
---|
Sigma detected: Possible Applocker Bypass | Show sources |
Source: | Author: juju4: |
Stealing of Sensitive Information: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
Remote Access Functionality: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Multi AV Scanner detection for dropped file | Show sources |
Source: | ReversingLabs: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | ReversingLabs: |
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Machine Learning detection for dropped file | Show sources |
Source: | Joe Sandbox ML: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 1_2_04EC8300 | |
Source: | Code function: | 1_2_04EC82F0 | |
Source: | Code function: | 1_2_04EC83B4 |
Networking: |
---|
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: | ||
Source: | URLs: |
Uses dynamic DNS services | Show sources |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Binary or memory string: |
E-Banking Fraud: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Initial sample is a PE file and has a suspicious name | Show sources |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 1_2_0156C2B0 | |
Source: | Code function: | 1_2_015699D8 | |
Source: | Code function: | 1_2_04EC4460 | |
Source: | Code function: | 1_2_04EC3D68 | |
Source: | Code function: | 1_2_04EC39F8 | |
Source: | Code function: | 1_2_04EC4A78 | |
Source: | Code function: | 1_2_04EC8A31 | |
Source: | Code function: | 1_2_04EC7204 | |
Source: | Code function: | 1_2_04EC54A7 | |
Source: | Code function: | 1_2_04EC54B8 | |
Source: | Code function: | 1_2_04EC4450 | |
Source: | Code function: | 1_2_04EC3D58 | |
Source: | Code function: | 1_2_04EC58E1 | |
Source: | Code function: | 1_2_04EC58F0 | |
Source: | Code function: | 1_2_04EC18D0 | |
Source: | Code function: | 1_2_04EC1889 | |
Source: | Code function: | 1_2_04EC3829 | |
Source: | Code function: | 1_2_04EC39E8 | |
Source: | Code function: | 1_2_04EC5AEB | |
Source: | Code function: | 1_2_04EC1289 | |
Source: | Code function: | 1_2_04EC1298 | |
Source: | Code function: | 1_2_04EC4A68 | |
Source: | Code function: | 1_2_04EC5B70 | |
Source: | Code function: | 1_2_04EC5B19 | |
Source: | Code function: | 5_2_0151E471 | |
Source: | Code function: | 5_2_0151E480 | |
Source: | Code function: | 5_2_0151BBD4 | |
Source: | Code function: | 5_2_056B6550 | |
Source: | Code function: | 5_2_056BC670 | |
Source: | Code function: | 5_2_056B4A50 | |
Source: | Code function: | 5_2_056BF428 | |
Source: | Code function: | 5_2_056B3E30 | |
Source: | Code function: | 5_2_056BBA58 | |
Source: | Code function: | 5_2_056BC72E | |
Source: | Code function: | 5_2_056B4B08 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | ReversingLabs: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Data Obfuscation: |
---|
.NET source code contains potential unpacker | Show sources |
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Uses schtasks.exe or at.exe to add and modify task schedules | Show sources |
Source: | Process created: |
Hooking and other Techniques for Hiding and Protection: |
---|
Uses an obfuscated file name to hide its real file extension (double extension) | Show sources |
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Yara detected AntiVM3 | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | File opened / queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Allocates memory in foreign processes | Show sources |
Source: | Memory allocated: | Jump to behavior |
Injects a PE file into a foreign processes | Show sources |
Source: | Memory written: | Jump to behavior |
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Detected Nanocore Rat | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Command and Scripting Interpreter2 | Scheduled Task/Job1 | Process Injection312 | Masquerading11 | Input Capture11 | Security Software Discovery211 | Remote Services | Input Capture11 | Exfiltration Over Other Network Medium | Encrypted Channel12 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job1 | Boot or Logon Initialization Scripts | Scheduled Task/Job1 | Disable or Modify Tools1 | LSASS Memory | Process Discovery2 | Remote Desktop Protocol | Archive Collected Data11 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Virtualization/Sandbox Evasion31 | Security Account Manager | Virtualization/Sandbox Evasion31 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Remote Access Software1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection312 | NTDS | Application Window Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Non-Application Layer Protocol1 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Deobfuscate/Decode Files or Information1 | LSA Secrets | File and Directory Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Application Layer Protocol22 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Obfuscated Files or Information12 | Cached Domain Credentials | System Information Discovery12 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Software Packing13 | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
26% | ReversingLabs | Win32.Trojan.AgentTesla | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
26% | ReversingLabs | Win32.Trojan.AgentTesla |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Dropper.MSIL.Gen7 | Download File | ||
100% | Avira | TR/NanoCore.fadte | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
7% | Virustotal | Browse | ||
0% | Virustotal | Browse |
URLs |
---|
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
wealth2021.ddns.net | 185.140.53.138 | true | true |
| unknown |
clientconfig.passport.net | unknown | unknown | true |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
185.140.53.138 | wealth2021.ddns.net | Sweden | 209623 | DAVID_CRAIGGG | true |
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 412548 |
Start date: | 12.05.2021 |
Start time: | 19:08:39 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 8m 9s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Quotation_Order.pdf.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 31 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@6/5@13/1 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
19:09:31 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
185.140.53.138 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
wealth2021.ddns.net | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
DAVID_CRAIGGG | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\Quotation_Order.pdf.exe |
File Type: | |
Category: | modified |
Size (bytes): | 1314 |
Entropy (8bit): | 5.350128552078965 |
Encrypted: | false |
SSDEEP: | 24:MLU84jE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmEw:MgvjHK5HKXE1qHiYHKhQnoPtHoxHhAHR |
MD5: | 1DC1A2DCC9EFAA84EABF4F6D6066565B |
SHA1: | B7FCF805B6DD8DE815EA9BC089BD99F1E617F4E9 |
SHA-256: | 28D63442C17BF19558655C88A635CB3C3FF1BAD1CCD9784090B9749A7E71FCEF |
SHA-512: | 95DD7E2AB0884A3EFD9E26033B337D1F97DDF9A8E9E9C4C32187DCD40622D8B1AC8CCDBA12A70A6B9075DF5E7F68DF2F8FBA4AB33DB4576BE9806B8E191802B7 |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\Quotation_Order.pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1662 |
Entropy (8bit): | 5.177749092284426 |
Encrypted: | false |
SSDEEP: | 24:2dH4+SEqC/dp7hdMlNMFpdU/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBadItn:cbhH7MlNQ8/rydbz9I3YODOLNdq35 |
MD5: | E660135146E8CB0D32A8D919D3E5EDFB |
SHA1: | C926BAB73227531FCC10FC858EEEA95C2E8F5919 |
SHA-256: | 8ABE6F5D752965C7580F731D6B8913D0411CC11AEA384DF0129E0BD00A6D7B38 |
SHA-512: | E08C424B67F986918BEDA54E6405C2856CAE743BA1AED87BF355A18957289522591EBB4C22FA1D1AAF610A3D86293F4ECBCE6B08573C5433CD22A3BC7154D41F |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 3.0 |
Encrypted: | false |
SSDEEP: | 3:Zpn:7n |
MD5: | 8B98AB5B5A654BFA8F76362BCD7CF769 |
SHA1: | F96F39798591F166592E2FC6C9F763EE8AA76C0C |
SHA-256: | BB6F884AF6AC368C3CD908AB97CB53B1EDDFE5C38867792A648F93C43D63A2E5 |
SHA-512: | 6FF9761941D6A72BBC25DF41CF4C96F18CC340ACCF9AC50255DEADBB86EB34A8721BF201AB32AA30B46A86FB6CB7A8AE791FE025337E29FDEF23957076414DC6 |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\Quotation_Order.pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 845312 |
Entropy (8bit): | 7.315929774120675 |
Encrypted: | false |
SSDEEP: | 12288:QTVyrD6tJgrDw4bS48LUT6CNVMwZiCckGqE7221yX87Nw6yhVphotxVgxL7s:QjE8LMhzVMPkGhJzJJgphotxVg5s |
MD5: | 9EC5D09C8ADEFBF30598A5BD5F8D826E |
SHA1: | F296A55C93796FA015FB4B071122435062CC995D |
SHA-256: | 53E8A1A34CDFDD3E81842A5211699596CC2DA10EF2A94554D330F99B749A214E |
SHA-512: | 2BD331E31A62C443EF655F995B5262DD7BA587011E92B48AEC9F005215A10A58CBCE628B348C3F09EC911DCA8A1F60868515BB154F4F6AD18FFE3178C0284A67 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\Quotation_Order.pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.315929774120675 |
TrID: |
|
File name: | Quotation_Order.pdf.exe |
File size: | 845312 |
MD5: | 9ec5d09c8adefbf30598a5bd5f8d826e |
SHA1: | f296a55c93796fa015fb4b071122435062cc995d |
SHA256: | 53e8a1a34cdfdd3e81842a5211699596cc2da10ef2a94554d330f99b749a214e |
SHA512: | 2bd331e31a62c443ef655f995b5262dd7ba587011e92b48aec9f005215a10a58cbce628b348c3f09ec911dca8a1f60868515bb154f4f6ad18ffe3178c0284a67 |
SSDEEP: | 12288:QTVyrD6tJgrDw4bS48LUT6CNVMwZiCckGqE7221yX87Nw6yhVphotxVgxL7s:QjE8LMhzVMPkGhJzJJgphotxVg5s |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a..`..............P..6...........T... ...`....@.. .......................@............@................................ |
File Icon |
---|
Icon Hash: | cc92316d713396e8 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4b540a |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x609BE761 [Wed May 12 14:34:09 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v4.0.30319 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Entrypoint Preview |
---|
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xb53b8 | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xb6000 | 0x1ab74 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xd2000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0xb3410 | 0xb3600 | False | 0.809437608885 | data | 7.64683515737 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rsrc | 0xb6000 | 0x1ab74 | 0x1ac00 | False | 0.146082797897 | data | 3.15210936606 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xd2000 | 0xc | 0x200 | False | 0.044921875 | data | 0.0980041756627 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0xb6220 | 0x468 | GLS_BINARY_LSB_FIRST | ||
RT_ICON | 0xb6688 | 0x162a | PNG image data, 256 x 256, 8-bit colormap, non-interlaced | ||
RT_ICON | 0xb7cb4 | 0x25a8 | dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0 | ||
RT_ICON | 0xba25c | 0x10a8 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0 | ||
RT_ICON | 0xbb304 | 0x10828 | dBase III DBT, version number 0, next free block index 40 | ||
RT_ICON | 0xcbb2c | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0 | ||
RT_GROUP_ICON | 0xcfd54 | 0x5a | data | ||
RT_VERSION | 0xcfdb0 | 0x394 | data | ||
RT_MANIFEST | 0xd0144 | 0xa2e | XML 1.0 document, UTF-8 Unicode (with BOM) text |
Imports |
---|
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
LegalCopyright | Copyright 2020 |
Assembly Version | 1.0.0.0 |
InternalName | EnvironmentVariableTarget.exe |
FileVersion | 1.0.0.0 |
CompanyName | |
LegalTrademarks | |
Comments | |
ProductName | LibraryManagementSystem |
ProductVersion | 1.0.0.0 |
FileDescription | LibraryManagementSystem |
OriginalFilename | EnvironmentVariableTarget.exe |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 12, 2021 19:09:22.846283913 CEST | 443 | 49683 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:22.846308947 CEST | 443 | 49683 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:22.846324921 CEST | 443 | 49683 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:22.846340895 CEST | 443 | 49683 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:22.846357107 CEST | 443 | 49683 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:22.846373081 CEST | 443 | 49683 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:22.846389055 CEST | 443 | 49683 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:22.846407890 CEST | 443 | 49683 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:22.846426010 CEST | 443 | 49683 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:22.846441984 CEST | 443 | 49683 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:22.846457958 CEST | 443 | 49683 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:22.846473932 CEST | 443 | 49683 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:22.846488953 CEST | 443 | 49683 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:22.846502066 CEST | 443 | 49683 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:22.846523046 CEST | 49683 | 443 | 192.168.2.7 | 40.126.31.4 |
May 12, 2021 19:09:22.846616983 CEST | 49683 | 443 | 192.168.2.7 | 40.126.31.4 |
May 12, 2021 19:09:22.998435020 CEST | 49677 | 443 | 192.168.2.7 | 40.126.31.4 |
May 12, 2021 19:09:22.998537064 CEST | 49677 | 443 | 192.168.2.7 | 40.126.31.4 |
May 12, 2021 19:09:23.059084892 CEST | 443 | 49677 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:23.059104919 CEST | 443 | 49677 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:23.481117010 CEST | 443 | 49677 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:23.481146097 CEST | 443 | 49677 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:23.481164932 CEST | 443 | 49677 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:23.481180906 CEST | 443 | 49677 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:23.481197119 CEST | 443 | 49677 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:23.481236935 CEST | 443 | 49677 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:23.481252909 CEST | 443 | 49677 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:23.481259108 CEST | 49677 | 443 | 192.168.2.7 | 40.126.31.4 |
May 12, 2021 19:09:23.481268883 CEST | 443 | 49677 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:23.481287003 CEST | 443 | 49677 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:23.481364012 CEST | 49677 | 443 | 192.168.2.7 | 40.126.31.4 |
May 12, 2021 19:09:23.517539978 CEST | 49683 | 443 | 192.168.2.7 | 40.126.31.4 |
May 12, 2021 19:09:23.517594099 CEST | 49683 | 443 | 192.168.2.7 | 40.126.31.4 |
May 12, 2021 19:09:23.578279018 CEST | 443 | 49683 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:23.578300953 CEST | 443 | 49683 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:23.725044012 CEST | 443 | 49683 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:23.725066900 CEST | 443 | 49683 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:23.725083113 CEST | 443 | 49683 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:23.725100040 CEST | 443 | 49683 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:23.725116014 CEST | 443 | 49683 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:23.725131035 CEST | 443 | 49683 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:23.725147009 CEST | 443 | 49683 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:23.725167036 CEST | 443 | 49683 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:23.725186110 CEST | 443 | 49683 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:23.725208998 CEST | 49683 | 443 | 192.168.2.7 | 40.126.31.4 |
May 12, 2021 19:09:23.725244999 CEST | 49683 | 443 | 192.168.2.7 | 40.126.31.4 |
May 12, 2021 19:09:23.777213097 CEST | 49683 | 443 | 192.168.2.7 | 40.126.31.4 |
May 12, 2021 19:09:25.063285112 CEST | 49677 | 443 | 192.168.2.7 | 40.126.31.4 |
May 12, 2021 19:09:25.063342094 CEST | 49677 | 443 | 192.168.2.7 | 40.126.31.4 |
May 12, 2021 19:09:25.123919010 CEST | 443 | 49677 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:25.123980999 CEST | 443 | 49677 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:25.175136089 CEST | 443 | 49677 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:25.280019045 CEST | 443 | 49677 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:25.280054092 CEST | 443 | 49677 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:25.280073881 CEST | 443 | 49677 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:25.280092001 CEST | 443 | 49677 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:25.280133009 CEST | 49677 | 443 | 192.168.2.7 | 40.126.31.4 |
May 12, 2021 19:09:25.280145884 CEST | 443 | 49677 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:25.280165911 CEST | 49677 | 443 | 192.168.2.7 | 40.126.31.4 |
May 12, 2021 19:09:25.280169010 CEST | 443 | 49677 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:25.280189037 CEST | 443 | 49677 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:25.280217886 CEST | 49677 | 443 | 192.168.2.7 | 40.126.31.4 |
May 12, 2021 19:09:25.280247927 CEST | 443 | 49677 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:25.280266047 CEST | 443 | 49677 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:09:25.280294895 CEST | 49677 | 443 | 192.168.2.7 | 40.126.31.4 |
May 12, 2021 19:09:25.324054956 CEST | 49677 | 443 | 192.168.2.7 | 40.126.31.4 |
May 12, 2021 19:09:38.171716928 CEST | 49699 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:09:38.220172882 CEST | 20221 | 49699 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:09:38.778301001 CEST | 49699 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:09:38.826742887 CEST | 20221 | 49699 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:09:39.481555939 CEST | 49699 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:09:39.529968977 CEST | 20221 | 49699 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:09:43.640548944 CEST | 49708 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:09:43.690107107 CEST | 20221 | 49708 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:09:44.278798103 CEST | 49708 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:09:44.328593969 CEST | 20221 | 49708 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:09:44.966310024 CEST | 49708 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:09:45.014808893 CEST | 20221 | 49708 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:09:49.045957088 CEST | 49714 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:09:49.094362974 CEST | 20221 | 49714 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:09:49.669847012 CEST | 49714 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:09:49.718348980 CEST | 20221 | 49714 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:09:50.279330969 CEST | 49714 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:09:50.328071117 CEST | 20221 | 49714 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:09:54.511395931 CEST | 49720 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:09:54.560018063 CEST | 20221 | 49720 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:09:55.076503038 CEST | 49720 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:09:55.126526117 CEST | 20221 | 49720 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:09:55.779757023 CEST | 49720 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:09:55.828063011 CEST | 20221 | 49720 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:09:59.909446955 CEST | 49723 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:09:59.959532022 CEST | 20221 | 49723 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:00.467593908 CEST | 49723 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:00.515872955 CEST | 20221 | 49723 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:01.077081919 CEST | 49723 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:01.125736952 CEST | 20221 | 49723 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:06.200220108 CEST | 49724 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:06.248963118 CEST | 20221 | 49724 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:06.843153000 CEST | 49724 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:06.893260002 CEST | 20221 | 49724 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:07.452687979 CEST | 49724 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:07.501183987 CEST | 20221 | 49724 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:11.516349077 CEST | 49725 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:11.564758062 CEST | 20221 | 49725 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:12.077969074 CEST | 49725 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:12.126341105 CEST | 20221 | 49725 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:12.781121016 CEST | 49725 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:12.829613924 CEST | 20221 | 49725 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:16.845335960 CEST | 49728 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:16.893838882 CEST | 20221 | 49728 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:17.453416109 CEST | 49728 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:17.503454924 CEST | 20221 | 49728 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:18.156582117 CEST | 49728 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:18.205081940 CEST | 20221 | 49728 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:18.702632904 CEST | 80 | 49680 | 93.184.220.29 | 192.168.2.7 |
May 12, 2021 19:10:18.702811956 CEST | 49680 | 80 | 192.168.2.7 | 93.184.220.29 |
May 12, 2021 19:10:20.890388012 CEST | 80 | 49682 | 93.184.220.29 | 192.168.2.7 |
May 12, 2021 19:10:20.890518904 CEST | 49682 | 80 | 192.168.2.7 | 93.184.220.29 |
May 12, 2021 19:10:22.222621918 CEST | 49731 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:22.270960093 CEST | 20221 | 49731 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:22.781213999 CEST | 49731 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:22.829581976 CEST | 20221 | 49731 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:23.328953028 CEST | 49731 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:23.377298117 CEST | 20221 | 49731 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:27.485434055 CEST | 49732 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:27.534389973 CEST | 20221 | 49732 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:28.048145056 CEST | 49732 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:28.096667051 CEST | 20221 | 49732 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:28.610683918 CEST | 49732 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:28.661541939 CEST | 20221 | 49732 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:32.737581015 CEST | 49733 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:32.785985947 CEST | 20221 | 49733 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:33.298574924 CEST | 49733 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:33.347167969 CEST | 20221 | 49733 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:33.861105919 CEST | 49733 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:33.909369946 CEST | 20221 | 49733 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:37.993096113 CEST | 49734 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:38.043669939 CEST | 20221 | 49734 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:38.548906088 CEST | 49734 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:38.597198009 CEST | 20221 | 49734 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:39.111489058 CEST | 49734 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:39.159869909 CEST | 20221 | 49734 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:43.175612926 CEST | 49735 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:43.224462032 CEST | 20221 | 49735 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:43.736939907 CEST | 49735 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:43.785460949 CEST | 20221 | 49735 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:44.299360991 CEST | 49735 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:44.347902060 CEST | 20221 | 49735 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:48.363426924 CEST | 49736 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:48.412561893 CEST | 20221 | 49736 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:48.924748898 CEST | 49736 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:48.973062992 CEST | 20221 | 49736 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:49.487293005 CEST | 49736 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:49.535598040 CEST | 20221 | 49736 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:53.551474094 CEST | 49740 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:53.599786997 CEST | 20221 | 49740 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:54.112710953 CEST | 49740 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:54.161263943 CEST | 20221 | 49740 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:54.690862894 CEST | 49740 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:54.739089012 CEST | 20221 | 49740 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:58.850759029 CEST | 49746 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:58.900712013 CEST | 20221 | 49746 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:59.409986973 CEST | 49746 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:10:59.458373070 CEST | 20221 | 49746 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:10:59.975234032 CEST | 49746 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:11:00.023611069 CEST | 20221 | 49746 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:11:04.098244905 CEST | 49747 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:11:04.146548033 CEST | 20221 | 49747 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:11:04.691725016 CEST | 49747 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:11:04.741496086 CEST | 20221 | 49747 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:11:05.394881010 CEST | 49747 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:11:05.443197966 CEST | 20221 | 49747 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:11:07.152595043 CEST | 49683 | 443 | 192.168.2.7 | 40.126.31.4 |
May 12, 2021 19:11:07.152710915 CEST | 49682 | 80 | 192.168.2.7 | 93.184.220.29 |
May 12, 2021 19:11:07.152719975 CEST | 49677 | 443 | 192.168.2.7 | 40.126.31.4 |
May 12, 2021 19:11:07.193311930 CEST | 80 | 49682 | 93.184.220.29 | 192.168.2.7 |
May 12, 2021 19:11:07.193399906 CEST | 49682 | 80 | 192.168.2.7 | 93.184.220.29 |
May 12, 2021 19:11:07.213260889 CEST | 443 | 49677 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:11:07.213371992 CEST | 49677 | 443 | 192.168.2.7 | 40.126.31.4 |
May 12, 2021 19:11:07.213483095 CEST | 443 | 49683 | 40.126.31.4 | 192.168.2.7 |
May 12, 2021 19:11:07.213550091 CEST | 49683 | 443 | 192.168.2.7 | 40.126.31.4 |
May 12, 2021 19:11:09.813436985 CEST | 49748 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:11:09.861773968 CEST | 20221 | 49748 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:11:10.381295919 CEST | 49748 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:11:10.431746960 CEST | 20221 | 49748 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:11:11.129765034 CEST | 49748 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:11:11.178020954 CEST | 20221 | 49748 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:11:15.194972038 CEST | 49749 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:11:15.243237019 CEST | 20221 | 49749 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:11:15.801959038 CEST | 49749 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:11:15.850230932 CEST | 20221 | 49749 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:11:16.505132914 CEST | 49749 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:11:16.553453922 CEST | 20221 | 49749 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:11:20.142524958 CEST | 80 | 49680 | 93.184.220.29 | 192.168.2.7 |
May 12, 2021 19:11:20.142668009 CEST | 49680 | 80 | 192.168.2.7 | 93.184.220.29 |
May 12, 2021 19:11:20.569139957 CEST | 49758 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:11:20.617537022 CEST | 20221 | 49758 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:11:21.130609035 CEST | 49758 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:11:21.187669039 CEST | 20221 | 49758 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:11:21.693063974 CEST | 49758 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:11:21.741599083 CEST | 20221 | 49758 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:11:25.757402897 CEST | 49762 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:11:25.805797100 CEST | 20221 | 49762 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:11:26.318454027 CEST | 49762 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:11:26.367983103 CEST | 20221 | 49762 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:11:26.881021976 CEST | 49762 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:11:26.929436922 CEST | 20221 | 49762 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:11:31.055226088 CEST | 49763 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:11:31.105313063 CEST | 20221 | 49763 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:11:31.647388935 CEST | 49763 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:11:31.695698023 CEST | 20221 | 49763 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:11:32.209665060 CEST | 49763 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:11:32.258572102 CEST | 20221 | 49763 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:11:32.971723080 CEST | 80 | 49680 | 93.184.220.29 | 192.168.2.7 |
May 12, 2021 19:11:32.971844912 CEST | 49680 | 80 | 192.168.2.7 | 93.184.220.29 |
May 12, 2021 19:11:36.332123995 CEST | 49764 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:11:36.380331993 CEST | 20221 | 49764 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:11:36.882271051 CEST | 49764 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:11:36.930670023 CEST | 20221 | 49764 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:11:37.444375992 CEST | 49764 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:11:37.493633032 CEST | 20221 | 49764 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:11:41.571355104 CEST | 49765 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:11:41.619935036 CEST | 20221 | 49765 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:11:42.132308960 CEST | 49765 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:11:42.181401968 CEST | 20221 | 49765 | 185.140.53.138 | 192.168.2.7 |
May 12, 2021 19:11:42.694823027 CEST | 49765 | 20221 | 192.168.2.7 | 185.140.53.138 |
May 12, 2021 19:11:42.745182037 CEST | 20221 | 49765 | 185.140.53.138 | 192.168.2.7 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 12, 2021 19:09:23.519428968 CEST | 56217 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:23.580670118 CEST | 53 | 56217 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:23.810734987 CEST | 63354 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:23.874382019 CEST | 53 | 63354 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:24.114198923 CEST | 53129 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:24.165884972 CEST | 53 | 53129 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:25.360261917 CEST | 62452 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:25.409053087 CEST | 53 | 62452 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:26.311340094 CEST | 57820 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:26.335422039 CEST | 50848 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:26.376713037 CEST | 53 | 57820 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:26.384167910 CEST | 53 | 50848 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:26.754836082 CEST | 61242 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:26.814997911 CEST | 53 | 61242 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:28.012442112 CEST | 58562 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:28.061568975 CEST | 53 | 58562 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:29.286885977 CEST | 56590 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:29.335742950 CEST | 53 | 56590 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:30.482445002 CEST | 60501 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:30.534065008 CEST | 53 | 60501 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:34.885289907 CEST | 53775 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:34.937410116 CEST | 53 | 53775 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:36.005516052 CEST | 51837 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:36.057012081 CEST | 53 | 51837 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:36.989403963 CEST | 55411 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:37.038420916 CEST | 53 | 55411 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:38.209544897 CEST | 63668 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:38.259511948 CEST | 53 | 63668 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:39.321352959 CEST | 54640 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:39.371000051 CEST | 53 | 54640 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:40.033440113 CEST | 58739 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:40.095434904 CEST | 53 | 58739 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:40.307174921 CEST | 60338 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:40.356019020 CEST | 53 | 60338 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:41.418868065 CEST | 58717 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:41.469022036 CEST | 53 | 58717 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:42.424104929 CEST | 59762 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:42.475630999 CEST | 53 | 59762 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:45.964047909 CEST | 54329 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:46.026415110 CEST | 53 | 54329 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:47.856292009 CEST | 58052 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:47.920233965 CEST | 53 | 58052 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:47.953670979 CEST | 54008 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:48.003284931 CEST | 53 | 54008 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:49.054560900 CEST | 59451 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:49.103358030 CEST | 53 | 59451 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:49.995851040 CEST | 52914 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:50.046638012 CEST | 53 | 52914 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:51.704722881 CEST | 64569 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:51.756882906 CEST | 53 | 64569 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:52.970551968 CEST | 52816 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:53.019751072 CEST | 53 | 52816 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:53.854290009 CEST | 50781 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:53.903247118 CEST | 53 | 50781 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:54.449297905 CEST | 54230 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:54.508183956 CEST | 53 | 54230 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:54.806654930 CEST | 54911 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:54.856170893 CEST | 53 | 54911 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:56.734750032 CEST | 49958 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:56.785367966 CEST | 53 | 49958 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:09:59.847589970 CEST | 50860 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:09:59.906244993 CEST | 53 | 50860 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:10:06.137185097 CEST | 50452 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:10:06.198914051 CEST | 53 | 50452 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:10:11.983949900 CEST | 59730 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:10:12.041466951 CEST | 53 | 59730 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:10:18.562263966 CEST | 59310 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:10:18.625128984 CEST | 53 | 59310 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:10:20.379787922 CEST | 51919 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:10:20.438606977 CEST | 53 | 51919 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:10:27.426090956 CEST | 64296 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:10:27.483361959 CEST | 53 | 64296 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:10:32.676578999 CEST | 56680 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:10:32.736129999 CEST | 53 | 56680 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:10:37.929197073 CEST | 58820 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:10:37.989478111 CEST | 53 | 58820 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:10:50.111529112 CEST | 60983 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:10:50.174298048 CEST | 53 | 60983 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:10:55.205688953 CEST | 49247 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:10:55.275978088 CEST | 53 | 49247 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:10:58.786215067 CEST | 52286 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:10:58.849198103 CEST | 53 | 52286 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:11:04.038754940 CEST | 56064 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:11:04.096352100 CEST | 53 | 56064 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:11:09.754262924 CEST | 63744 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:11:09.809561014 CEST | 53 | 63744 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:11:15.814275980 CEST | 61457 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:11:15.913336039 CEST | 53 | 61457 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:11:16.497555971 CEST | 58367 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:11:16.557554007 CEST | 53 | 58367 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:11:17.198498011 CEST | 60599 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:11:17.255631924 CEST | 53 | 60599 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:11:17.736108065 CEST | 59571 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:11:17.742290974 CEST | 52689 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:11:17.811340094 CEST | 53 | 59571 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:11:17.867028952 CEST | 53 | 52689 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:11:18.442326069 CEST | 50290 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:11:18.504839897 CEST | 53 | 50290 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:11:19.367453098 CEST | 60427 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:11:19.432298899 CEST | 53 | 60427 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:11:19.943841934 CEST | 56209 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:11:20.002940893 CEST | 53 | 56209 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:11:20.919472933 CEST | 59582 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:11:20.978926897 CEST | 53 | 59582 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:11:22.055633068 CEST | 60949 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:11:22.104902029 CEST | 53 | 60949 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:11:22.648665905 CEST | 58542 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:11:22.708687067 CEST | 53 | 58542 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:11:30.994379997 CEST | 59179 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:11:31.053859949 CEST | 53 | 59179 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:11:36.273329973 CEST | 60927 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:11:36.331198931 CEST | 53 | 60927 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:11:41.509563923 CEST | 57854 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:11:41.569755077 CEST | 53 | 57854 | 8.8.8.8 | 192.168.2.7 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
May 12, 2021 19:09:23.810734987 CEST | 192.168.2.7 | 8.8.8.8 | 0x4ac4 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2021 19:09:54.449297905 CEST | 192.168.2.7 | 8.8.8.8 | 0x1750 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2021 19:09:59.847589970 CEST | 192.168.2.7 | 8.8.8.8 | 0x8283 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2021 19:10:06.137185097 CEST | 192.168.2.7 | 8.8.8.8 | 0xc9a2 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2021 19:10:27.426090956 CEST | 192.168.2.7 | 8.8.8.8 | 0x6c9b | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2021 19:10:32.676578999 CEST | 192.168.2.7 | 8.8.8.8 | 0xf3e3 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2021 19:10:37.929197073 CEST | 192.168.2.7 | 8.8.8.8 | 0x73f8 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2021 19:10:58.786215067 CEST | 192.168.2.7 | 8.8.8.8 | 0xaac1 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2021 19:11:04.038754940 CEST | 192.168.2.7 | 8.8.8.8 | 0x4099 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2021 19:11:09.754262924 CEST | 192.168.2.7 | 8.8.8.8 | 0xb7bf | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2021 19:11:30.994379997 CEST | 192.168.2.7 | 8.8.8.8 | 0xd530 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2021 19:11:36.273329973 CEST | 192.168.2.7 | 8.8.8.8 | 0xb88e | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2021 19:11:41.509563923 CEST | 192.168.2.7 | 8.8.8.8 | 0x8659 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
May 12, 2021 19:09:23.874382019 CEST | 8.8.8.8 | 192.168.2.7 | 0x4ac4 | No error (0) | authgfx.msa.akadns6.net | CNAME (Canonical name) | IN (0x0001) | ||
May 12, 2021 19:09:24.165884972 CEST | 8.8.8.8 | 192.168.2.7 | 0x42cc | No error (0) | www.tm.a.prd.aadg.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
May 12, 2021 19:09:54.508183956 CEST | 8.8.8.8 | 192.168.2.7 | 0x1750 | No error (0) | 185.140.53.138 | A (IP address) | IN (0x0001) | ||
May 12, 2021 19:09:59.906244993 CEST | 8.8.8.8 | 192.168.2.7 | 0x8283 | No error (0) | 185.140.53.138 | A (IP address) | IN (0x0001) | ||
May 12, 2021 19:10:06.198914051 CEST | 8.8.8.8 | 192.168.2.7 | 0xc9a2 | No error (0) | 185.140.53.138 | A (IP address) | IN (0x0001) | ||
May 12, 2021 19:10:27.483361959 CEST | 8.8.8.8 | 192.168.2.7 | 0x6c9b | No error (0) | 185.140.53.138 | A (IP address) | IN (0x0001) | ||
May 12, 2021 19:10:32.736129999 CEST | 8.8.8.8 | 192.168.2.7 | 0xf3e3 | No error (0) | 185.140.53.138 | A (IP address) | IN (0x0001) | ||
May 12, 2021 19:10:37.989478111 CEST | 8.8.8.8 | 192.168.2.7 | 0x73f8 | No error (0) | 185.140.53.138 | A (IP address) | IN (0x0001) | ||
May 12, 2021 19:10:58.849198103 CEST | 8.8.8.8 | 192.168.2.7 | 0xaac1 | No error (0) | 185.140.53.138 | A (IP address) | IN (0x0001) | ||
May 12, 2021 19:11:04.096352100 CEST | 8.8.8.8 | 192.168.2.7 | 0x4099 | No error (0) | 185.140.53.138 | A (IP address) | IN (0x0001) | ||
May 12, 2021 19:11:09.809561014 CEST | 8.8.8.8 | 192.168.2.7 | 0xb7bf | No error (0) | 185.140.53.138 | A (IP address) | IN (0x0001) | ||
May 12, 2021 19:11:31.053859949 CEST | 8.8.8.8 | 192.168.2.7 | 0xd530 | No error (0) | 185.140.53.138 | A (IP address) | IN (0x0001) | ||
May 12, 2021 19:11:36.331198931 CEST | 8.8.8.8 | 192.168.2.7 | 0xb88e | No error (0) | 185.140.53.138 | A (IP address) | IN (0x0001) | ||
May 12, 2021 19:11:41.569755077 CEST | 8.8.8.8 | 192.168.2.7 | 0x8659 | No error (0) | 185.140.53.138 | A (IP address) | IN (0x0001) |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 19:09:28 |
Start date: | 12/05/2021 |
Path: | C:\Users\user\Desktop\Quotation_Order.pdf.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb20000 |
File size: | 845312 bytes |
MD5 hash: | 9EC5D09C8ADEFBF30598A5BD5F8D826E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 19:09:33 |
Start date: | 12/05/2021 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xef0000 |
File size: | 185856 bytes |
MD5 hash: | 15FF7D8324231381BAD48A052F85DF04 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 19:09:33 |
Start date: | 12/05/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff774ee0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 19:09:34 |
Start date: | 12/05/2021 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xcc0000 |
File size: | 261728 bytes |
MD5 hash: | D621FD77BD585874F9686D3A76462EF1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | moderate |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 04EC4A68, Relevance: 1.4, Strings: 1, Instructions: 200COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC4A78, Relevance: 1.4, Strings: 1, Instructions: 198COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC3D58, Relevance: 1.4, Strings: 1, Instructions: 140COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC3D68, Relevance: 1.4, Strings: 1, Instructions: 135COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC8A31, Relevance: .5, Instructions: 499COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC4450, Relevance: .3, Instructions: 311COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC4460, Relevance: .3, Instructions: 310COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC7204, Relevance: .2, Instructions: 220COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC39E8, Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC39F8, Relevance: .1, Instructions: 99COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC82F0, Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC8300, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC83B4, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0156BBB8, Relevance: 1.7, APIs: 1, Instructions: 204COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0156DC6D, Relevance: 1.6, APIs: 1, Instructions: 115COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0156DC78, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01566D49, Relevance: 1.6, APIs: 1, Instructions: 102COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01566DB8, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC2669, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC2670, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01566DC0, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC24B8, Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC24C0, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC940A, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC2338, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC2331, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0156BDA8, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC9410, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC7CD0, Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0156DEC0, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0156DEB9, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC7CD8, Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013AD4D8, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BD01C, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BD006, Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013AD4D3, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013AD749, Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013AD748, Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 04EC5B70, Relevance: 1.4, Strings: 1, Instructions: 126COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0156C2B0, Relevance: .5, Instructions: 522COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 015699D8, Relevance: .3, Instructions: 265COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC54B8, Relevance: .2, Instructions: 234COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC54A7, Relevance: .2, Instructions: 228COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC3829, Relevance: .2, Instructions: 176COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC58F0, Relevance: .2, Instructions: 164COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC58E1, Relevance: .2, Instructions: 158COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC5B19, Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC5AEB, Relevance: .1, Instructions: 125COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC1298, Relevance: .1, Instructions: 124COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC1289, Relevance: .1, Instructions: 119COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC1889, Relevance: .1, Instructions: 96COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04EC18D0, Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067233D0, Relevance: 1.7, APIs: 1, Instructions: 213COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 015193E8, Relevance: 1.7, APIs: 1, Instructions: 194COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0151FBEC, Relevance: 1.6, APIs: 1, Instructions: 119COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0151FBF8, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0151BCF9, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0151BD00, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01518704, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0151FE38, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 056B0438, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0151FE40, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 056B0440, Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|