Windows
Analysis Report
02132022769992.doc
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
- WINWORD.EXE (PID: 1500 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\WINWOR D.EXE" /Au tomation - Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
- EQNEDT32.EXE (PID: 2044 cmdline:
"C:\Progra m Files\Co mmon Files \Microsoft Shared\EQ UATION\EQN EDT32.EXE" -Embeddin g MD5: A87236E214F6D42A65F5DEDAC816AEC8) - name.exe (PID: 1464 cmdline:
"C:\Users\ user\AppDa ta\Roaming \name.exe" MD5: 91DE6EFC69676A4DD4CED5E2111AB489) - name.exe (PID: 1124 cmdline:
C:\Users\u ser\AppDat a\Roaming\ name.exe MD5: 91DE6EFC69676A4DD4CED5E2111AB489) - vbc.exe (PID: 2396 cmdline:
C:\Windows \Microsoft .NET\Frame work\v2.0. 50727\vbc. exe /stext "C:\Users \user\AppD ata\Local\ Temp\holde rmail.txt" MD5: 1672D0478049ABDAF0197BE64A7F867F) - vbc.exe (PID: 3008 cmdline:
C:\Windows \Microsoft .NET\Frame work\v2.0. 50727\vbc. exe /stext "C:\Users \user\AppD ata\Local\ Temp\holde rwb.txt" MD5: 1672D0478049ABDAF0197BE64A7F867F)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
INDICATOR_RTF_MalVer_Objects | Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp |
| |
JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | ||
HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp |
| |
JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | ||
RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> |
| |
Click to see the 54 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | ||
HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp |
| |
JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | ||
JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | ||
JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | ||
Click to see the 180 entries |
Exploits |
---|
Source: | Author: Joe Security: |
Source: | Author: Joe Security: |
System Summary |
---|
Source: | Author: Florian Roth: |
Source: | Author: frack113: |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | ReversingLabs: |
Source: | Avira: |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Exploits |
---|
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process created: |
Compliance |
---|
Source: | Unpacked PE file: |
Source: | HTTPS traffic detected: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Code function: | 6_2_00406EC3 | |
Source: | Code function: | 7_2_00408441 | |
Source: | Code function: | 7_2_00407E0E |
Source: | TCP traffic: |
Source: | DNS query: |
Source: | Code function: | 5_2_002EE40E | |
Source: | Code function: | 5_2_002ED848 | |
Source: | Code function: | 5_2_002E185D | |
Source: | Code function: | 5_2_002ED081 | |
Source: | Code function: | 5_2_002EA493 | |
Source: | Code function: | 5_2_002ECD5D | |
Source: | Code function: | 5_2_002EC9AE | |
Source: | Code function: | 5_2_002EC9AE | |
Source: | Code function: | 5_2_002E2180 | |
Source: | Code function: | 5_2_002EC24F | |
Source: | Code function: | 5_2_002EC24F | |
Source: | Code function: | 5_2_002E9A5D | |
Source: | Code function: | 5_2_002E0A55 | |
Source: | Code function: | 5_2_002EE283 | |
Source: | Code function: | 5_2_002ECA98 | |
Source: | Code function: | 5_2_002ECA98 | |
Source: | Code function: | 5_2_002ED75E | |
Source: | Code function: | 5_2_002E1BA5 |
Source: | TCP traffic: |
Networking |
---|
Source: | Snort IDS: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | ASN Name: |
Source: | IP Address: |
Source: | TCP traffic: |
Source: | FTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File created: | Jump to behavior |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | HTTPS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 6_2_0040AC8A |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | OLE indicator application name: |
Source: | Code function: | 4_2_00191020 | |
Source: | Code function: | 4_2_00193050 | |
Source: | Code function: | 4_2_0019C868 | |
Source: | Code function: | 4_2_00192130 | |
Source: | Code function: | 4_2_00198430 | |
Source: | Code function: | 4_2_00190471 | |
Source: | Code function: | 4_2_00198544 | |
Source: | Code function: | 4_2_00191781 | |
Source: | Code function: | 4_2_00191019 | |
Source: | Code function: | 4_2_00193007 | |
Source: | Code function: | 4_2_0019B890 | |
Source: | Code function: | 4_2_001930FC | |
Source: | Code function: | 4_2_001950F0 | |
Source: | Code function: | 4_2_00195100 | |
Source: | Code function: | 4_2_00193149 | |
Source: | Code function: | 4_2_00193174 | |
Source: | Code function: | 4_2_00198A20 | |
Source: | Code function: | 4_2_00194A58 | |
Source: | Code function: | 4_2_00194A48 | |
Source: | Code function: | 4_2_0019A271 | |
Source: | Code function: | 4_2_0019A280 | |
Source: | Code function: | 4_2_001952F8 | |
Source: | Code function: | 4_2_00195308 | |
Source: | Code function: | 4_2_001933F4 | |
Source: | Code function: | 4_2_00198410 | |
Source: | Code function: | 4_2_00193401 | |
Source: | Code function: | 4_2_00193519 | |
Source: | Code function: | 4_2_00195538 | |
Source: | Code function: | 4_2_00195548 | |
Source: | Code function: | 4_2_00194D48 | |
Source: | Code function: | 4_2_00193ED1 | |
Source: | Code function: | 4_2_00193EE0 | |
Source: | Code function: | 4_2_00195750 | |
Source: | Code function: | 4_2_00190F7D | |
Source: | Code function: | 4_2_00750D08 | |
Source: | Code function: | 4_2_007513E4 | |
Source: | Code function: | 4_2_00756390 | |
Source: | Code function: | 4_2_007648A8 | |
Source: | Code function: | 4_2_00764A40 | |
Source: | Code function: | 4_2_00769138 | |
Source: | Code function: | 4_2_00763C38 | |
Source: | Code function: | 4_2_00768EE0 | |
Source: | Code function: | 5_2_002E7C38 | |
Source: | Code function: | 5_2_002EBC10 | |
Source: | Code function: | 5_2_002E94E8 | |
Source: | Code function: | 5_2_002E9DD0 | |
Source: | Code function: | 5_2_002E25D0 | |
Source: | Code function: | 5_2_002EAE10 | |
Source: | Code function: | 5_2_002E7368 | |
Source: | Code function: | 5_2_002E7020 | |
Source: | Code function: | 5_2_002E25AB | |
Source: | Code function: | 5_2_002EADFF | |
Source: | Code function: | 5_2_002EC24F | |
Source: | Code function: | 5_2_002E4648 | |
Source: | Code function: | 5_2_002E07E0 | |
Source: | Code function: | 6_2_00404DDB | |
Source: | Code function: | 6_2_0040BD8A | |
Source: | Code function: | 6_2_00404E4C | |
Source: | Code function: | 6_2_00404EBD | |
Source: | Code function: | 6_2_00404F4E | |
Source: | Code function: | 7_2_00404419 | |
Source: | Code function: | 7_2_00404516 | |
Source: | Code function: | 7_2_00413538 | |
Source: | Code function: | 7_2_004145A1 | |
Source: | Code function: | 7_2_0040E639 | |
Source: | Code function: | 7_2_004337AF | |
Source: | Code function: | 7_2_004399B1 | |
Source: | Code function: | 7_2_0043DAE7 | |
Source: | Code function: | 7_2_00405CF6 | |
Source: | Code function: | 7_2_00403F85 | |
Source: | Code function: | 7_2_00411F99 |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 5_2_002EDC2E | |
Source: | Code function: | 5_2_002E85A4 | |
Source: | Code function: | 5_2_002E8580 | |
Source: | Code function: | 5_2_002E8598 | |
Source: | Code function: | 5_2_002EE040 | |
Source: | Code function: | 5_2_002EE0FC | |
Source: | Code function: | 5_2_002E85BC | |
Source: | Code function: | 5_2_002E85B0 | |
Source: | Code function: | 5_2_002E8688 | |
Source: | Code function: | 7_2_00408836 |
Source: | OLE indicator has summary info: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: |
Source: | Code function: | 7_2_00415AFD |
Source: | Code function: | 6_2_0040ED0B |
Source: | Binary or memory string: |
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: |
Source: | ReversingLabs: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Code function: | 7_2_00415F87 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Code function: | 7_2_00411196 |
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Initial sample: |
Data Obfuscation |
---|
Source: | Unpacked PE file: |
Source: | Unpacked PE file: |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 4_2_00A45AEF | |
Source: | Code function: | 4_2_00A449D5 | |
Source: | Code function: | 4_2_00A4671F | |
Source: | Code function: | 4_2_00199341 | |
Source: | Code function: | 4_2_00198FD7 | |
Source: | Code function: | 4_2_00760D01 | |
Source: | Code function: | 5_2_00A45AEF | |
Source: | Code function: | 5_2_00A449D5 | |
Source: | Code function: | 5_2_00A4671F | |
Source: | Code function: | 5_2_002EE27D | |
Source: | Code function: | 5_2_002E772D | |
Source: | Code function: | 6_2_00411889 | |
Source: | Code function: | 6_2_004118B4 | |
Source: | Code function: | 6_2_004118DC | |
Source: | Code function: | 7_2_00442881 | |
Source: | Code function: | 7_2_00442AA4 | |
Source: | Code function: | 7_2_00442ACC | |
Source: | Code function: | 7_2_00446E61 |
Source: | Code function: | 6_2_00404837 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Key value created or modified: | Jump to behavior |
Source: | Key value created or modified: | Jump to behavior |
Source: | Code function: | 6_2_0040F64B |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Code function: | 7_2_00408836 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 7_2_004161B0 |
Source: | Code function: | 6_2_00406EC3 | |
Source: | Code function: | 7_2_00408441 | |
Source: | Code function: | 7_2_00407E0E |
Source: | Code function: | 7_2_00408836 |
Source: | Code function: | 6_2_00404837 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Section unmapped: | Jump to behavior | ||
Source: | Section unmapped: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 7_2_0041604B |
Source: | Code function: | 6_2_0040724C |
Source: | Code function: | 6_2_00406278 |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Code function: | 6_2_00402D9A | |
Source: | Code function: | 6_2_00402D9A | |
Source: | Code function: | 6_2_004033D7 |
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Key opened: | Jump to behavior |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 Replication Through Removable Media | 1 Windows Management Instrumentation | Path Interception | 411 Process Injection | 1 Disable or Modify Tools | 1 OS Credential Dumping | 1 System Time Discovery | 1 Replication Through Removable Media | 11 Archive Collected Data | 1 Exfiltration Over Alternative Protocol | 4 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | 11 Native API | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 11 Deobfuscate/Decode Files or Information | 1 Input Capture | 1 Peripheral Device Discovery | Remote Desktop Protocol | 1 Data from Local System | Exfiltration Over Bluetooth | 11 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | 1 Shared Modules | Logon Script (Windows) | Logon Script (Windows) | 41 Obfuscated Files or Information | 2 Credentials in Registry | 1 Account Discovery | SMB/Windows Admin Shares | 2 Email Collection | Automated Exfiltration | 1 Non-Standard Port | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | 13 Exploitation for Client Execution | Logon Script (Mac) | Logon Script (Mac) | 33 Software Packing | 1 Credentials In Files | 3 File and Directory Discovery | Distributed Component Object Model | 1 Input Capture | Scheduled Transfer | 1 Remote Access Software | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Masquerading | LSA Secrets | 18 System Information Discovery | SSH | 1 Clipboard Data | Data Transfer Size Limits | 3 Non-Application Layer Protocol | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 Modify Registry | Cached Domain Credentials | 121 Security Software Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | 24 Application Layer Protocol | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 21 Virtualization/Sandbox Evasion | DCSync | 21 Virtualization/Sandbox Evasion | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 411 Process Injection | Proc Filesystem | 3 Process Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | 1 Hidden Files and Directories | /etc/passwd and /etc/shadow | 1 Application Window Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | 1 System Owner/User Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | Right-to-Left Override | Input Capture | 1 Remote System Discovery | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop | ||
Compromise Software Supply Chain | Unix Shell | Launchd | Launchd | Rename System Utilities | Keylogging | 1 System Network Configuration Discovery | Component Object Model and Distributed COM | Screen Capture | Exfiltration over USB | DNS | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
40% | ReversingLabs | Document-RTF.Exploit.CVE-2017-11882 | ||
100% | Avira | HEUR/Rtf.Malformed |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | EXP/CVE-2018-0798.Gen | ||
100% | Avira | HEUR/AGEN.1140941 | ||
100% | Avira | HEUR/AGEN.1140941 | ||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1140941 | Download File | ||
100% | Avira | HEUR/AGEN.1210557 | Download File | ||
100% | Avira | SPR/Tool.MailPassView.473 | Download File | ||
100% | Avira | HEUR/AGEN.1140941 | Download File | ||
100% | Avira | TR/AD.MExecute.lzrac | Download File | ||
100% | Avira | SPR/Tool.MailPassView.473 | Download File | ||
100% | Avira | TR/AD.MExecute.lzrac | Download File | ||
100% | Avira | SPR/Tool.MailPassView.473 | Download File | ||
100% | Avira | TR/AD.MExecute.lzrac | Download File | ||
100% | Avira | SPR/Tool.MailPassView.473 | Download File | ||
100% | Avira | HEUR/AGEN.1210557 | Download File | ||
100% | Avira | HEUR/AGEN.1109526 | Download File | ||
100% | Avira | HEUR/AGEN.1140941 | Download File | ||
100% | Avira | HEUR/AGEN.1210557 | Download File | ||
100% | Avira | SPR/Tool.MailPassView.473 | Download File | ||
100% | Avira | TR/AD.MExecute.lzrac | Download File | ||
100% | Avira | SPR/Tool.MailPassView.473 | Download File | ||
100% | Avira | HEUR/AGEN.1140941 | Download File | ||
100% | Avira | HEUR/AGEN.1140941 | Download File | ||
100% | Avira | HEUR/AGEN.1140941 | Download File | ||
100% | Avira | HEUR/AGEN.1210557 | Download File | ||
100% | Avira | HEUR/AGEN.1140941 | Download File | ||
100% | Avira | HEUR/AGEN.1140941 | Download File | ||
100% | Avira | HEUR/AGEN.1140941 | Download File | ||
100% | Avira | TR/AD.MExecute.lzrac | Download File | ||
100% | Avira | SPR/Tool.MailPassView.473 | Download File | ||
100% | Avira | SPR/Tool.MailPassView.473 | Download File | ||
100% | Avira | TR/AD.MExecute.lzrac | Download File | ||
100% | Avira | SPR/Tool.MailPassView.473 | Download File | ||
100% | Avira | SPR/Tool.MailPassView.473 | Download File | ||
100% | Avira | SPR/Tool.MailPassView.473 | Download File | ||
100% | Avira | HEUR/AGEN.1140941 | Download File | ||
100% | Avira | HEUR/AGEN.1140941 | Download File | ||
100% | Avira | HEUR/AGEN.1210557 | Download File | ||
100% | Avira | HEUR/AGEN.1140941 | Download File | ||
100% | Avira | HEUR/AGEN.1210557 | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
whatismyipaddress.com | 104.16.154.36 | true | false | high | |
ftp.manchutimefashion.com | 66.70.204.222 | true | true |
| unknown |
xelu.vn | 123.30.139.93 | true | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.16.154.36 | whatismyipaddress.com | United States | 13335 | CLOUDFLARENETUS | false | |
66.70.204.222 | ftp.manchutimefashion.com | Canada | 16276 | OVHFR | true | |
123.30.139.93 | xelu.vn | Viet Nam | 7643 | VNPT-AS-VNVietnamPostsandTelecommunicationsVNPTVN | true |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 571605 |
Start date: | 14.02.2022 |
Start time: | 08:11:28 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 12m 2s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 02132022769992.doc |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.phis.troj.spyw.expl.evad.winDOC@10/16@6/3 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe
- Report size getting too big, too many NtCreateFile calls found.
- Report size getting too big, too many NtDeviceIoControlFile calls found.
- Report size getting too big, too many NtEnumerateValueKey calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryDirectoryFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
08:12:21 | API Interceptor | |
08:12:32 | API Interceptor | |
08:12:54 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
104.16.154.36 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
whatismyipaddress.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
OVHFR | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
05af1f5ca1b87cc9cc9b25185115607d | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
7dcce5b76c8b17472d024758970a406b | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\PU4TLXlhTTxUD3B[1].exe
Download File
Process: | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
File Type: | |
Category: | downloaded |
Size (bytes): | 1244160 |
Entropy (8bit): | 7.841876304894837 |
Encrypted: | false |
SSDEEP: | 12288:zOTIkOQC3u4diHquSEbVziIN8cmGIhUGAVigEnKQHmlNhcoHnMaTvcXw8AKT/arK:oeMxSoTSTGZihnKQHToHnHEXw8BT/ |
MD5: | 91DE6EFC69676A4DD4CED5E2111AB489 |
SHA1: | 262F23FEEE502E24D6D044C05BCB7B3153B3920E |
SHA-256: | 57754827B4E179D20088BE1AA0FEC9D1F8E3A872E81103B2C7264F80A0A86B36 |
SHA-512: | A138DD6D2645729104DE1FD312D2240E3440706C8BB08DD127BE04CB703AD1ACEEF69B5A26F49B4B314B63D9FA750C1FF242F3B09C80D1B9F7FB76E8F88F236F |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
IE Cache URL: | https://xelu.vn/Newww/PU4TLXlhTTxUD3B.exe |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\PU4TLXlhTTxUD3B[1].htm
Download File
Process: | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 249 |
Entropy (8bit): | 5.185657568056262 |
Encrypted: | false |
SSDEEP: | 6:pn0+Dy9xwol6hEr6VX16hu9nPXjEkxFn0dSi+KqD:J0+ox0RJWWPXjLkiT |
MD5: | 604D5368CC278259AC4181CE7EA333C4 |
SHA1: | 44455EA6E087D04C7BD25A36B885E9CC517E2CE2 |
SHA-256: | 109DDD9AACC9DA031AE2E577B20FAD84ADC0E182D07758DBA4BE831D87B8BCDC |
SHA-512: | 6FCD78E6A781962EFE55FD7D43F04825E895FC683A72E017E2FEBC45A11F5AA442168D0B9693596478468D71FA6CE03FAA2A413E5C610A95F8829FA85F494C92 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{FF780E00-89C7-4301-A104-C139521B8BBC}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5632 |
Entropy (8bit): | 4.1199747529872415 |
Encrypted: | false |
SSDEEP: | 48:rY4Z+ZTMbvOGJa8ohDrGkzBtqXCrOwQ+0ADfD59jvrPASc7:k3ZTMzOGEhfN1QwpvDfD5dvrPAS6 |
MD5: | AF6190CD34865146CEF3A381866FE465 |
SHA1: | 3A187578923D2BCAED8629F3B8612D76D1D08F51 |
SHA-256: | 44BC6126F350852BEC1A89F638545D884FBC37D4572AC83F541C90D39A555F85 |
SHA-512: | 5A0F1ED77D91817F9976E04E7EED0475EAA95FAE4A4652A16FEFF46494CE54984DA12C9F1065B2108BC02CA70660298F35524EBE18EEFD0366804EB9C3CD157D |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2B2068B3-D552-4786-8969-BAD999A42CE0}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1024 |
Entropy (8bit): | 0.05390218305374581 |
Encrypted: | false |
SSDEEP: | 3:ol3lYdn:4Wn |
MD5: | 5D4D94EE7E06BBB0AF9584119797B23A |
SHA1: | DBB111419C704F116EFA8E72471DD83E86E49677 |
SHA-256: | 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1 |
SHA-512: | 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3D4B2259-255D-4363-A990-87934546D08F}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1536 |
Entropy (8bit): | 1.3586208805849456 |
Encrypted: | false |
SSDEEP: | 3:Iiiiiiiiiif3l/Hlnl/bl//l/bllBl/PvvvvvvvvvvFl/l/lAqsalHl3lldHzlbf:IiiiiiiiiifdLloZQc8++lsJe1Mz4 |
MD5: | 07303A3EA82B2524552E41A507BD5244 |
SHA1: | 606E7DFD02924D2C4E383EB4CAFED406C34F5A11 |
SHA-256: | A264FB2DC4331DDB0AF2490AE8EC2881ABFF7DD956A03CB2A8EA5106CF32ABF8 |
SHA-512: | CEC1F5C9A714EE3BB969E2A7C48DBF56E81C9117C32D8D490A257C45C90439971292FCF2236523CA52E4FF52343971D6CCF8BFA7BC773744BFD537BF31E1AAAC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B8192480-7923-4DC7-9F00-6373E7E03914}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 86528 |
Entropy (8bit): | 3.7804643542231466 |
Encrypted: | false |
SSDEEP: | 1536:r29ph/xqOZgp3dCPIWxnIFfprS21x6RdMBngu:i9ph/xq+i3QJBIfprt1x6R6ngu |
MD5: | 2435183B5BDF3DB7160B7B2DD37B5113 |
SHA1: | 8484EC065C45DFFF97BA5DD49FF9A7750E488C65 |
SHA-256: | 1A62F6AC39B557D228FFF614B16C0035173DD51F38847C8C14B97531FB8C2738 |
SHA-512: | A7C017B8215BB59017D9BDB1E0147E1AD0DA35BF5C5E35666A494B24D3EBD01ED441F0D833FA8A186E1664A5EFE34CDC31F9117DB64CE7B259A2DD5F99392FAE |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 21037056 |
Entropy (8bit): | 1.1435025112776838 |
Encrypted: | false |
SSDEEP: | 24576:Pq1U91o2I+0mZ5lahHLLGpHqqnEXwPtofJIRH330nW/jMB1emX4UJlNd:PqEXg1LoHqqEXwPW+RHA6m1fN |
MD5: | 6CF986B6E06E981B61CEA6B257F5BED4 |
SHA1: | 34957B7EBFB3E3D6214E363B118DC7B67B6C1842 |
SHA-256: | CD3B0A5BE45E8C00AF512832960D56F82A6A721AEFB7C3D57F535226D396515B |
SHA-512: | 4ECC680F58576A004063D22F384081C6028C3935128BB491D02C692E637C61F24A74C29FC509B5E222FDFB80B7761A4A65AC0F2D0443D924D49BFA2760B24B8F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2 |
Entropy (8bit): | 1.0 |
Encrypted: | false |
SSDEEP: | 3:Qn:Qn |
MD5: | F3B25701FE362EC84616A93A45CE9998 |
SHA1: | D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB |
SHA-256: | B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209 |
SHA-512: | 98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1034 |
Entropy (8bit): | 4.493338008436439 |
Encrypted: | false |
SSDEEP: | 24:8CNeqrA/XTuzLIFhBek3DLmh+Dv3qaQd7Qy:8CNeqs/XTkq/3OaUj |
MD5: | 1EB923923D776FD193E9FE90D330DE20 |
SHA1: | 435523445F32BB860EA9495ACEE5C973DE1263F9 |
SHA-256: | A364D48085DA0FF27E59FF373BB118365D8FE60BF3A842FA8F82D79B4D2862B2 |
SHA-512: | 4C383322333BE32D552F7EC009476FE08AA598EDC5144007A8D2D655096811885EBF28C127A83F9F8A165B3A2B7D8EE300B9C9750A1E5098EB5605F8F5250763 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 79 |
Entropy (8bit): | 4.529994085272568 |
Encrypted: | false |
SSDEEP: | 3:bDuMJlZX9QcOmX1VEQ9QcOv:bCQX9Qcz9QcA |
MD5: | 15364D423B33027F1A6E8E51A91976F1 |
SHA1: | FFB7A021C75EC739A73D40BDF797E9036D37DCF3 |
SHA-256: | 6ADB552438BBBD774F80D8E8BC6834B59ECDD8962470DD9C30B436BBCF673A58 |
SHA-512: | 64FF3EBBD7F6634F6E7A8B8E5E24C282C46CF0FA65E07BC4883D0BA01BEE1B3F339C70CE3CB8FBCC0C814F3059E275A143333AADF679E9C8E3B17446F5F29731 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.5038355507075254 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyEGlBsB2q/WWqlFGa1/ln:vdsCkWtYlqAHR9l |
MD5: | 45B1E2B14BE6C1EFC217DCE28709F72D |
SHA1: | 64E3E91D6557D176776A498CF0776BE3679F13C3 |
SHA-256: | 508D8C67A6B3A7B24641F8DEEBFB484B12CFDAFD23956791176D6699C97978E6 |
SHA-512: | 2EB6C22095EFBC366D213220CB22916B11B1234C18BBCD5457AB811BE0E3C74A2564F56C6835E00A0C245DF964ADE3697EFA4E730D66CC43C1C903975F6225C0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2 |
Entropy (8bit): | 1.0 |
Encrypted: | false |
SSDEEP: | 3:Qn:Qn |
MD5: | F3B25701FE362EC84616A93A45CE9998 |
SHA1: | D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB |
SHA-256: | B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209 |
SHA-512: | 98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1244160 |
Entropy (8bit): | 7.841876304894837 |
Encrypted: | false |
SSDEEP: | 12288:zOTIkOQC3u4diHquSEbVziIN8cmGIhUGAVigEnKQHmlNhcoHnMaTvcXw8AKT/arK:oeMxSoTSTGZihnKQHToHnHEXw8BT/ |
MD5: | 91DE6EFC69676A4DD4CED5E2111AB489 |
SHA1: | 262F23FEEE502E24D6D044C05BCB7B3153B3920E |
SHA-256: | 57754827B4E179D20088BE1AA0FEC9D1F8E3A872E81103B2C7264F80A0A86B36 |
SHA-512: | A138DD6D2645729104DE1FD312D2240E3440706C8BB08DD127BE04CB703AD1ACEEF69B5A26F49B4B314B63D9FA750C1FF242F3B09C80D1B9F7FB76E8F88F236F |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Roaming\name.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 1.5 |
Encrypted: | false |
SSDEEP: | 3:NBn:rn |
MD5: | C7635BFD99248A2CDEF8249EF7BFBEF4 |
SHA1: | FF33A8F10515011CBA0D191AE58F7F9A4DD7A3E1 |
SHA-256: | 736E537F0F664A3D8208E88C114F2C5A16FFF5800E5C146B0B83B1C43213D003 |
SHA-512: | 2DBDEFC89CCAC9D37FDFBA9596C78ADF3D863DBB271E4871D731F6058E7A7E602531CFDF1FE8AE3D556B1A8AE576557E05E3A00FACBBC9706317C05C700ED038 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Roaming\name.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 39 |
Entropy (8bit): | 4.2504143220263435 |
Encrypted: | false |
SSDEEP: | 3:oNXp4EaKC5wz:oNPaZ5wz |
MD5: | 777C0CF5ECC7BA8EB8F0A6BF949150EC |
SHA1: | EC59E87D45CCBD2C2C21C0D5F0B7DB8385EF0B99 |
SHA-256: | 64737ED1C1F1C0904BB91DD839BF45D5D5333A4265BA5C53122AF2CFCF0B2789 |
SHA-512: | 3D6D96F09EB00E99C766BA62E5B88F1DA1795E27FB1B55620A0B783AB7EB736FBE4339E7F6FE6AC1FE316CCE89B2C3A358FEA21D63D66E8FBBDC74CFD3416616 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.5038355507075254 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyEGlBsB2q/WWqlFGa1/ln:vdsCkWtYlqAHR9l |
MD5: | 45B1E2B14BE6C1EFC217DCE28709F72D |
SHA1: | 64E3E91D6557D176776A498CF0776BE3679F13C3 |
SHA-256: | 508D8C67A6B3A7B24641F8DEEBFB484B12CFDAFD23956791176D6699C97978E6 |
SHA-512: | 2EB6C22095EFBC366D213220CB22916B11B1234C18BBCD5457AB811BE0E3C74A2564F56C6835E00A0C245DF964ADE3697EFA4E730D66CC43C1C903975F6225C0 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 5.48970867570669 |
TrID: |
|
File name: | 02132022769992.doc |
File size: | 51849 |
MD5: | def7f323a9c899eeff2daec6c685436d |
SHA1: | 19759534b1d50232576ece5e49e567bd158267d1 |
SHA256: | b80f646b11b61cb3d989da0858fec2bad99b5006f5d3f0e6a3a2bd86d8a8ac6f |
SHA512: | 972c88b62cf4f137e3baf37216cf8cd2a273c51a1772cd7143baca142b125e3a9cefc35e5a3ce0c1bb551dee548fd86971ffe702adec3ed40af3a90d220ac7ad |
SSDEEP: | 1536:KXgC3+CVqTcX7wVBAZR7r6/LhBsL18HH+VDD0y:EgC9LWBAehBg0y |
File Content Preview: | {\rtf6804{\object83154431 83154431 \objlink31290350\objupdate4496281544962815\objw9747\objh3947{\*\objdata993071 {{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{\bin0000 |
Icon Hash: | e4eea2aaa4b4b4a4 |
Id | Start | Format ID | Format | Classname | Datasize | Filename | Sourcepath | Temppath | Exploit |
---|---|---|---|---|---|---|---|---|---|
0 | 0000010Dh | no | |||||||
1 | 000000B2h | no |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
02/14/22-08:12:28.013803 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.22 | 8.8.8.8 | ||
02/14/22-08:13:06.977054 | TCP | 2020410 | ET TROJAN HawkEye Keylogger FTP | 49170 | 21 | 192.168.2.22 | 66.70.204.222 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 14, 2022 08:12:27.050923109 CET | 49165 | 80 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:27.283866882 CET | 80 | 49165 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:27.283998013 CET | 49165 | 80 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:27.524844885 CET | 80 | 49165 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:27.525022984 CET | 49165 | 80 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:27.772131920 CET | 80 | 49165 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:27.776412010 CET | 80 | 49165 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:27.776535034 CET | 49165 | 80 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:27.776643038 CET | 49165 | 80 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:27.776727915 CET | 80 | 49165 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:27.776803017 CET | 49165 | 80 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:28.023699045 CET | 80 | 49165 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:28.197524071 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:28.197593927 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:28.197671890 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:28.207456112 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:28.207499027 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:28.952873945 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:28.953233004 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:28.971748114 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:28.971806049 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:28.972162962 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:28.972278118 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:29.261437893 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:29.301868916 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:29.509798050 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:29.509902000 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:29.748469114 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:29.748483896 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:29.748615026 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:29.748708963 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:29.748734951 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:29.748748064 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:29.748794079 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:29.748858929 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:29.749701977 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:29.749764919 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:29.749773979 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:29.749785900 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:29.749814034 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:29.749830008 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:29.749964952 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:29.990530968 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:29.990562916 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:29.990675926 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:29.990835905 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:29.990869045 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:29.990993977 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:29.991090059 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:29.992862940 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:29.992980003 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:29.993026972 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:29.993046045 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:29.993098021 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:29.993108988 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:29.993194103 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:29.994024992 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:29.994134903 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:29.994195938 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:29.994291067 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:29.994649887 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.232435942 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.232465982 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.232590914 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.232690096 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.232738972 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.232820034 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.232831001 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.233280897 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.233345032 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.233366013 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.233382940 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.233401060 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.233437061 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.233458996 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.233474970 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.233481884 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.233520985 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.233628988 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.235599995 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.235704899 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.235738993 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.235764027 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.235804081 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.235811949 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.235817909 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.235869884 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.237000942 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.237119913 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.237126112 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.237149000 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.237202883 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.237217903 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.237301111 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.472332001 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.472347975 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.472429991 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.472539902 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.472569942 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.472603083 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.472611904 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.472659111 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.479784966 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.479849100 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.479998112 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.480038881 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.480066061 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.480089903 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.482182026 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.482239962 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.482362032 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.482381105 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.482407093 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.482423067 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.482690096 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.482763052 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.482810020 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.482822895 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.482873917 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.483095884 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.483155966 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.483169079 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.483182907 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.483201027 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.483218908 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.483361006 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.483861923 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.483942032 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.484086990 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.484149933 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.486634016 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.486687899 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.486793041 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.486809015 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.486860037 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.486908913 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.492372036 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.492429972 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.492568016 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.492587090 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.492625952 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.492640972 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.709489107 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.709534883 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.709728956 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.709830999 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.709907055 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.715903997 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.716051102 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.716080904 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.716113091 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.716125965 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.716130018 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.716157913 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.717458963 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.717541933 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.717549086 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.717567921 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.717617989 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.718741894 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.718828917 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.718842030 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.718848944 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.718890905 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.718903065 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.720510960 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.720571041 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.720613003 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.720621109 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.720629930 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.720654964 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.721571922 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.721626997 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.721664906 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.721673012 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.721682072 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.721719027 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.722352028 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.722405910 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.722439051 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.722445011 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.722460032 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.722486019 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.723447084 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.723500967 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.723532915 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.723539114 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.723548889 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.723575115 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.723608017 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.724605083 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.724656105 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.724693060 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.724699020 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.724729061 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.724746943 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.724749088 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.725553036 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.725601912 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.725656033 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.725661993 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.725670099 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.725693941 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.728302002 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.728354931 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.728424072 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.728431940 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.728473902 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.728477955 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.729856014 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.729909897 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.729950905 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.729959011 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.729969978 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.729993105 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.730454922 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.730505943 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.730534077 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.730540991 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.730562925 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.730576992 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.731668949 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.731723070 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.731764078 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.731777906 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.731789112 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.731817961 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.732341051 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.732392073 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.732405901 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.732412100 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.732448101 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.732705116 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.733062029 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.733112097 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.733124018 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.733130932 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.733164072 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.733338118 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.952617884 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.952630997 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.952744007 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.952775002 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.952800989 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.952815056 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.952820063 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.952846050 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.952940941 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.953514099 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.953615904 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.953778982 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.953845024 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.954066992 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.958153963 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.958215952 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.958296061 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.958317041 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.958333015 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.958359003 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.958388090 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.959219933 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.959276915 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.959315062 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.959332943 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.959345102 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.959373951 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.960426092 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.960477114 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.960555077 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.960570097 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.960596085 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.960608006 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.961272001 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.961349010 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.961385012 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.961441040 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.961498976 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.961983919 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.962039948 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.962078094 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.962093115 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.962110996 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.962135077 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.962184906 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.962800980 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.962852001 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.962918997 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.962932110 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.962974072 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.962990999 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.963862896 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.963917971 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.963954926 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.963968992 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.963985920 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.964010000 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.964051008 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.964939117 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.964993000 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.965032101 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.965044022 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.965082884 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.965147972 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.966145992 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.966203928 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.966238976 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.966254950 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.966303110 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.966315031 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.966360092 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.967206001 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.967258930 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.967288971 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.967300892 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.967340946 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.970577955 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.970634937 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.970674992 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.970694065 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.970709085 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.970736027 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.970765114 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.971637964 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.971692085 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.971712112 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.971729040 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.971740007 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.971764088 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.971787930 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.982496977 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.982561111 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.982621908 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.982645988 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.982660055 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.982681990 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.982707977 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.984306097 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.984368086 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.984390974 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.984414101 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.984426975 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.984428883 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.984443903 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.984460115 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.984489918 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.984536886 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.984540939 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.984553099 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.984586954 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.984966040 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.986125946 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.986195087 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.986269951 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.986294031 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.986298084 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.986355066 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.986360073 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.986401081 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.986409903 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.986430883 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.986452103 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.986459970 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.986475945 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.986486912 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.986572027 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.986624956 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.986653090 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.986702919 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.986968994 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.987282991 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.987339973 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.987365961 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.987376928 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.987396955 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.987426996 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.987992048 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.988061905 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.988063097 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.988075972 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.988193989 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.988460064 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.988719940 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.988785028 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.988787889 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.988800049 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.988840103 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.989622116 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.989684105 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.989696026 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.989712954 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.989731073 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.989744902 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.989917040 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.990389109 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.990441084 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.990463972 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.990479946 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.990489960 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.990516901 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.991309881 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.991367102 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.991425991 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.991444111 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.991456032 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.991458893 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.991461039 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.991482973 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.991831064 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.991887093 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.991929054 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.991942883 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.991955042 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.991987944 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.992552996 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.992609024 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.992635012 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.992652893 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.992666006 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.992700100 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.992948055 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.993072033 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.993125916 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.993134022 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.993144035 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.993174076 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.993186951 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.993796110 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.993865013 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.993870020 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.993882895 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.993913889 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.993926048 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.994401932 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.994643927 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.994697094 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.994709015 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.994719982 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.994731903 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.994741917 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.994755030 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.995110989 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.995192051 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.995192051 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.995202065 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:30.995243073 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:30.995872021 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.192334890 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.192401886 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.192532063 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.192559004 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.192593098 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.192647934 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.192651987 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.193124056 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.193181038 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.193196058 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.193207979 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.193231106 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.193242073 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.193715096 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.193944931 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.193998098 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.194010019 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.194020033 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.194050074 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.194057941 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.194412947 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.194856882 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.194911003 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.194925070 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.194938898 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.194966078 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.194977999 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.195096016 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.195991039 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.196042061 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.196080923 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.196091890 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.196099043 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.196127892 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.196154118 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.198373079 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.198426008 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.198448896 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.198462009 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.198476076 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.198498964 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.198520899 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.199198008 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.199251890 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.199265957 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.199276924 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.199285030 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.199318886 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.199322939 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.199385881 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.199822903 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.199877977 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.199889898 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.199903011 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.199928045 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.199935913 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.200073004 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.200495958 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.200546980 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.200568914 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.200582027 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.200625896 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.200840950 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.201061964 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.201114893 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.201123953 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.201133966 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.201164007 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.201173067 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.201525927 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.202003956 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.202050924 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.202068090 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.202081919 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.202090025 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.202092886 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.202114105 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.202142000 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:31.202188015 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.202210903 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.202990055 CET | 49166 | 443 | 192.168.2.22 | 123.30.139.93 |
Feb 14, 2022 08:12:31.203006983 CET | 443 | 49166 | 123.30.139.93 | 192.168.2.22 |
Feb 14, 2022 08:12:43.084012985 CET | 49168 | 80 | 192.168.2.22 | 104.16.154.36 |
Feb 14, 2022 08:12:43.100410938 CET | 80 | 49168 | 104.16.154.36 | 192.168.2.22 |
Feb 14, 2022 08:12:43.100508928 CET | 49168 | 80 | 192.168.2.22 | 104.16.154.36 |
Feb 14, 2022 08:12:43.101099968 CET | 49168 | 80 | 192.168.2.22 | 104.16.154.36 |
Feb 14, 2022 08:12:43.117206097 CET | 80 | 49168 | 104.16.154.36 | 192.168.2.22 |
Feb 14, 2022 08:12:43.130810976 CET | 80 | 49168 | 104.16.154.36 | 192.168.2.22 |
Feb 14, 2022 08:12:43.172152042 CET | 49169 | 443 | 192.168.2.22 | 104.16.154.36 |
Feb 14, 2022 08:12:43.172190905 CET | 443 | 49169 | 104.16.154.36 | 192.168.2.22 |
Feb 14, 2022 08:12:43.172310114 CET | 49169 | 443 | 192.168.2.22 | 104.16.154.36 |
Feb 14, 2022 08:12:43.212702990 CET | 49169 | 443 | 192.168.2.22 | 104.16.154.36 |
Feb 14, 2022 08:12:43.212735891 CET | 443 | 49169 | 104.16.154.36 | 192.168.2.22 |
Feb 14, 2022 08:12:43.261464119 CET | 443 | 49169 | 104.16.154.36 | 192.168.2.22 |
Feb 14, 2022 08:12:43.261553049 CET | 49169 | 443 | 192.168.2.22 | 104.16.154.36 |
Feb 14, 2022 08:12:43.275314093 CET | 49169 | 443 | 192.168.2.22 | 104.16.154.36 |
Feb 14, 2022 08:12:43.275337934 CET | 443 | 49169 | 104.16.154.36 | 192.168.2.22 |
Feb 14, 2022 08:12:43.275788069 CET | 443 | 49169 | 104.16.154.36 | 192.168.2.22 |
Feb 14, 2022 08:12:43.338496923 CET | 49168 | 80 | 192.168.2.22 | 104.16.154.36 |
Feb 14, 2022 08:12:43.350250959 CET | 80 | 49168 | 104.16.154.36 | 192.168.2.22 |
Feb 14, 2022 08:12:43.350326061 CET | 49168 | 80 | 192.168.2.22 | 104.16.154.36 |
Feb 14, 2022 08:12:43.481873989 CET | 443 | 49169 | 104.16.154.36 | 192.168.2.22 |
Feb 14, 2022 08:12:43.481942892 CET | 49169 | 443 | 192.168.2.22 | 104.16.154.36 |
Feb 14, 2022 08:12:43.694155931 CET | 49169 | 443 | 192.168.2.22 | 104.16.154.36 |
Feb 14, 2022 08:12:43.737874031 CET | 443 | 49169 | 104.16.154.36 | 192.168.2.22 |
Feb 14, 2022 08:12:43.738142014 CET | 443 | 49169 | 104.16.154.36 | 192.168.2.22 |
Feb 14, 2022 08:12:43.738188982 CET | 443 | 49169 | 104.16.154.36 | 192.168.2.22 |
Feb 14, 2022 08:12:43.738219023 CET | 443 | 49169 | 104.16.154.36 | 192.168.2.22 |
Feb 14, 2022 08:12:43.738249063 CET | 49169 | 443 | 192.168.2.22 | 104.16.154.36 |
Feb 14, 2022 08:12:43.738264084 CET | 443 | 49169 | 104.16.154.36 | 192.168.2.22 |
Feb 14, 2022 08:12:43.738306046 CET | 49169 | 443 | 192.168.2.22 | 104.16.154.36 |
Feb 14, 2022 08:12:43.738312006 CET | 443 | 49169 | 104.16.154.36 | 192.168.2.22 |
Feb 14, 2022 08:12:43.738351107 CET | 443 | 49169 | 104.16.154.36 | 192.168.2.22 |
Feb 14, 2022 08:12:43.738383055 CET | 443 | 49169 | 104.16.154.36 | 192.168.2.22 |
Feb 14, 2022 08:12:43.738414049 CET | 443 | 49169 | 104.16.154.36 | 192.168.2.22 |
Feb 14, 2022 08:12:43.738420010 CET | 49169 | 443 | 192.168.2.22 | 104.16.154.36 |
Feb 14, 2022 08:12:43.738426924 CET | 443 | 49169 | 104.16.154.36 | 192.168.2.22 |
Feb 14, 2022 08:12:43.738472939 CET | 49169 | 443 | 192.168.2.22 | 104.16.154.36 |
Feb 14, 2022 08:12:43.738480091 CET | 443 | 49169 | 104.16.154.36 | 192.168.2.22 |
Feb 14, 2022 08:12:43.738493919 CET | 49169 | 443 | 192.168.2.22 | 104.16.154.36 |
Feb 14, 2022 08:12:43.738532066 CET | 443 | 49169 | 104.16.154.36 | 192.168.2.22 |
Feb 14, 2022 08:12:43.738575935 CET | 49169 | 443 | 192.168.2.22 | 104.16.154.36 |
Feb 14, 2022 08:12:43.738581896 CET | 443 | 49169 | 104.16.154.36 | 192.168.2.22 |
Feb 14, 2022 08:12:43.738620043 CET | 443 | 49169 | 104.16.154.36 | 192.168.2.22 |
Feb 14, 2022 08:12:43.738706112 CET | 49169 | 443 | 192.168.2.22 | 104.16.154.36 |
Feb 14, 2022 08:12:43.744535923 CET | 49169 | 443 | 192.168.2.22 | 104.16.154.36 |
Feb 14, 2022 08:12:43.749438047 CET | 49169 | 443 | 192.168.2.22 | 104.16.154.36 |
Feb 14, 2022 08:13:05.882446051 CET | 49168 | 80 | 192.168.2.22 | 104.16.154.36 |
Feb 14, 2022 08:13:05.900561094 CET | 80 | 49168 | 104.16.154.36 | 192.168.2.22 |
Feb 14, 2022 08:13:05.900676012 CET | 49168 | 80 | 192.168.2.22 | 104.16.154.36 |
Feb 14, 2022 08:13:05.923108101 CET | 49170 | 21 | 192.168.2.22 | 66.70.204.222 |
Feb 14, 2022 08:13:06.023709059 CET | 21 | 49170 | 66.70.204.222 | 192.168.2.22 |
Feb 14, 2022 08:13:06.023833036 CET | 49170 | 21 | 192.168.2.22 | 66.70.204.222 |
Feb 14, 2022 08:13:06.125205994 CET | 21 | 49170 | 66.70.204.222 | 192.168.2.22 |
Feb 14, 2022 08:13:06.126061916 CET | 49170 | 21 | 192.168.2.22 | 66.70.204.222 |
Feb 14, 2022 08:13:06.226694107 CET | 21 | 49170 | 66.70.204.222 | 192.168.2.22 |
Feb 14, 2022 08:13:06.226727962 CET | 21 | 49170 | 66.70.204.222 | 192.168.2.22 |
Feb 14, 2022 08:13:06.227005005 CET | 49170 | 21 | 192.168.2.22 | 66.70.204.222 |
Feb 14, 2022 08:13:06.337088108 CET | 21 | 49170 | 66.70.204.222 | 192.168.2.22 |
Feb 14, 2022 08:13:06.337517023 CET | 49170 | 21 | 192.168.2.22 | 66.70.204.222 |
Feb 14, 2022 08:13:06.438090086 CET | 21 | 49170 | 66.70.204.222 | 192.168.2.22 |
Feb 14, 2022 08:13:06.438503027 CET | 49170 | 21 | 192.168.2.22 | 66.70.204.222 |
Feb 14, 2022 08:13:06.538994074 CET | 21 | 49170 | 66.70.204.222 | 192.168.2.22 |
Feb 14, 2022 08:13:06.539330006 CET | 49170 | 21 | 192.168.2.22 | 66.70.204.222 |
Feb 14, 2022 08:13:06.639853001 CET | 21 | 49170 | 66.70.204.222 | 192.168.2.22 |
Feb 14, 2022 08:13:06.640356064 CET | 49170 | 21 | 192.168.2.22 | 66.70.204.222 |
Feb 14, 2022 08:13:06.741401911 CET | 21 | 49170 | 66.70.204.222 | 192.168.2.22 |
Feb 14, 2022 08:13:06.746332884 CET | 49171 | 58255 | 192.168.2.22 | 66.70.204.222 |
Feb 14, 2022 08:13:06.848160982 CET | 58255 | 49171 | 66.70.204.222 | 192.168.2.22 |
Feb 14, 2022 08:13:06.848310947 CET | 49171 | 58255 | 192.168.2.22 | 66.70.204.222 |
Feb 14, 2022 08:13:06.977054119 CET | 49170 | 21 | 192.168.2.22 | 66.70.204.222 |
Feb 14, 2022 08:13:07.043369055 CET | 21 | 49170 | 66.70.204.222 | 192.168.2.22 |
Feb 14, 2022 08:13:07.043488979 CET | 49170 | 21 | 192.168.2.22 | 66.70.204.222 |
Feb 14, 2022 08:13:07.077764034 CET | 21 | 49170 | 66.70.204.222 | 192.168.2.22 |
Feb 14, 2022 08:13:07.107848883 CET | 49171 | 58255 | 192.168.2.22 | 66.70.204.222 |
Feb 14, 2022 08:13:07.109663963 CET | 49171 | 58255 | 192.168.2.22 | 66.70.204.222 |
Feb 14, 2022 08:13:07.110030890 CET | 49171 | 58255 | 192.168.2.22 | 66.70.204.222 |
Feb 14, 2022 08:13:07.209753036 CET | 58255 | 49171 | 66.70.204.222 | 192.168.2.22 |
Feb 14, 2022 08:13:07.211513042 CET | 58255 | 49171 | 66.70.204.222 | 192.168.2.22 |
Feb 14, 2022 08:13:07.211762905 CET | 58255 | 49171 | 66.70.204.222 | 192.168.2.22 |
Feb 14, 2022 08:13:07.211826086 CET | 49171 | 58255 | 192.168.2.22 | 66.70.204.222 |
Feb 14, 2022 08:13:07.211874008 CET | 21 | 49170 | 66.70.204.222 | 192.168.2.22 |
Feb 14, 2022 08:13:07.211918116 CET | 49170 | 21 | 192.168.2.22 | 66.70.204.222 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 14, 2022 08:12:24.013475895 CET | 52167 | 53 | 192.168.2.22 | 8.8.8.8 |
Feb 14, 2022 08:12:24.679075956 CET | 53 | 52167 | 8.8.8.8 | 192.168.2.22 |
Feb 14, 2022 08:12:24.679414988 CET | 52167 | 53 | 192.168.2.22 | 8.8.8.8 |
Feb 14, 2022 08:12:25.693619013 CET | 52167 | 53 | 192.168.2.22 | 8.8.8.8 |
Feb 14, 2022 08:12:26.998697042 CET | 53 | 52167 | 8.8.8.8 | 192.168.2.22 |
Feb 14, 2022 08:12:28.013595104 CET | 53 | 52167 | 8.8.8.8 | 192.168.2.22 |
Feb 14, 2022 08:12:42.979168892 CET | 50591 | 53 | 192.168.2.22 | 8.8.8.8 |
Feb 14, 2022 08:12:43.001689911 CET | 53 | 50591 | 8.8.8.8 | 192.168.2.22 |
Feb 14, 2022 08:12:43.148050070 CET | 57805 | 53 | 192.168.2.22 | 8.8.8.8 |
Feb 14, 2022 08:12:43.170901060 CET | 53 | 57805 | 8.8.8.8 | 192.168.2.22 |
Feb 14, 2022 08:13:05.892729044 CET | 59030 | 53 | 192.168.2.22 | 8.8.8.8 |
Feb 14, 2022 08:13:05.921804905 CET | 53 | 59030 | 8.8.8.8 | 192.168.2.22 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Feb 14, 2022 08:12:28.013803005 CET | 192.168.2.22 | 8.8.8.8 | d00d | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Feb 14, 2022 08:12:24.013475895 CET | 192.168.2.22 | 8.8.8.8 | 0xcb99 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 14, 2022 08:12:24.679414988 CET | 192.168.2.22 | 8.8.8.8 | 0xcb99 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 14, 2022 08:12:25.693619013 CET | 192.168.2.22 | 8.8.8.8 | 0xcb99 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 14, 2022 08:12:42.979168892 CET | 192.168.2.22 | 8.8.8.8 | 0xa7c0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 14, 2022 08:12:43.148050070 CET | 192.168.2.22 | 8.8.8.8 | 0x4199 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 14, 2022 08:13:05.892729044 CET | 192.168.2.22 | 8.8.8.8 | 0x384a | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Feb 14, 2022 08:12:24.679075956 CET | 8.8.8.8 | 192.168.2.22 | 0xcb99 | No error (0) | 123.30.139.93 | A (IP address) | IN (0x0001) | ||
Feb 14, 2022 08:12:26.998697042 CET | 8.8.8.8 | 192.168.2.22 | 0xcb99 | No error (0) | 123.30.139.93 | A (IP address) | IN (0x0001) | ||
Feb 14, 2022 08:12:28.013595104 CET | 8.8.8.8 | 192.168.2.22 | 0xcb99 | No error (0) | 123.30.139.93 | A (IP address) | IN (0x0001) | ||
Feb 14, 2022 08:12:43.001689911 CET | 8.8.8.8 | 192.168.2.22 | 0xa7c0 | No error (0) | 104.16.154.36 | A (IP address) | IN (0x0001) | ||
Feb 14, 2022 08:12:43.001689911 CET | 8.8.8.8 | 192.168.2.22 | 0xa7c0 | No error (0) | 104.16.155.36 | A (IP address) | IN (0x0001) | ||
Feb 14, 2022 08:12:43.170901060 CET | 8.8.8.8 | 192.168.2.22 | 0x4199 | No error (0) | 104.16.154.36 | A (IP address) | IN (0x0001) | ||
Feb 14, 2022 08:12:43.170901060 CET | 8.8.8.8 | 192.168.2.22 | 0x4199 | No error (0) | 104.16.155.36 | A (IP address) | IN (0x0001) | ||
Feb 14, 2022 08:13:05.921804905 CET | 8.8.8.8 | 192.168.2.22 | 0x384a | No error (0) | 66.70.204.222 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49166 | 123.30.139.93 | 443 | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.22 | 49169 | 104.16.154.36 | 443 | C:\Users\user\AppData\Roaming\name.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.22 | 49165 | 123.30.139.93 | 80 | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Feb 14, 2022 08:12:27.525022984 CET | 0 | OUT | |
Feb 14, 2022 08:12:27.776412010 CET | 1 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.22 | 49168 | 104.16.154.36 | 80 | C:\Users\user\AppData\Roaming\name.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Feb 14, 2022 08:12:43.101099968 CET | 1263 | OUT | |
Feb 14, 2022 08:12:43.130810976 CET | 1264 | IN | |
Feb 14, 2022 08:12:43.350250959 CET | 1269 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49166 | 123.30.139.93 | 443 | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-02-14 07:12:29 UTC | 0 | OUT | |
2022-02-14 07:12:29 UTC | 0 | IN | |
2022-02-14 07:12:29 UTC | 0 | IN | |
2022-02-14 07:12:29 UTC | 16 | IN | |
2022-02-14 07:12:29 UTC | 32 | IN | |
2022-02-14 07:12:29 UTC | 48 | IN | |
2022-02-14 07:12:29 UTC | 64 | IN | |
2022-02-14 07:12:30 UTC | 80 | IN | |
2022-02-14 07:12:30 UTC | 96 | IN | |
2022-02-14 07:12:30 UTC | 112 | IN | |
2022-02-14 07:12:30 UTC | 128 | IN | |
2022-02-14 07:12:30 UTC | 144 | IN | |
2022-02-14 07:12:30 UTC | 160 | IN | |
2022-02-14 07:12:30 UTC | 176 | IN | |
2022-02-14 07:12:30 UTC | 192 | IN | |
2022-02-14 07:12:30 UTC | 208 | IN | |
2022-02-14 07:12:30 UTC | 224 | IN | |
2022-02-14 07:12:30 UTC | 240 | IN | |
2022-02-14 07:12:30 UTC | 256 | IN | |
2022-02-14 07:12:30 UTC | 272 | IN | |
2022-02-14 07:12:30 UTC | 288 | IN | |
2022-02-14 07:12:30 UTC | 304 | IN | |
2022-02-14 07:12:30 UTC | 320 | IN | |
2022-02-14 07:12:30 UTC | 336 | IN | |
2022-02-14 07:12:30 UTC | 352 | IN | |
2022-02-14 07:12:30 UTC | 368 | IN | |
2022-02-14 07:12:30 UTC | 384 | IN | |
2022-02-14 07:12:30 UTC | 400 | IN | |
2022-02-14 07:12:30 UTC | 416 | IN | |
2022-02-14 07:12:30 UTC | 432 | IN | |
2022-02-14 07:12:30 UTC | 448 | IN | |
2022-02-14 07:12:30 UTC | 464 | IN | |
2022-02-14 07:12:30 UTC | 480 | IN | |
2022-02-14 07:12:30 UTC | 496 | IN | |
2022-02-14 07:12:30 UTC | 512 | IN | |
2022-02-14 07:12:30 UTC | 528 | IN | |
2022-02-14 07:12:30 UTC | 544 | IN | |
2022-02-14 07:12:30 UTC | 560 | IN | |
2022-02-14 07:12:30 UTC | 576 | IN | |
2022-02-14 07:12:30 UTC | 592 | IN | |
2022-02-14 07:12:30 UTC | 608 | IN | |
2022-02-14 07:12:30 UTC | 624 | IN | |
2022-02-14 07:12:30 UTC | 640 | IN | |
2022-02-14 07:12:30 UTC | 656 | IN | |
2022-02-14 07:12:30 UTC | 672 | IN | |
2022-02-14 07:12:30 UTC | 688 | IN | |
2022-02-14 07:12:30 UTC | 704 | IN | |
2022-02-14 07:12:30 UTC | 720 | IN | |
2022-02-14 07:12:30 UTC | 736 | IN | |
2022-02-14 07:12:30 UTC | 752 | IN | |
2022-02-14 07:12:30 UTC | 768 | IN | |
2022-02-14 07:12:30 UTC | 784 | IN | |
2022-02-14 07:12:30 UTC | 800 | IN | |
2022-02-14 07:12:30 UTC | 816 | IN | |
2022-02-14 07:12:30 UTC | 832 | IN | |
2022-02-14 07:12:30 UTC | 848 | IN | |
2022-02-14 07:12:30 UTC | 864 | IN | |
2022-02-14 07:12:30 UTC | 880 | IN | |
2022-02-14 07:12:30 UTC | 896 | IN | |
2022-02-14 07:12:30 UTC | 912 | IN | |
2022-02-14 07:12:30 UTC | 928 | IN | |
2022-02-14 07:12:30 UTC | 944 | IN | |
2022-02-14 07:12:30 UTC | 960 | IN | |
2022-02-14 07:12:30 UTC | 976 | IN | |
2022-02-14 07:12:30 UTC | 992 | IN | |
2022-02-14 07:12:30 UTC | 1008 | IN | |
2022-02-14 07:12:30 UTC | 1024 | IN | |
2022-02-14 07:12:31 UTC | 1040 | IN | |
2022-02-14 07:12:31 UTC | 1056 | IN | |
2022-02-14 07:12:31 UTC | 1072 | IN | |
2022-02-14 07:12:31 UTC | 1088 | IN | |
2022-02-14 07:12:31 UTC | 1104 | IN | |
2022-02-14 07:12:31 UTC | 1120 | IN | |
2022-02-14 07:12:31 UTC | 1136 | IN | |
2022-02-14 07:12:31 UTC | 1152 | IN | |
2022-02-14 07:12:31 UTC | 1168 | IN | |
2022-02-14 07:12:31 UTC | 1184 | IN | |
2022-02-14 07:12:31 UTC | 1200 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.22 | 49169 | 104.16.154.36 | 443 | C:\Users\user\AppData\Roaming\name.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-02-14 07:12:43 UTC | 1215 | OUT | |
2022-02-14 07:12:43 UTC | 1215 | IN | |
2022-02-14 07:12:43 UTC | 1216 | IN | |
2022-02-14 07:12:43 UTC | 1216 | IN | |
2022-02-14 07:12:43 UTC | 1218 | IN | |
2022-02-14 07:12:43 UTC | 1219 | IN | |
2022-02-14 07:12:43 UTC | 1221 | IN | |
2022-02-14 07:12:43 UTC | 1222 | IN | |
2022-02-14 07:12:43 UTC | 1223 | IN | |
2022-02-14 07:12:43 UTC | 1225 | IN | |
2022-02-14 07:12:43 UTC | 1226 | IN | |
2022-02-14 07:12:43 UTC | 1227 | IN | |
2022-02-14 07:12:43 UTC | 1229 | IN | |
2022-02-14 07:12:43 UTC | 1229 | IN |
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Commands |
---|---|---|---|---|---|
Feb 14, 2022 08:13:06.125205994 CET | 21 | 49170 | 66.70.204.222 | 192.168.2.22 | 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 6 of 50 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 6 of 50 allowed.220-Local time is now 11:13. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 6 of 50 allowed.220-Local time is now 11:13. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 6 of 50 allowed.220-Local time is now 11:13. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 6 of 50 allowed.220-Local time is now 11:13. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity. |
Feb 14, 2022 08:13:06.126061916 CET | 49170 | 21 | 192.168.2.22 | 66.70.204.222 | USER Elooggs2020@manchutimefashion.com |
Feb 14, 2022 08:13:06.226727962 CET | 21 | 49170 | 66.70.204.222 | 192.168.2.22 | 331 User Elooggs2020@manchutimefashion.com OK. Password required |
Feb 14, 2022 08:13:06.227005005 CET | 49170 | 21 | 192.168.2.22 | 66.70.204.222 | PASS [r2W$.jaD*?p |
Feb 14, 2022 08:13:06.337088108 CET | 21 | 49170 | 66.70.204.222 | 192.168.2.22 | 230 OK. Current restricted directory is / |
Feb 14, 2022 08:13:06.438090086 CET | 21 | 49170 | 66.70.204.222 | 192.168.2.22 | 504 Unknown command |
Feb 14, 2022 08:13:06.438503027 CET | 49170 | 21 | 192.168.2.22 | 66.70.204.222 | PWD |
Feb 14, 2022 08:13:06.538994074 CET | 21 | 49170 | 66.70.204.222 | 192.168.2.22 | 257 "/" is your current location |
Feb 14, 2022 08:13:06.539330006 CET | 49170 | 21 | 192.168.2.22 | 66.70.204.222 | TYPE I |
Feb 14, 2022 08:13:06.639853001 CET | 21 | 49170 | 66.70.204.222 | 192.168.2.22 | 200 TYPE is now 8-bit binary |
Feb 14, 2022 08:13:06.640356064 CET | 49170 | 21 | 192.168.2.22 | 66.70.204.222 | PASV |
Feb 14, 2022 08:13:06.741401911 CET | 21 | 49170 | 66.70.204.222 | 192.168.2.22 | 227 Entering Passive Mode (66,70,204,222,227,143) |
Feb 14, 2022 08:13:06.977054119 CET | 49170 | 21 | 192.168.2.22 | 66.70.204.222 | STOR HawkEye_Keylogger_Stealer_Records_082561 2.14.2022 8:37:42 AM.txt |
Feb 14, 2022 08:13:07.043369055 CET | 21 | 49170 | 66.70.204.222 | 192.168.2.22 | 227 Entering Passive Mode (66,70,204,222,227,143) |
Feb 14, 2022 08:13:07.077764034 CET | 21 | 49170 | 66.70.204.222 | 192.168.2.22 | 150 Accepted data connection |
Feb 14, 2022 08:13:07.211874008 CET | 21 | 49170 | 66.70.204.222 | 192.168.2.22 | 226-File successfully transferred 226-File successfully transferred226 0.134 seconds (measured here), 11.18 Kbytes per second |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 08:12:16 |
Start date: | 14/02/2022 |
Path: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13ff00000 |
File size: | 1423704 bytes |
MD5 hash: | 9EE74859D22DAE61F1750B3A1BACB6F5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 2 |
Start time: | 08:12:20 |
Start date: | 14/02/2022 |
Path: | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 543304 bytes |
MD5 hash: | A87236E214F6D42A65F5DEDAC816AEC8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 4 |
Start time: | 08:12:30 |
Start date: | 14/02/2022 |
Path: | C:\Users\user\AppData\Roaming\name.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa40000 |
File size: | 1244160 bytes |
MD5 hash: | 91DE6EFC69676A4DD4CED5E2111AB489 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Target ID: | 5 |
Start time: | 08:12:37 |
Start date: | 14/02/2022 |
Path: | C:\Users\user\AppData\Roaming\name.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa40000 |
File size: | 1244160 bytes |
MD5 hash: | 91DE6EFC69676A4DD4CED5E2111AB489 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Target ID: | 6 |
Start time: | 08:12:46 |
Start date: | 14/02/2022 |
Path: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1170056 bytes |
MD5 hash: | 1672D0478049ABDAF0197BE64A7F867F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
Target ID: | 7 |
Start time: | 08:12:46 |
Start date: | 14/02/2022 |
Path: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1170056 bytes |
MD5 hash: | 1672D0478049ABDAF0197BE64A7F867F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
Execution Graph
Execution Coverage: | 13.8% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 35 |
Total number of Limit Nodes: | 1 |
Graph
Function 00193007 Relevance: 9.0, Strings: 7, Instructions: 220COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00193050 Relevance: 9.0, Strings: 7, Instructions: 202COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00193149 Relevance: 8.9, Strings: 7, Instructions: 172COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00193401 Relevance: 8.9, Strings: 7, Instructions: 166COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001930FC Relevance: 8.9, Strings: 7, Instructions: 166COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00193174 Relevance: 8.9, Strings: 7, Instructions: 166COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001933F4 Relevance: 8.9, Strings: 7, Instructions: 166COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00198410 Relevance: .3, Instructions: 280COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00198430 Relevance: .3, Instructions: 273COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00190F7D Relevance: .3, Instructions: 258COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00198544 Relevance: .2, Instructions: 244COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00191019 Relevance: .2, Instructions: 190COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00191020 Relevance: .2, Instructions: 189COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019C868 Relevance: .2, Instructions: 165COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00191781 Relevance: .2, Instructions: 150COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007648A8 Relevance: .1, Instructions: 138COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00764A40 Relevance: .1, Instructions: 137COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00190471 Relevance: .1, Instructions: 79COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00192130 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0076FCE0 Relevance: 1.6, APIs: 1, Instructions: 106COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0076FA08 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00197EC9 Relevance: 1.6, APIs: 1, Instructions: 97memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0076F820 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00197ED0 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0076F700 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0013D1D4 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0013D01C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0013D006 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0013D1CF Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0012D1FD Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0012D1FC Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00195308 Relevance: 5.2, Strings: 4, Instructions: 155COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00194A58 Relevance: 3.9, Strings: 3, Instructions: 160COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001952F8 Relevance: 3.9, Strings: 3, Instructions: 157COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00194A48 Relevance: 3.9, Strings: 3, Instructions: 155COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00756390 Relevance: 2.9, Strings: 2, Instructions: 443COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019B890 Relevance: 2.7, Strings: 2, Instructions: 238COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00193EE0 Relevance: 2.7, Strings: 2, Instructions: 190COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00195100 Relevance: 2.6, Strings: 2, Instructions: 101COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019A280 Relevance: 1.4, Strings: 1, Instructions: 169COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019A271 Relevance: 1.4, Strings: 1, Instructions: 166COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00194D48 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007513E4 Relevance: 1.4, Strings: 1, Instructions: 113COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001950F0 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00750D08 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00193ED1 Relevance: .2, Instructions: 189COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00198A20 Relevance: .2, Instructions: 156COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00768EE0 Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00195538 Relevance: .1, Instructions: 122COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00195548 Relevance: .1, Instructions: 120COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00193519 Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00763C38 Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00195750 Relevance: .1, Instructions: 113COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00769138 Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 20.8% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 43% |
Total number of Nodes: | 86 |
Total number of Limit Nodes: | 3 |
Graph
Function 002EBC10 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 493processCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002EE040 Relevance: 1.6, APIs: 1, Instructions: 55nativeCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002E8598 Relevance: 1.6, APIs: 1, Instructions: 54nativeCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002E8688 Relevance: 1.6, APIs: 1, Instructions: 54nativeCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002EC24F Relevance: .9, Instructions: 927COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002EC9AE Relevance: .5, Instructions: 545COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002ECA98 Relevance: .5, Instructions: 545COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002ECD5D Relevance: .5, Instructions: 541COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002ED081 Relevance: .4, Instructions: 370COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002EE283 Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002E858C Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002E867C Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002EDF8C Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0027D1D4 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0027D01C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0027D006 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0027D1CF Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0026D0F7 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0026D0E8 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002E2180 Relevance: .1, Instructions: 65COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002EA493 Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002EE40E Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002ED848 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002E9A5D Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002ED75E Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002E185D Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002E0A55 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002E1BA5 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040724C Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 143stringCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404837 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 52libraryloaderwindowCOMMON
Control-flow Graph
C-Code - Quality: 58% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406EC3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58filestringCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401E8B Relevance: 52.8, APIs: 19, Strings: 11, Instructions: 261stringregistryCOMMON
Control-flow Graph
C-Code - Quality: 97% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403C3D Relevance: 24.7, APIs: 3, Strings: 11, Instructions: 170librarystringloaderCOMMON
Control-flow Graph
C-Code - Quality: 65% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D9F9 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 101registryCOMMON
Control-flow Graph
C-Code - Quality: 96% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411654 Relevance: 18.1, APIs: 12, Instructions: 128COMMON
Control-flow Graph
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402C44 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 104registryCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410D1B Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 97stringCOMMON
Control-flow Graph
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004037B1 Relevance: 12.1, APIs: 7, Strings: 1, Instructions: 86stringCOMMON
Control-flow Graph
C-Code - Quality: 76% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004036CC Relevance: 10.6, APIs: 6, Strings: 1, Instructions: 67stringCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 25% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004034CB Relevance: 10.5, APIs: 4, Strings: 3, Instructions: 47stringCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004078FF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 100stringCOMMON
C-Code - Quality: 36% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040754D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79registryCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EE59 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74registrystringCOMMON
C-Code - Quality: 25% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040396C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67registryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EA72 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B785 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
C-Code - Quality: 96% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040787D Relevance: 5.0, APIs: 4, Instructions: 36COMMON
C-Code - Quality: 78% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004060FA Relevance: 3.8, APIs: 3, Instructions: 38COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EBC1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28registryCOMMON
C-Code - Quality: 84% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EB0E Relevance: 1.5, APIs: 1, Instructions: 19COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004066F6 Relevance: 1.5, APIs: 1, Instructions: 13fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004047F1 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B0C2 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405ECB Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405EE4 Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E894 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406F5B Relevance: 1.5, APIs: 1, Instructions: 8COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040614B Relevance: 1.5, APIs: 1, Instructions: 7COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EB3F Relevance: 1.5, APIs: 1, Instructions: 7registryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F64B Relevance: 56.1, APIs: 20, Strings: 12, Instructions: 127libraryloaderstringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402D9A Relevance: 29.9, APIs: 5, Strings: 12, Instructions: 153stringregistryCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004033D7 Relevance: 7.6, Strings: 6, Instructions: 61COMMON
C-Code - Quality: 100% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040ED0B Relevance: 6.1, APIs: 4, Instructions: 55COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406278 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F808 Relevance: 191.1, APIs: 8, Strings: 101, Instructions: 307stringCOMMON
C-Code - Quality: 99% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004106BE Relevance: 80.8, APIs: 23, Strings: 23, Instructions: 309stringCOMMON
C-Code - Quality: 82% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C7CF Relevance: 61.5, APIs: 21, Strings: 14, Instructions: 232stringCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E4A4 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 264stringCOMMON
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040CE28 Relevance: 42.3, APIs: 21, Strings: 3, Instructions: 311stringCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A774 Relevance: 42.3, APIs: 18, Strings: 6, Instructions: 285windowregistrystringCOMMON
C-Code - Quality: 76% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DB39 Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 220windowstringCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DEEE Relevance: 42.1, APIs: 16, Strings: 8, Instructions: 113libraryloaderstringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402606 Relevance: 37.6, APIs: 3, Strings: 22, Instructions: 127stringCOMMON
C-Code - Quality: 35% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004027D0 Relevance: 37.6, APIs: 3, Strings: 22, Instructions: 118stringCOMMON
C-Code - Quality: 97% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F435 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 168stringregistryCOMMON
C-Code - Quality: 81% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F126 Relevance: 27.1, APIs: 12, Strings: 6, Instructions: 101stringCOMMON
C-Code - Quality: 95% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AF17 Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 110stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409482 Relevance: 25.7, APIs: 10, Strings: 7, Instructions: 182stringCOMMON
C-Code - Quality: 80% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F243 Relevance: 24.1, APIs: 10, Strings: 6, Instructions: 114stringCOMMON
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E0DA Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 48libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410525 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 136stringregistryCOMMON
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D6FB Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 118registryCOMMON
C-Code - Quality: 56% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004080A3 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 86windowCOMMON
C-Code - Quality: 56% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E056 Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 44libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404647 Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 41libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411015 Relevance: 19.7, APIs: 12, Strings: 1, Instructions: 202stringCOMMON
C-Code - Quality: 76% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403E87 Relevance: 19.6, APIs: 7, Strings: 6, Instructions: 98stringCOMMON
C-Code - Quality: 81% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404288 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 100stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040827A Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 69stringCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D1EC Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 128stringCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405FC6 Relevance: 16.6, APIs: 11, Instructions: 58clipboardmemoryfileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EDDB Relevance: 16.6, APIs: 1, Strings: 10, Instructions: 50stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402FC2 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 106registryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407A64 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowstringCOMMON
C-Code - Quality: 48% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004081B5 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 42stringCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E172 Relevance: 15.1, APIs: 9, Strings: 1, Instructions: 81stringCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401A50 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 195stringCOMMON
C-Code - Quality: 92% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D4A6 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 94registryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405E46 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52stringlibrarywindowCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040314D Relevance: 13.6, APIs: 1, Strings: 8, Instructions: 100stringCOMMON
C-Code - Quality: 67% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 16% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 69% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A698 Relevance: 12.1, APIs: 8, Instructions: 76COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406069 Relevance: 12.0, APIs: 8, Instructions: 42clipboardmemorystringCOMMON
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 61% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D5DB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 97stringCOMMON
C-Code - Quality: 64% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407EFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77windowstringCOMMON
C-Code - Quality: 41% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 66% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040684D Relevance: 10.6, APIs: 6, Strings: 1, Instructions: 62stringCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409E32 Relevance: 10.5, APIs: 7, Instructions: 43windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409E33 Relevance: 10.5, APIs: 7, Instructions: 42windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E255 Relevance: 9.1, APIs: 6, Instructions: 142stringCOMMON
C-Code - Quality: 35% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409369 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 106stringCOMMON
C-Code - Quality: 61% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410A8A Relevance: 9.1, APIs: 6, Instructions: 96stringCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406491 Relevance: 9.1, APIs: 6, Instructions: 57COMMON
C-Code - Quality: 72% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406585 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 53stringCOMMON
C-Code - Quality: 86% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040FEED Relevance: 9.0, APIs: 6, Instructions: 46COMMON
C-Code - Quality: 77% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040173B Relevance: 9.0, APIs: 6, Instructions: 44COMMON
C-Code - Quality: 44% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411366 Relevance: 8.9, APIs: 7, Instructions: 147stringCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040329E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410F79 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 51registryCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405F41 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F037 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21libraryloaderCOMMON
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407406 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 104stringCOMMON
C-Code - Quality: 87% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407BF9 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A4C8 Relevance: 7.5, APIs: 5, Instructions: 47windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408572 Relevance: 7.5, APIs: 5, Instructions: 41COMMON
C-Code - Quality: 76% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004085D8 Relevance: 7.5, APIs: 5, Instructions: 41COMMON
C-Code - Quality: 70% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E81A Relevance: 7.5, APIs: 5, Instructions: 40COMMON
C-Code - Quality: 19% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B105 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 162windowCOMMON
C-Code - Quality: 82% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040719C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61registryCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B70A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38registryCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401085 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EDAC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040FE05 Relevance: 6.3, APIs: 5, Instructions: 81COMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040BD0B Relevance: 6.3, APIs: 5, Instructions: 50COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040246C Relevance: 6.1, APIs: 4, Instructions: 127COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B3C4 Relevance: 6.1, APIs: 4, Instructions: 115windowCOMMON
C-Code - Quality: 98% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A119 Relevance: 6.1, APIs: 4, Instructions: 114stringCOMMON
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410E8A Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 84stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 50% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406F6F Relevance: 6.1, APIs: 4, Instructions: 63COMMON
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EFAE Relevance: 6.1, APIs: 4, Instructions: 53stringCOMMON
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F3BA Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
C-Code - Quality: 87% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411932 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
C-Code - Quality: 72% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406734 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 20stringCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406680 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44stringCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040ADB3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408441 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406618 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35stringCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407BB9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406325 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408348 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15stringCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004084CE Relevance: 5.1, APIs: 4, Instructions: 65COMMON
C-Code - Quality: 88% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406A74 Relevance: 5.1, APIs: 4, Instructions: 63stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408836 Relevance: 33.5, APIs: 16, Strings: 3, Instructions: 234filenativeCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411196 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 143processlibraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407E0E Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 37fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408441 Relevance: 6.1, APIs: 4, Instructions: 58fileCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415F87 Relevance: 4.6, APIs: 3, Instructions: 79COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004161B0 Relevance: 3.0, APIs: 2, Instructions: 28COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040FAFF Relevance: 42.1, APIs: 16, Strings: 8, Instructions: 124libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040648C Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 173registrytimeCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004422C7 Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 40libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408B10 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 120fileCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402846 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 239fileCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041139E Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 29libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00442628 Relevance: 18.1, APIs: 12, Instructions: 134COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E0AC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415BAE Relevance: 9.1, APIs: 6, Instructions: 140fileCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412270 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411140 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloadertimeCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409EB8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411EF8 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414E1C Relevance: 4.5, APIs: 3, Instructions: 49fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414D9F Relevance: 4.5, APIs: 3, Instructions: 30COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004074C6 Relevance: 4.5, APIs: 3, Instructions: 26COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407475 Relevance: 3.8, APIs: 3, Instructions: 38COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411B81 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 27registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041946A Relevance: 2.7, APIs: 2, Instructions: 195COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C5B3 Relevance: 2.6, APIs: 2, Instructions: 132COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414DE6 Relevance: 2.5, APIs: 2, Instructions: 24sleepCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407EB8 Relevance: 2.5, APIs: 2, Instructions: 14COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041184F Relevance: 1.7, APIs: 1, Instructions: 163COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040ED6C Relevance: 1.6, APIs: 1, Instructions: 56timeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405149 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411B36 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411376 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407BB2 Relevance: 1.5, APIs: 1, Instructions: 13fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407144 Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040715D Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408604 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004084DA Relevance: 1.5, APIs: 1, Instructions: 8COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004117E3 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411F7E Relevance: 1.5, APIs: 1, Instructions: 8COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407548 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411B67 Relevance: 1.5, APIs: 1, Instructions: 7registryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004081EA Relevance: 1.4, APIs: 1, Instructions: 127COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00419681 Relevance: 1.3, APIs: 1, Instructions: 99COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004059F7 Relevance: 1.3, APIs: 1, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004050B7 Relevance: 1.3, APIs: 1, Instructions: 39COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004085EB Relevance: 1.3, APIs: 1, Instructions: 12COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408037 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402778 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412B6F Relevance: 1.3, APIs: 1, Instructions: 5COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041604B Relevance: 12.1, APIs: 8, Instructions: 70timeCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415AFD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00441975 Relevance: 66.7, APIs: 23, Strings: 15, Instructions: 152libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409B6A Relevance: 59.8, APIs: 27, Strings: 7, Instructions: 275stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F767 Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 214windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D1D0 Relevance: 33.5, APIs: 15, Strings: 4, Instructions: 254windowregistryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040FC89 Relevance: 31.5, APIs: 9, Strings: 9, Instructions: 41libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406B9F Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 174stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004038C4 Relevance: 24.5, APIs: 7, Strings: 7, Instructions: 33libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410D5D Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 48libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410CD9 Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 44libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004037C3 Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 41libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DE35 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 153windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040931D Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 110stringfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040697E Relevance: 16.7, APIs: 10, Strings: 1, Instructions: 187stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415EAF Relevance: 16.6, APIs: 11, Instructions: 88COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407363 Relevance: 16.6, APIs: 11, Instructions: 59clipboardmemoryfileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A16C Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403926 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 52libraryloaderwindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407890 Relevance: 15.1, APIs: 10, Instructions: 103COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040684F Relevance: 15.1, APIs: 9, Strings: 1, Instructions: 96stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A818 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 83windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004070BF Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52librarywindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409657 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 107registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404F89 Relevance: 12.1, APIs: 8, Instructions: 99windowCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D0C3 Relevance: 12.1, APIs: 8, Instructions: 76COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A668 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410EDB Relevance: 9.1, APIs: 6, Instructions: 141COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415DF9 Relevance: 9.1, APIs: 6, Instructions: 78COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414D24 Relevance: 9.1, APIs: 6, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E030 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403853 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 43libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004071BD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412455 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AE21 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414CBE Relevance: 7.6, APIs: 5, Instructions: 53COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A302 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004421EB Relevance: 7.5, APIs: 5, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040ADBB Relevance: 7.5, APIs: 5, Instructions: 41COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040103E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004121C3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041B0C3 Relevance: 6.3, APIs: 5, Instructions: 82COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E5BA Relevance: 6.3, APIs: 5, Instructions: 50COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415804 Relevance: 6.1, APIs: 4, Instructions: 138fileCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040CBC1 Relevance: 6.1, APIs: 4, Instructions: 106COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004084EE Relevance: 6.1, APIs: 4, Instructions: 63COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411A90 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004123CC Relevance: 6.1, APIs: 4, Instructions: 53COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040CECE Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414C63 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041538D Relevance: 6.0, APIs: 4, Instructions: 45fileCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041176D Relevance: 6.0, APIs: 4, Instructions: 38COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040FA51 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004048C7 Relevance: 6.0, APIs: 4, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DA3A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 154windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AC82 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042917D Relevance: 5.2, APIs: 4, Instructions: 181COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407EDE Relevance: 5.1, APIs: 4, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AD07 Relevance: 5.1, APIs: 4, Instructions: 68COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414C13 Relevance: 5.0, APIs: 4, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |