Windows
Analysis Report
OMICS.one
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- ONENOTE.EXE (PID: 5728 cmdline:
C:\Program Files (x8 6)\Microso ft Office\ Office16\O NENOTE.EXE " "C:\User s\user\Des ktop\OMICS .one MD5: 8D7E99CB358318E1F38803C9E6B67867) - wscript.exe (PID: 5928 cmdline:
C:\Windows \System32\ WScript.ex e "C:\User s\user\App Data\Local \Temp\clic k.wsf" MD5: 7075DD7B9BE8807FCA93ACD86F724884) - regsvr32.exe (PID: 5980 cmdline:
C:\Windows \System32\ regsvr32.e xe" "C:\Us ers\user\A ppData\Loc al\Temp\ra dC86B9.tmp .dll MD5: 426E7499F6A7346F0410DEAD0805586B) - regsvr32.exe (PID: 5988 cmdline:
"C:\Users \user\AppD ata\Local\ Temp\radC8 6B9.tmp.dl l" MD5: D78B75FC68247E8A63ACBA846182740E) - regsvr32.exe (PID: 6048 cmdline:
C:\Windows \system32\ regsvr32.e xe "C:\Win dows\syste m32\VZzVLy swcgycmo\h wmNzoGEns. dll" MD5: D78B75FC68247E8A63ACBA846182740E)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Emotet | While Emotet historically was a banking malware organized in a botnet, nowadays Emotet is mostly seen as infrastructure as a service for content delivery. For example, since mid 2018 it is used by Trickbot for installs, which may also lead to ransomware attacks using Ryuk, a combination observed several times against high-profile targets.It is always stealing information from victims but what the criminal gang behind it did, was to open up another business channel by selling their infrastructure delivering additional malicious software. From malware analysts it has been classified into epochs depending on command and control, payloads, and delivery solutions which change over time.Emotet had been taken down by authorities in January 2021, though it appears to have sprung back to life in November 2021. |
{"C2 list": ["91.121.146.47:8080", "66.228.32.31:7080", "182.162.143.56:443", "187.63.160.88:80", "167.172.199.165:8080", "164.90.222.65:443", "104.168.155.143:8080", "163.44.196.120:8080", "160.16.142.56:8080", "159.89.202.34:443", "159.65.88.10:8080", "186.194.240.217:443", "149.56.131.28:8080", "72.15.201.15:8080", "1.234.2.232:8080", "82.223.21.224:8080", "206.189.28.199:8080", "169.57.156.166:8080", "107.170.39.149:8080", "103.43.75.120:443", "91.207.28.33:8080", "213.239.212.5:443", "45.235.8.30:8080", "119.59.103.152:8080", "164.68.99.3:8080", "95.217.221.146:8080", "153.126.146.25:7080", "197.242.150.244:8080", "202.129.205.3:8080", "103.132.242.26:8080", "139.59.126.41:443", "110.232.117.186:8080", "183.111.227.137:8080", "5.135.159.50:443", "201.94.166.162:443", "103.75.201.2:443", "79.137.35.198:8080", "172.105.226.75:8080", "94.23.45.86:4143", "115.68.227.76:8080", "153.92.5.27:8080", "167.172.253.162:8080", "188.44.20.25:443", "147.139.166.154:8080", "129.232.188.93:443", "173.212.193.249:8080", "185.4.135.165:8080", "45.176.232.124:443"], "Public Key": ["RUNTMSAAAABAX3S2xNjcDD0fBno33Ln5t71eii+mofIPoXkNFOX1MeiwCh48iz97kB0mJjGGZXwardnDXKxI8GCHGNl0PFj5tf2IdgAHAI4=", "RUNLMSAAAADzozW1Di4r9DVWzQpMKT588RDdy7BPILP6AiDOTLYMHkSWvrQO5slbmr1OvZ2Pz+AQWzRMggQmAtO6rPH7nyx2ff1AdgAvAIg="]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_MalOneNote | Yara detected Malicious OneNote | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
webshell_asp_obfuscated | ASP webshell obfuscated | Arnim Rupp |
| |
WEBSHELL_asp_generic | Generic ASP webshell which uses any eval/exec function indirectly on user input or writes a file | Arnim Rupp |
| |
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
WEBSHELL_asp_generic | Generic ASP webshell which uses any eval/exec function indirectly on user input or writes a file | Arnim Rupp |
| |
Click to see the 6 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security |
Malware Analysis System Evasion |
---|
Source: | Author: Joe Security: |
Timestamp: | 192.168.2.4104.168.155.1434969680802404302 03/17/23-09:07:50.440401 |
SID: | 2404302 |
Source Port: | 49696 |
Destination Port: | 8080 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.491.121.146.474968680802404344 03/17/23-09:07:07.082827 |
SID: | 2404344 |
Source Port: | 49686 |
Destination Port: | 8080 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.4182.162.143.56496894432404312 03/17/23-09:07:23.162928 |
SID: | 2404312 |
Source Port: | 49689 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.466.228.32.314968870802404330 03/17/23-09:07:17.980118 |
SID: | 2404330 |
Source Port: | 49688 |
Destination Port: | 7080 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.4167.172.199.1654969180802404308 03/17/23-09:07:36.723536 |
SID: | 2404308 |
Source Port: | 49691 |
Destination Port: | 8080 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | ||
Source: | ReversingLabs: |
Source: | Malware Configuration Extractor: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 3_2_0000000180008D28 |
Software Vulnerabilities |
---|
Source: | Process created: |
Networking |
---|
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | Network traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | File created: | Jump to behavior |
Source: | Code function: | 3_2_0000000180006818 | |
Source: | Code function: | 3_2_000000018000B878 | |
Source: | Code function: | 3_2_0000000180007110 | |
Source: | Code function: | 3_2_0000000180008D28 | |
Source: | Code function: | 3_2_0000000180014555 | |
Source: | Code function: | 3_2_009E0000 | |
Source: | Code function: | 3_2_00E1709C | |
Source: | Code function: | 3_2_00E1A000 | |
Source: | Code function: | 3_2_00E0CC14 | |
Source: | Code function: | 3_2_00E07D6C | |
Source: | Code function: | 3_2_00E0263C | |
Source: | Code function: | 3_2_00E08BC8 | |
Source: | Code function: | 3_2_00E18FC8 | |
Source: | Code function: | 3_2_00E120E0 | |
Source: | Code function: | 3_2_00E03CF4 | |
Source: | Code function: | 3_2_00E090F8 | |
Source: | Code function: | 3_2_00E048FC | |
Source: | Code function: | 3_2_00E0F8C4 | |
Source: | Code function: | 3_2_00E15CC4 | |
Source: | Code function: | 3_2_00E080CC | |
Source: | Code function: | 3_2_00E108CC | |
Source: | Code function: | 3_2_00E014D4 | |
Source: | Code function: | 3_2_00E13CD4 | |
Source: | Code function: | 3_2_00E018DC | |
Source: | Code function: | 3_2_00E098AC | |
Source: | Code function: | 3_2_00E1A8B0 | |
Source: | Code function: | 3_2_00E0DCB8 | |
Source: | Code function: | 3_2_00E294BC | |
Source: | Code function: | 3_2_00E15880 | |
Source: | Code function: | 3_2_00E04C84 | |
Source: | Code function: | 3_2_00E1CC84 | |
Source: | Code function: | 3_2_00E0AC94 | |
Source: | Code function: | 3_2_00E1B460 | |
Source: | Code function: | 3_2_00E16C70 | |
Source: | Code function: | 3_2_00E0D474 | |
Source: | Code function: | 3_2_00E02C78 | |
Source: | Code function: | 3_2_00E0C078 | |
Source: | Code function: | 3_2_00E0B07C | |
Source: | Code function: | 3_2_00E07840 | |
Source: | Code function: | 3_2_00E1C44C | |
Source: | Code function: | 3_2_00E25450 | |
Source: | Code function: | 3_2_00E1C058 | |
Source: | Code function: | 3_2_00E11030 | |
Source: | Code function: | 3_2_00E1EC30 | |
Source: | Code function: | 3_2_00E0B83C | |
Source: | Code function: | 3_2_00E01000 | |
Source: | Code function: | 3_2_00E09408 | |
Source: | Code function: | 3_2_00E07C08 | |
Source: | Code function: | 3_2_00E2181C | |
Source: | Code function: | 3_2_00E1D5F0 | |
Source: | Code function: | 3_2_00E115C8 | |
Source: | Code function: | 3_2_00E1BDA0 | |
Source: | Code function: | 3_2_00E095BC | |
Source: | Code function: | 3_2_00E14D20 | |
Source: | Code function: | 3_2_00E11924 | |
Source: | Code function: | 3_2_00E1AD28 | |
Source: | Code function: | 3_2_00E07530 | |
Source: | Code function: | 3_2_00E1B130 | |
Source: | Code function: | 3_2_00E06138 | |
Source: | Code function: | 3_2_00E28500 | |
Source: | Code function: | 3_2_00E1610C | |
Source: | Code function: | 3_2_00E29910 | |
Source: | Code function: | 3_2_00E17518 | |
Source: | Code function: | 3_2_00E092F0 | |
Source: | Code function: | 3_2_00E1EAC0 | |
Source: | Code function: | 3_2_00E0D6CC | |
Source: | Code function: | 3_2_00E196D4 | |
Source: | Code function: | 3_2_00E0AAB8 | |
Source: | Code function: | 3_2_00E04EB8 | |
Source: | Code function: | 3_2_00E03ABC | |
Source: | Code function: | 3_2_00E1A6BC | |
Source: | Code function: | 3_2_00E08A8C | |
Source: | Code function: | 3_2_00E24E8C | |
Source: | Code function: | 3_2_00E0BE90 | |
Source: | Code function: | 3_2_00E14A90 | |
Source: | Code function: | 3_2_00E0A660 | |
Source: | Code function: | 3_2_00E10A70 | |
Source: | Code function: | 3_2_00E03274 | |
Source: | Code function: | 3_2_00E1A244 | |
Source: | Code function: | 3_2_00E0B258 | |
Source: | Code function: | 3_2_00E0F65C | |
Source: | Code function: | 3_2_00E0BA2C | |
Source: | Code function: | 3_2_00E18A2C | |
Source: | Code function: | 3_2_00E10E2C | |
Source: | Code function: | 3_2_00E1662C | |
Source: | Code function: | 3_2_00E15A00 | |
Source: | Code function: | 3_2_00E28A00 | |
Source: | Code function: | 3_2_00E18E08 | |
Source: | Code function: | 3_2_00E03E0C | |
Source: | Code function: | 3_2_00E1020C | |
Source: | Code function: | 3_2_00E04214 | |
Source: | Code function: | 3_2_00E0461C | |
Source: | Code function: | 3_2_00E227EC | |
Source: | Code function: | 3_2_00E0A7F0 | |
Source: | Code function: | 3_2_00E197CC | |
Source: | Code function: | 3_2_00E13FD0 | |
Source: | Code function: | 3_2_00E02FD4 | |
Source: | Code function: | 3_2_00E033D4 | |
Source: | Code function: | 3_2_00E0DBA0 | |
Source: | Code function: | 3_2_00E08FB0 | |
Source: | Code function: | 3_2_00E0FFB8 | |
Source: | Code function: | 3_2_00E18BB8 | |
Source: | Code function: | 3_2_00E15384 | |
Source: | Code function: | 3_2_00E01B94 | |
Source: | Code function: | 3_2_00E1D770 | |
Source: | Code function: | 3_2_00E1CF70 | |
Source: | Code function: | 3_2_00E08378 | |
Source: | Code function: | 3_2_00E0F77C | |
Source: | Code function: | 3_2_00E1E750 | |
Source: | Code function: | 3_2_00E04758 | |
Source: | Code function: | 3_2_00E0975C | |
Source: | Code function: | 3_2_00E0D33C | |
Source: | Code function: | 3_2_00E1E310 | |
Source: | Code function: | 3_2_00E0EF14 | |
Source: | Code function: | 3_2_00E13B14 | |
Source: | Code function: | 3_2_00E14F18 | |
Source: | Code function: | 4_2_00BB0000 | |
Source: | Code function: | 4_2_00E108CC | |
Source: | Code function: | 4_2_00E0640A | |
Source: | Code function: | 4_2_00E0CC14 | |
Source: | Code function: | 4_2_00E07D6C | |
Source: | Code function: | 4_2_00E176A8 | |
Source: | Code function: | 4_2_00E06E42 | |
Source: | Code function: | 4_2_00E20618 | |
Source: | Code function: | 4_2_00E063F4 | |
Source: | Code function: | 4_2_00E08BC8 | |
Source: | Code function: | 4_2_00E18FC8 | |
Source: | Code function: | 4_2_00E13FD0 | |
Source: | Code function: | 4_2_00E273A4 | |
Source: | Code function: | 4_2_00E09B79 | |
Source: | Code function: | 4_2_00E120E0 | |
Source: | Code function: | 4_2_00E03CF4 | |
Source: | Code function: | 4_2_00E090F8 | |
Source: | Code function: | 4_2_00E048FC | |
Source: | Code function: | 4_2_00E0F8C4 | |
Source: | Code function: | 4_2_00E15CC4 | |
Source: | Code function: | 4_2_00E080CC | |
Source: | Code function: | 4_2_00E014D4 | |
Source: | Code function: | 4_2_00E13CD4 | |
Source: | Code function: | 4_2_00E21CD4 | |
Source: | Code function: | 4_2_00E018DC | |
Source: | Code function: | 4_2_00E244A8 | |
Source: | Code function: | 4_2_00E098AC | |
Source: | Code function: | 4_2_00E1A8B0 | |
Source: | Code function: | 4_2_00E0DCB8 | |
Source: | Code function: | 4_2_00E294BC | |
Source: | Code function: | 4_2_00E15880 | |
Source: | Code function: | 4_2_00E04C84 | |
Source: | Code function: | 4_2_00E1CC84 | |
Source: | Code function: | 4_2_00E2488C | |
Source: | Code function: | 4_2_00E0AC94 | |
Source: | Code function: | 4_2_00E21494 | |
Source: | Code function: | 4_2_00E1709C | |
Source: | Code function: | 4_2_00E1B460 | |
Source: | Code function: | 4_2_00E25868 | |
Source: | Code function: | 4_2_00E16C70 | |
Source: | Code function: | 4_2_00E0D474 | |
Source: | Code function: | 4_2_00E02C78 | |
Source: | Code function: | 4_2_00E0C078 | |
Source: | Code function: | 4_2_00E0B07C | |
Source: | Code function: | 4_2_00E07840 | |
Source: | Code function: | 4_2_00E1C44C | |
Source: | Code function: | 4_2_00E25450 | |
Source: | Code function: | 4_2_00E1C058 | |
Source: | Code function: | 4_2_00E11030 | |
Source: | Code function: | 4_2_00E1EC30 | |
Source: | Code function: | 4_2_00E0B83C | |
Source: | Code function: | 4_2_00E01000 | |
Source: | Code function: | 4_2_00E1A000 | |
Source: | Code function: | 4_2_00E09408 | |
Source: | Code function: | 4_2_00E07C08 | |
Source: | Code function: | 4_2_00E07410 | |
Source: | Code function: | 4_2_00E2181C | |
Source: | Code function: | 4_2_00E1D5F0 | |
Source: | Code function: | 4_2_00E115C8 | |
Source: | Code function: | 4_2_00E1BDA0 | |
Source: | Code function: | 4_2_00E095BC | |
Source: | Code function: | 4_2_00E24D64 | |
Source: | Code function: | 4_2_00E14D20 | |
Source: | Code function: | 4_2_00E11924 | |
Source: | Code function: | 4_2_00E1AD28 | |
Source: | Code function: | 4_2_00E1B130 | |
Source: | Code function: | 4_2_00E06138 | |
Source: | Code function: | 4_2_00E28500 | |
Source: | Code function: | 4_2_00E22100 | |
Source: | Code function: | 4_2_00E1610C | |
Source: | Code function: | 4_2_00E29910 | |
Source: | Code function: | 4_2_00E17518 | |
Source: | Code function: | 4_2_00E092F0 | |
Source: | Code function: | 4_2_00E236FC | |
Source: | Code function: | 4_2_00E1EAC0 | |
Source: | Code function: | 4_2_00E0D6CC | |
Source: | Code function: | 4_2_00E196D4 | |
Source: | Code function: | 4_2_00E22AB0 | |
Source: | Code function: | 4_2_00E0AAB8 | |
Source: | Code function: | 4_2_00E04EB8 | |
Source: | Code function: | 4_2_00E03ABC | |
Source: | Code function: | 4_2_00E1A6BC | |
Source: | Code function: | 4_2_00E22E84 | |
Source: | Code function: | 4_2_00E08A8C | |
Source: | Code function: | 4_2_00E24E8C | |
Source: | Code function: | 4_2_00E0BE90 | |
Source: | Code function: | 4_2_00E14A90 | |
Source: | Code function: | 4_2_00E0A660 | |
Source: | Code function: | 4_2_00E10A70 | |
Source: | Code function: | 4_2_00E03274 | |
Source: | Code function: | 4_2_00E1A244 | |
Source: | Code function: | 4_2_00E26E48 | |
Source: | Code function: | 4_2_00E0B258 | |
Source: | Code function: | 4_2_00E0F65C | |
Source: | Code function: | 4_2_00E0BA2C | |
Source: | Code function: | 4_2_00E18A2C | |
Source: | Code function: | 4_2_00E10E2C | |
Source: | Code function: | 4_2_00E1662C | |
Source: | Code function: | 4_2_00E0263C | |
Source: | Code function: | 4_2_00E15A00 | |
Source: | Code function: | 4_2_00E28A00 | |
Source: | Code function: | 4_2_00E18E08 | |
Source: | Code function: | 4_2_00E03E0C | |
Source: | Code function: | 4_2_00E1020C | |
Source: | Code function: | 4_2_00E04214 | |
Source: | Code function: | 4_2_00E0461C | |
Source: | Code function: | 4_2_00E227EC | |
Source: | Code function: | 4_2_00E0A7F0 | |
Source: | Code function: | 4_2_00E1FFFC | |
Source: | Code function: | 4_2_00E197CC | |
Source: | Code function: | 4_2_00E02FD4 | |
Source: | Code function: | 4_2_00E033D4 | |
Source: | Code function: | 4_2_00E0DBA0 | |
Source: | Code function: | 4_2_00E247A8 | |
Source: | Code function: | 4_2_00E08FB0 | |
Source: | Code function: | 4_2_00E0FFB8 | |
Source: | Code function: | 4_2_00E18BB8 | |
Source: | Code function: | 4_2_00E15384 | |
Source: | Code function: | 4_2_00E01B94 | |
Source: | Code function: | 4_2_00E28B68 | |
Source: | Code function: | 4_2_00E1D770 | |
Source: | Code function: | 4_2_00E1CF70 | |
Source: | Code function: | 4_2_00E08378 | |
Source: | Code function: | 4_2_00E0F77C | |
Source: | Code function: | 4_2_00E1E750 | |
Source: | Code function: | 4_2_00E04758 | |
Source: | Code function: | 4_2_00E0975C | |
Source: | Code function: | 4_2_00E0D33C | |
Source: | Code function: | 4_2_00E1E310 | |
Source: | Code function: | 4_2_00E28310 | |
Source: | Code function: | 4_2_00E0EF14 | |
Source: | Code function: | 4_2_00E13B14 | |
Source: | Code function: | 4_2_00E14F18 | |
Source: | Code function: | 4_2_00E25B1C |
Source: | Code function: | 3_2_0000000180010C10 | |
Source: | Code function: | 3_2_0000000180010AC0 | |
Source: | Code function: | 3_2_0000000180010DB0 |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Dropped File: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Code function: | 3_2_00E08BC8 |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 3_2_0000000180005C72 | |
Source: | Code function: | 3_2_00000001800056E4 | |
Source: | Code function: | 3_2_00E0A0FD | |
Source: | Code function: | 3_2_00E180D8 | |
Source: | Code function: | 3_2_00E06CDF | |
Source: | Code function: | 3_2_00E06CAA | |
Source: | Code function: | 3_2_00E0A1D3 | |
Source: | Code function: | 3_2_00E1798F | |
Source: | Code function: | 3_2_00E17D4F | |
Source: | Code function: | 3_2_00E09D5A | |
Source: | Code function: | 3_2_00E18158 | |
Source: | Code function: | 3_2_00E17D2A | |
Source: | Code function: | 3_2_00E17D3D | |
Source: | Code function: | 3_2_00E17EBC | |
Source: | Code function: | 3_2_00E09E8E | |
Source: | Code function: | 3_2_00E0A26F | |
Source: | Code function: | 3_2_00E1C732 | |
Source: | Code function: | 4_2_00E06CDF | |
Source: | Code function: | 4_2_00E06CAA | |
Source: | Code function: | 4_2_00E26D36 | |
Source: | Code function: | 4_2_00E1C732 |
Source: | Static PE information: |
Source: | Process created: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | API coverage: |
Source: | Window found: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 3_2_0000000180008D28 |
Source: | File Volume queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 3_2_0000000180001C48 |
Source: | Code function: | 3_2_000000018000A878 |
Source: | Code function: | 3_2_0000000180010C10 |
Source: | Code function: | 3_2_0000000180001C48 | |
Source: | Code function: | 3_2_00000001800082EC | |
Source: | Code function: | 3_2_00000001800017DC |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 3_2_00000001800070A0 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 3_2_0000000180001D98 |
Stealing of Sensitive Information |
---|
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Scripting | 1 DLL Side-Loading | 111 Process Injection | 21 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 11 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | 1 Exploitation for Client Execution | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | LSASS Memory | 121 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 1 Non-Standard Port | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 111 Process Injection | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Ingress Tool Transfer | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Scripting | NTDS | 2 Process Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 3 Non-Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Hidden Files and Directories | LSA Secrets | 1 Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | 114 Application Layer Protocol | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 Obfuscated Files or Information | Cached Domain Credentials | 2 File and Directory Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 Regsvr32 | DCSync | 25 System Information Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
31% | ReversingLabs | Script-WScript.Trojan.OneNote | ||
41% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
58% | ReversingLabs | Win64.Trojan.Emotet | ||
58% | ReversingLabs | Win64.Trojan.Emotet |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1215476 | Download File | ||
100% | Avira | HEUR/AGEN.1215476 | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
11% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | URL Reputation | safe | ||
16% | Virustotal | Browse | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
penshorn.org | 203.26.41.131 | true | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
false |
| low | ||
true |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
110.232.117.186 | unknown | Australia | 56038 | RACKCORP-APRackCorpAU | true | |
103.132.242.26 | unknown | India | 45117 | INPL-IN-APIshansNetworkIN | true | |
104.168.155.143 | unknown | United States | 54290 | HOSTWINDSUS | true | |
79.137.35.198 | unknown | France | 16276 | OVHFR | true | |
115.68.227.76 | unknown | Korea Republic of | 38700 | SMILESERV-AS-KRSMILESERVKR | true | |
163.44.196.120 | unknown | Singapore | 135161 | GMO-Z-COM-THGMO-ZcomNetDesignHoldingsCoLtdSG | true | |
206.189.28.199 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true | |
203.26.41.131 | penshorn.org | Australia | 38719 | DREAMSCAPE-AS-APDreamscapeNetworksLimitedAU | true | |
107.170.39.149 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true | |
66.228.32.31 | unknown | United States | 63949 | LINODE-APLinodeLLCUS | true | |
197.242.150.244 | unknown | South Africa | 37611 | AfrihostZA | true | |
185.4.135.165 | unknown | Greece | 199246 | TOPHOSTGR | true | |
183.111.227.137 | unknown | Korea Republic of | 4766 | KIXS-AS-KRKoreaTelecomKR | true | |
45.176.232.124 | unknown | Colombia | 267869 | CABLEYTELECOMUNICACIONESDECOLOMBIASASCABLETELCOC | true | |
169.57.156.166 | unknown | United States | 36351 | SOFTLAYERUS | true | |
164.68.99.3 | unknown | Germany | 51167 | CONTABODE | true | |
139.59.126.41 | unknown | Singapore | 14061 | DIGITALOCEAN-ASNUS | true | |
167.172.253.162 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true | |
167.172.199.165 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true | |
202.129.205.3 | unknown | Thailand | 45328 | NIPA-AS-THNIPATECHNOLOGYCOLTDTH | true | |
147.139.166.154 | unknown | United States | 45102 | CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC | true | |
153.92.5.27 | unknown | Germany | 47583 | AS-HOSTINGERLT | true | |
159.65.88.10 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true | |
172.105.226.75 | unknown | United States | 63949 | LINODE-APLinodeLLCUS | true | |
164.90.222.65 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true | |
213.239.212.5 | unknown | Germany | 24940 | HETZNER-ASDE | true | |
5.135.159.50 | unknown | France | 16276 | OVHFR | true | |
186.194.240.217 | unknown | Brazil | 262733 | NetceteraTelecomunicacoesLtdaBR | true | |
119.59.103.152 | unknown | Thailand | 56067 | METRABYTE-TH453LadplacoutJorakhaebuaTH | true | |
159.89.202.34 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true | |
91.121.146.47 | unknown | France | 16276 | OVHFR | true | |
160.16.142.56 | unknown | Japan | 9370 | SAKURA-BSAKURAInternetIncJP | true | |
201.94.166.162 | unknown | Brazil | 28573 | CLAROSABR | true | |
91.207.28.33 | unknown | Kyrgyzstan | 39819 | PROHOSTKG | true | |
103.75.201.2 | unknown | Thailand | 133496 | CDNPLUSCOLTD-AS-APCDNPLUSCOLTDTH | true | |
103.43.75.120 | unknown | Japan | 20473 | AS-CHOOPAUS | true | |
188.44.20.25 | unknown | Macedonia | 57374 | GIV-ASMK | true | |
45.235.8.30 | unknown | Brazil | 267405 | WIKINETTELECOMUNICACOESBR | true | |
153.126.146.25 | unknown | Japan | 7684 | SAKURA-ASAKURAInternetIncJP | true | |
72.15.201.15 | unknown | United States | 13649 | ASN-VINSUS | true | |
187.63.160.88 | unknown | Brazil | 28169 | BITCOMPROVEDORDESERVICOSDEINTERNETLTDABR | true | |
82.223.21.224 | unknown | Spain | 8560 | ONEANDONE-ASBrauerstrasse48DE | true | |
173.212.193.249 | unknown | Germany | 51167 | CONTABODE | true | |
95.217.221.146 | unknown | Germany | 24940 | HETZNER-ASDE | true | |
149.56.131.28 | unknown | Canada | 16276 | OVHFR | true | |
182.162.143.56 | unknown | Korea Republic of | 3786 | LGDACOMLGDACOMCorporationKR | true | |
1.234.2.232 | unknown | Korea Republic of | 9318 | SKB-ASSKBroadbandCoLtdKR | true | |
129.232.188.93 | unknown | South Africa | 37153 | xneeloZA | true | |
94.23.45.86 | unknown | France | 16276 | OVHFR | true |
Joe Sandbox Version: | 37.0.0 Beryl |
Analysis ID: | 828486 |
Start date and time: | 2023-03-17 09:04:56 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 9m 29s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample file name: | OMICS.one |
Detection: | MAL |
Classification: | mal100.troj.expl.evad.winONE@9/11@1/49 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
- Excluded IPs from analysis (whitelisted): 209.197.3.8
- Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, wu-bg-shim.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
09:06:37 | API Interceptor | |
09:07:14 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
110.232.117.186 | Get hash | malicious | Emotet | Browse | ||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
penshorn.org | Get hash | malicious | Emotet | Browse |
| |
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
RACKCORP-APRackCorpAU | Get hash | malicious | Emotet | Browse |
| |
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ce5f3254611a8c095a3d821d44539877 | Get hash | malicious | Emotet | Browse |
| |
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, RedLine, SmokeLoader | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Amadey, Djvu, RedLine, SmokeLoader | Browse |
| ||
Get hash | malicious | BluStealer, ThunderFox Stealer, a310Logger | Browse |
| ||
Get hash | malicious | Amadey, Djvu, SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\radC86B9.tmp.dll | Get hash | malicious | Emotet | Browse | ||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Windows\System32\regsvr32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 62582 |
Entropy (8bit): | 7.996063107774368 |
Encrypted: | true |
SSDEEP: | 1536:Jk3XPi43VgGp0gB2itudTSRAn/TWTdWftu:CHa43V5p022iZ4CgA |
MD5: | E71C8443AE0BC2E282C73FAEAD0A6DD3 |
SHA1: | 0C110C1B01E68EDFACAEAE64781A37B1995FA94B |
SHA-256: | 95B0A5ACC5BF70D3ABDFD091D0C9F9063AA4FDE65BD34DBF16786082E1992E72 |
SHA-512: | B38458C7FA2825AFB72794F374827403D5946B1132E136A0CE075DFD351277CF7D957C88DC8A1E4ADC3BCAE1FA8010DAE3831E268E910D517691DE24326391A6 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Windows\System32\regsvr32.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.119038565051529 |
Encrypted: | false |
SSDEEP: | 6:kKw4ry/7UN+SkQlPlEGYRMY9z+4KlDA3RUecZUt:YwCvkPlE99SNxAhUext |
MD5: | B30D7FE50A8160A98B64722BDC09395D |
SHA1: | 0698124C2D76A2CAD650C776812B979ACBFF00EA |
SHA-256: | 6392F698AF772CFD6F70524336CD19571B93B432AD7566A3FEFA06806B48B15F |
SHA-512: | 81FDA26F02D122F617031929842AD5F73326E535EE9AAB263DE6BDB28C354F7F31D3AF6622F77C51C558E85130E8DB59721694738FCE351164089FCFBE3C652C |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 72 |
Entropy (8bit): | 2.106463217645438 |
Encrypted: | false |
SSDEEP: | 3:ulXH+lS8TcRaAqlAaRtl:KelS8Tc8TX |
MD5: | 6D35FE979A2AF81158578D8FF8AA4390 |
SHA1: | 4FACFE5FFF9553E926FC82615BBFF18F47876715 |
SHA-256: | 41E5436CD2453FF8DC3D187CCC680CE58212D72C77CCA0E632B51085BDE7ECED |
SHA-512: | 947226E35A9BEC0F93AE0467AC23DBE81EFC681A48F3FE6F49F70A2B0BDD35AB533165240D442C2492EA57D29CFA403B848FF8E9BB6EFEADAB507C12DEAE4CEE |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.7042826857143938 |
Encrypted: | false |
SSDEEP: | 48:RDeyO9stKE+mpfrS7xuYNgUlLa+ZovySB89u9Nj8lW:RyiKWf1YaUk+Zovp93 |
MD5: | F66C2BA29F0287A81763F5410AC29E16 |
SHA1: | 1B9FFB04B5C6D5FF4806A62F41335911937F80DA |
SHA-256: | 631A516E9F0DB198866FB04D4E84417C2619B346471BEF9475A7F168B8728EFF |
SHA-512: | 5B9DDA0C6D524193DA9F77220320CDAD8A7BBCB6A68FBB32C6EF4742100423351AC46DA478F5FF84313E7241607A91BBE7B45D81EBDAD29FE13CE69CDCDD33C6 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\wscript.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9 |
Entropy (8bit): | 2.94770277922009 |
Encrypted: | false |
SSDEEP: | 3:tWn:tWn |
MD5: | 07F5A0CFFD9B2616EA44FB90CCC04480 |
SHA1: | 641B12C5FFA1A31BC367390E34D441A9CE1958EE |
SHA-256: | A0430A038E7D879375C9CA5BF94CB440A3B9A002712118A7BCCC1FF82F1EA896 |
SHA-512: | 09E7488C138DEAD45343A79AD0CB37036C5444606CDFD8AA859EE70227A96964376A17F07E03D0FC353708CA9AAF979ABF8BC917E6C2D005A0052575E074F531 |
Malicious: | true |
Preview: |
Process: | C:\Windows\SysWOW64\wscript.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 316928 |
Entropy (8bit): | 7.337848702590508 |
Encrypted: | false |
SSDEEP: | 6144:cwNQMQTlfdUPABVy559hhR3iP7TfPYbrF1EFVw0todxKROsCt:rNbadDBkZ6rPeEFizdxxsCt |
MD5: | BFC060937DC90B273ECCB6825145F298 |
SHA1: | C156C00C7E918F0CB7363614FB1F177C90D8108A |
SHA-256: | 2F39C2879989DDD7F9ECF52B6232598E5595F8BF367846FF188C9DFBF1251253 |
SHA-512: | CC1FEE19314B0A0F9E292FA84F6E98F087033D77DB937848DDA1DA0C88F49997866CBA5465DF04BF929B810B42FDB81481341064C4565C9B6272FA7F3B473AC5 |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 25280 |
Entropy (8bit): | 0.5434078989155284 |
Encrypted: | false |
SSDEEP: | 48:ohnnY+YoO4OOUQPSf+9olgk8Z4GQTaza2yX:0xYocOT6f+6lAUaza26 |
MD5: | 23F4BB1DEB1DB2981E5D6BCA9CEF3D0C |
SHA1: | 4EE22EF03915F90F11CA2A1638B053D4201773DC |
SHA-256: | 628359353E88E935B7A366ED1EB0E256B83ECF734D1145D749063FBACC309101 |
SHA-512: | FF8E454166C94E19CD671DCFE77D05F9C9FAFAEAE12D1DC832EC90C95869CC157BF46748710B2AAE2B616F609851748C7CD603F8C1D0A31B472CC3EBDC90A006 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\36a44befa49650d0.customDestinations-ms (copy)
Download File
Process: | C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 3873 |
Entropy (8bit): | 3.4802265775463828 |
Encrypted: | false |
SSDEEP: | 48:j8m+cdO5bWDMIFPbqzqgdCDDGTCDc6pd5m+cdO5bWDMh7+5DGqzWk7dCDGWG5CDY:cTKDt0qfGF6p/TKD9LZhP3s4 |
MD5: | 56FEFF26310788D7E507E757B170A3AA |
SHA1: | 39FD624DAC6F7BC24DFDED7BF4CBBC8BE1347057 |
SHA-256: | 232CF6EF6DE876BB28B7BD4EB302D5A6B23D6AA2B1E7451677F3F93B84A4BD82 |
SHA-512: | C17325AC363F1F63568315634F4D0C3D1957320A47276099D31726D78B3D464D6DBA210B21045D885D261FD1CF73874C65F9D6FC16F70DCCD6FB5C749CA002B8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\O3RL5OZ6SA7ZCS8J33EG.temp
Download File
Process: | C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 3873 |
Entropy (8bit): | 3.4802265775463828 |
Encrypted: | false |
SSDEEP: | 48:j8m+cdO5bWDMIFPbqzqgdCDDGTCDc6pd5m+cdO5bWDMh7+5DGqzWk7dCDGWG5CDY:cTKDt0qfGF6p/TKD9LZhP3s4 |
MD5: | 56FEFF26310788D7E507E757B170A3AA |
SHA1: | 39FD624DAC6F7BC24DFDED7BF4CBBC8BE1347057 |
SHA-256: | 232CF6EF6DE876BB28B7BD4EB302D5A6B23D6AA2B1E7451677F3F93B84A4BD82 |
SHA-512: | C17325AC363F1F63568315634F4D0C3D1957320A47276099D31726D78B3D464D6DBA210B21045D885D261FD1CF73874C65F9D6FC16F70DCCD6FB5C749CA002B8 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\regsvr32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 316928 |
Entropy (8bit): | 7.337848702590508 |
Encrypted: | false |
SSDEEP: | 6144:cwNQMQTlfdUPABVy559hhR3iP7TfPYbrF1EFVw0todxKROsCt:rNbadDBkZ6rPeEFizdxxsCt |
MD5: | BFC060937DC90B273ECCB6825145F298 |
SHA1: | C156C00C7E918F0CB7363614FB1F177C90D8108A |
SHA-256: | 2F39C2879989DDD7F9ECF52B6232598E5595F8BF367846FF188C9DFBF1251253 |
SHA-512: | CC1FEE19314B0A0F9E292FA84F6E98F087033D77DB937848DDA1DA0C88F49997866CBA5465DF04BF929B810B42FDB81481341064C4565C9B6272FA7F3B473AC5 |
Malicious: | true |
Antivirus: |
|
Preview: |
File type: | |
Entropy (8bit): | 6.73077865477405 |
TrID: |
|
File name: | OMICS.one |
File size: | 120428 |
MD5: | cee0905efea3357f3dc9902754e5d47a |
SHA1: | 693fdea99a495b339d8dd372b759f370cf7f1b7a |
SHA256: | d72079bdae7c59361f934bf92ec1a53875008113541db11124d167cc2eb69b32 |
SHA512: | 9b6184b4a515ba6022982d691983f0108d750e01c9f3edef118b6b8aff66e21d6f510d4a31aded07da973a00049ad6d989eefd537f7b3e0f3cf1b9f1387ee42a |
SSDEEP: | 1536:RDBoTVdaeNtuXndCrJJmT4HVnteV4FrdMiYcx7bfCb6HPdnX9:1BoC+tCYvSMVnte8ZP1Y6Jt |
TLSH: | B6C33BF1A8025C0AE123C976B1FB661399D052ED42283B2BF87D507DD978A20D5DD8EF |
File Content Preview: | .R\{...M..Sx.).......i.E......&.................?......I........*...*...*...*..................................................._fh.*..E.......n..w.....................h...........................8....... ....... ..}...M..t:."S.9.............TL.E..!...... |
Icon Hash: | d4dce0626664606c |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
192.168.2.4104.168.155.1434969680802404302 03/17/23-09:07:50.440401 | TCP | 2404302 | ET CNC Feodo Tracker Reported CnC Server TCP group 2 | 49696 | 8080 | 192.168.2.4 | 104.168.155.143 |
192.168.2.491.121.146.474968680802404344 03/17/23-09:07:07.082827 | TCP | 2404344 | ET CNC Feodo Tracker Reported CnC Server TCP group 23 | 49686 | 8080 | 192.168.2.4 | 91.121.146.47 |
192.168.2.4182.162.143.56496894432404312 03/17/23-09:07:23.162928 | TCP | 2404312 | ET CNC Feodo Tracker Reported CnC Server TCP group 7 | 49689 | 443 | 192.168.2.4 | 182.162.143.56 |
192.168.2.466.228.32.314968870802404330 03/17/23-09:07:17.980118 | TCP | 2404330 | ET CNC Feodo Tracker Reported CnC Server TCP group 16 | 49688 | 7080 | 192.168.2.4 | 66.228.32.31 |
192.168.2.4167.172.199.1654969180802404308 03/17/23-09:07:36.723536 | TCP | 2404308 | ET CNC Feodo Tracker Reported CnC Server TCP group 5 | 49691 | 8080 | 192.168.2.4 | 167.172.199.165 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 17, 2023 09:06:23.789850950 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:23.789948940 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:23.790174007 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:23.792867899 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:23.792901993 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:24.409953117 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:24.410152912 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:24.416637897 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:24.416673899 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:24.417330980 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:24.463357925 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:24.609322071 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:24.609370947 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:24.994668007 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:24.994738102 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:24.994751930 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:24.994915009 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:24.994952917 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.041630030 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.288188934 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.288209915 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.288275003 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.288302898 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.288367987 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.288424969 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.288435936 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.288451910 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.288485050 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.288492918 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.288507938 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.288532019 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.288547039 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.288768053 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.288861990 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.288882017 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.338562965 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.584767103 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.584847927 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.584903002 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.585098028 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.585115910 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.585223913 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.585323095 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.585350037 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.585381985 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.585386992 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.585402012 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.585417986 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.585458040 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.585460901 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.585566044 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.585614920 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.585689068 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.585715055 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.585788965 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.585861921 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.585906982 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.585973024 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.586003065 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.586055040 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.586069107 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.635458946 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.880130053 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.880234003 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.880363941 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.880420923 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.880460978 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.880480051 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.880518913 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.880537033 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.880575895 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.880578995 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.880618095 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.880634069 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.880665064 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.880707979 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.880729914 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.880789995 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.880866051 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.880877018 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.880902052 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.880980015 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.880999088 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.881041050 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.881071091 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.881089926 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.881118059 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.881124020 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.881170988 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.881191969 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.881225109 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.881257057 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.881270885 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.881325960 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.881397963 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.881427050 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.881447077 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.881500959 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.881529093 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.881551027 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.881572962 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.881601095 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.881608963 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.881689072 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.881707907 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:25.883764982 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:25.883919954 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:26.174511909 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.174762011 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.174784899 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:26.174832106 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.174884081 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:26.174917936 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:26.175000906 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.175218105 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.175321102 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:26.175335884 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.175364017 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.175456047 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:26.175470114 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.175741911 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.175849915 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:26.175863981 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.175906897 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.176029921 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:26.176042080 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.176156044 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.176229000 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.176253080 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:26.176274061 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.176301956 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:26.176328897 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:26.176418066 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.176502943 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:26.176508904 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.176531076 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.176603079 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:26.176618099 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.176703930 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.176734924 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:26.176748991 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.176793098 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:26.176803112 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.176836014 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:26.176847935 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.176875114 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:26.176908970 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:26.176917076 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.176939964 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.177005053 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.177006960 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:26.177025080 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.177084923 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:26.177160025 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.177225113 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.177241087 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:26.177253962 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.177309036 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:26.177388906 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.177474976 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:26.177486897 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.177508116 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.177572012 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:26.177772999 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:26.179610968 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:26.179636002 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:06:26.179651976 CET | 49685 | 443 | 192.168.2.4 | 203.26.41.131 |
Mar 17, 2023 09:06:26.179660082 CET | 443 | 49685 | 203.26.41.131 | 192.168.2.4 |
Mar 17, 2023 09:07:07.082827091 CET | 49686 | 8080 | 192.168.2.4 | 91.121.146.47 |
Mar 17, 2023 09:07:07.112083912 CET | 8080 | 49686 | 91.121.146.47 | 192.168.2.4 |
Mar 17, 2023 09:07:07.112323046 CET | 49686 | 8080 | 192.168.2.4 | 91.121.146.47 |
Mar 17, 2023 09:07:07.137682915 CET | 49686 | 8080 | 192.168.2.4 | 91.121.146.47 |
Mar 17, 2023 09:07:07.166542053 CET | 8080 | 49686 | 91.121.146.47 | 192.168.2.4 |
Mar 17, 2023 09:07:07.184624910 CET | 8080 | 49686 | 91.121.146.47 | 192.168.2.4 |
Mar 17, 2023 09:07:07.184667110 CET | 8080 | 49686 | 91.121.146.47 | 192.168.2.4 |
Mar 17, 2023 09:07:07.184835911 CET | 49686 | 8080 | 192.168.2.4 | 91.121.146.47 |
Mar 17, 2023 09:07:07.193453074 CET | 49686 | 8080 | 192.168.2.4 | 91.121.146.47 |
Mar 17, 2023 09:07:07.222291946 CET | 8080 | 49686 | 91.121.146.47 | 192.168.2.4 |
Mar 17, 2023 09:07:07.263881922 CET | 49686 | 8080 | 192.168.2.4 | 91.121.146.47 |
Mar 17, 2023 09:07:13.351089001 CET | 49686 | 8080 | 192.168.2.4 | 91.121.146.47 |
Mar 17, 2023 09:07:13.351146936 CET | 49686 | 8080 | 192.168.2.4 | 91.121.146.47 |
Mar 17, 2023 09:07:13.378634930 CET | 8080 | 49686 | 91.121.146.47 | 192.168.2.4 |
Mar 17, 2023 09:07:13.877799988 CET | 8080 | 49686 | 91.121.146.47 | 192.168.2.4 |
Mar 17, 2023 09:07:13.920674086 CET | 49686 | 8080 | 192.168.2.4 | 91.121.146.47 |
Mar 17, 2023 09:07:16.881594896 CET | 8080 | 49686 | 91.121.146.47 | 192.168.2.4 |
Mar 17, 2023 09:07:16.881666899 CET | 8080 | 49686 | 91.121.146.47 | 192.168.2.4 |
Mar 17, 2023 09:07:16.881794930 CET | 49686 | 8080 | 192.168.2.4 | 91.121.146.47 |
Mar 17, 2023 09:07:16.881938934 CET | 49686 | 8080 | 192.168.2.4 | 91.121.146.47 |
Mar 17, 2023 09:07:16.882110119 CET | 49686 | 8080 | 192.168.2.4 | 91.121.146.47 |
Mar 17, 2023 09:07:16.909288883 CET | 8080 | 49686 | 91.121.146.47 | 192.168.2.4 |
Mar 17, 2023 09:07:16.909466028 CET | 8080 | 49686 | 91.121.146.47 | 192.168.2.4 |
Mar 17, 2023 09:07:17.980118036 CET | 49688 | 7080 | 192.168.2.4 | 66.228.32.31 |
Mar 17, 2023 09:07:18.080662966 CET | 7080 | 49688 | 66.228.32.31 | 192.168.2.4 |
Mar 17, 2023 09:07:18.080837011 CET | 49688 | 7080 | 192.168.2.4 | 66.228.32.31 |
Mar 17, 2023 09:07:18.081284046 CET | 49688 | 7080 | 192.168.2.4 | 66.228.32.31 |
Mar 17, 2023 09:07:18.182641983 CET | 7080 | 49688 | 66.228.32.31 | 192.168.2.4 |
Mar 17, 2023 09:07:18.191973925 CET | 7080 | 49688 | 66.228.32.31 | 192.168.2.4 |
Mar 17, 2023 09:07:18.192049026 CET | 7080 | 49688 | 66.228.32.31 | 192.168.2.4 |
Mar 17, 2023 09:07:18.192212105 CET | 49688 | 7080 | 192.168.2.4 | 66.228.32.31 |
Mar 17, 2023 09:07:18.204938889 CET | 49688 | 7080 | 192.168.2.4 | 66.228.32.31 |
Mar 17, 2023 09:07:18.306385994 CET | 7080 | 49688 | 66.228.32.31 | 192.168.2.4 |
Mar 17, 2023 09:07:18.313245058 CET | 49688 | 7080 | 192.168.2.4 | 66.228.32.31 |
Mar 17, 2023 09:07:18.453480959 CET | 7080 | 49688 | 66.228.32.31 | 192.168.2.4 |
Mar 17, 2023 09:07:19.321127892 CET | 7080 | 49688 | 66.228.32.31 | 192.168.2.4 |
Mar 17, 2023 09:07:19.374325991 CET | 49688 | 7080 | 192.168.2.4 | 66.228.32.31 |
Mar 17, 2023 09:07:22.321366072 CET | 7080 | 49688 | 66.228.32.31 | 192.168.2.4 |
Mar 17, 2023 09:07:22.321445942 CET | 7080 | 49688 | 66.228.32.31 | 192.168.2.4 |
Mar 17, 2023 09:07:22.321580887 CET | 49688 | 7080 | 192.168.2.4 | 66.228.32.31 |
Mar 17, 2023 09:07:22.321717024 CET | 49688 | 7080 | 192.168.2.4 | 66.228.32.31 |
Mar 17, 2023 09:07:22.321760893 CET | 49688 | 7080 | 192.168.2.4 | 66.228.32.31 |
Mar 17, 2023 09:07:22.421813011 CET | 7080 | 49688 | 66.228.32.31 | 192.168.2.4 |
Mar 17, 2023 09:07:22.421905994 CET | 7080 | 49688 | 66.228.32.31 | 192.168.2.4 |
Mar 17, 2023 09:07:23.162928104 CET | 49689 | 443 | 192.168.2.4 | 182.162.143.56 |
Mar 17, 2023 09:07:23.163026094 CET | 443 | 49689 | 182.162.143.56 | 192.168.2.4 |
Mar 17, 2023 09:07:23.163177967 CET | 49689 | 443 | 192.168.2.4 | 182.162.143.56 |
Mar 17, 2023 09:07:23.164298058 CET | 49689 | 443 | 192.168.2.4 | 182.162.143.56 |
Mar 17, 2023 09:07:23.164345026 CET | 443 | 49689 | 182.162.143.56 | 192.168.2.4 |
Mar 17, 2023 09:07:23.942322016 CET | 443 | 49689 | 182.162.143.56 | 192.168.2.4 |
Mar 17, 2023 09:07:23.942528963 CET | 49689 | 443 | 192.168.2.4 | 182.162.143.56 |
Mar 17, 2023 09:07:23.949018002 CET | 49689 | 443 | 192.168.2.4 | 182.162.143.56 |
Mar 17, 2023 09:07:23.949038982 CET | 443 | 49689 | 182.162.143.56 | 192.168.2.4 |
Mar 17, 2023 09:07:23.949441910 CET | 443 | 49689 | 182.162.143.56 | 192.168.2.4 |
Mar 17, 2023 09:07:23.951169968 CET | 49689 | 443 | 192.168.2.4 | 182.162.143.56 |
Mar 17, 2023 09:07:23.951189041 CET | 443 | 49689 | 182.162.143.56 | 192.168.2.4 |
Mar 17, 2023 09:07:25.046781063 CET | 443 | 49689 | 182.162.143.56 | 192.168.2.4 |
Mar 17, 2023 09:07:25.046938896 CET | 443 | 49689 | 182.162.143.56 | 192.168.2.4 |
Mar 17, 2023 09:07:25.047255039 CET | 49689 | 443 | 192.168.2.4 | 182.162.143.56 |
Mar 17, 2023 09:07:25.048105001 CET | 49689 | 443 | 192.168.2.4 | 182.162.143.56 |
Mar 17, 2023 09:07:25.048147917 CET | 443 | 49689 | 182.162.143.56 | 192.168.2.4 |
Mar 17, 2023 09:07:25.048180103 CET | 49689 | 443 | 192.168.2.4 | 182.162.143.56 |
Mar 17, 2023 09:07:25.048194885 CET | 443 | 49689 | 182.162.143.56 | 192.168.2.4 |
Mar 17, 2023 09:07:30.974205971 CET | 49690 | 80 | 192.168.2.4 | 187.63.160.88 |
Mar 17, 2023 09:07:31.203985929 CET | 80 | 49690 | 187.63.160.88 | 192.168.2.4 |
Mar 17, 2023 09:07:31.204660892 CET | 49690 | 80 | 192.168.2.4 | 187.63.160.88 |
Mar 17, 2023 09:07:31.205951929 CET | 49690 | 80 | 192.168.2.4 | 187.63.160.88 |
Mar 17, 2023 09:07:31.435683966 CET | 80 | 49690 | 187.63.160.88 | 192.168.2.4 |
Mar 17, 2023 09:07:31.450947046 CET | 80 | 49690 | 187.63.160.88 | 192.168.2.4 |
Mar 17, 2023 09:07:31.450994015 CET | 80 | 49690 | 187.63.160.88 | 192.168.2.4 |
Mar 17, 2023 09:07:31.451162100 CET | 49690 | 80 | 192.168.2.4 | 187.63.160.88 |
Mar 17, 2023 09:07:31.456162930 CET | 49690 | 80 | 192.168.2.4 | 187.63.160.88 |
Mar 17, 2023 09:07:31.686403036 CET | 80 | 49690 | 187.63.160.88 | 192.168.2.4 |
Mar 17, 2023 09:07:31.688262939 CET | 49690 | 80 | 192.168.2.4 | 187.63.160.88 |
Mar 17, 2023 09:07:31.957545042 CET | 80 | 49690 | 187.63.160.88 | 192.168.2.4 |
Mar 17, 2023 09:07:32.965385914 CET | 80 | 49690 | 187.63.160.88 | 192.168.2.4 |
Mar 17, 2023 09:07:33.016030073 CET | 49690 | 80 | 192.168.2.4 | 187.63.160.88 |
Mar 17, 2023 09:07:35.964777946 CET | 80 | 49690 | 187.63.160.88 | 192.168.2.4 |
Mar 17, 2023 09:07:35.964816093 CET | 80 | 49690 | 187.63.160.88 | 192.168.2.4 |
Mar 17, 2023 09:07:35.964976072 CET | 49690 | 80 | 192.168.2.4 | 187.63.160.88 |
Mar 17, 2023 09:07:35.968456030 CET | 49690 | 80 | 192.168.2.4 | 187.63.160.88 |
Mar 17, 2023 09:07:35.968518019 CET | 49690 | 80 | 192.168.2.4 | 187.63.160.88 |
Mar 17, 2023 09:07:36.198014975 CET | 80 | 49690 | 187.63.160.88 | 192.168.2.4 |
Mar 17, 2023 09:07:36.198091984 CET | 80 | 49690 | 187.63.160.88 | 192.168.2.4 |
Mar 17, 2023 09:07:36.723536015 CET | 49691 | 8080 | 192.168.2.4 | 167.172.199.165 |
Mar 17, 2023 09:07:36.892431974 CET | 8080 | 49691 | 167.172.199.165 | 192.168.2.4 |
Mar 17, 2023 09:07:37.407073975 CET | 49691 | 8080 | 192.168.2.4 | 167.172.199.165 |
Mar 17, 2023 09:07:37.574215889 CET | 8080 | 49691 | 167.172.199.165 | 192.168.2.4 |
Mar 17, 2023 09:07:38.079041004 CET | 49691 | 8080 | 192.168.2.4 | 167.172.199.165 |
Mar 17, 2023 09:07:38.246161938 CET | 8080 | 49691 | 167.172.199.165 | 192.168.2.4 |
Mar 17, 2023 09:07:43.728916883 CET | 49692 | 443 | 192.168.2.4 | 164.90.222.65 |
Mar 17, 2023 09:07:43.728981018 CET | 443 | 49692 | 164.90.222.65 | 192.168.2.4 |
Mar 17, 2023 09:07:43.729094982 CET | 49692 | 443 | 192.168.2.4 | 164.90.222.65 |
Mar 17, 2023 09:07:43.729778051 CET | 49692 | 443 | 192.168.2.4 | 164.90.222.65 |
Mar 17, 2023 09:07:43.729794979 CET | 443 | 49692 | 164.90.222.65 | 192.168.2.4 |
Mar 17, 2023 09:07:43.762868881 CET | 443 | 49692 | 164.90.222.65 | 192.168.2.4 |
Mar 17, 2023 09:07:43.764467955 CET | 49693 | 443 | 192.168.2.4 | 164.90.222.65 |
Mar 17, 2023 09:07:43.764552116 CET | 443 | 49693 | 164.90.222.65 | 192.168.2.4 |
Mar 17, 2023 09:07:43.764771938 CET | 49693 | 443 | 192.168.2.4 | 164.90.222.65 |
Mar 17, 2023 09:07:43.766184092 CET | 49693 | 443 | 192.168.2.4 | 164.90.222.65 |
Mar 17, 2023 09:07:43.766242027 CET | 443 | 49693 | 164.90.222.65 | 192.168.2.4 |
Mar 17, 2023 09:07:43.800620079 CET | 443 | 49693 | 164.90.222.65 | 192.168.2.4 |
Mar 17, 2023 09:07:43.804982901 CET | 49694 | 443 | 192.168.2.4 | 164.90.222.65 |
Mar 17, 2023 09:07:43.805053949 CET | 443 | 49694 | 164.90.222.65 | 192.168.2.4 |
Mar 17, 2023 09:07:43.805609941 CET | 49694 | 443 | 192.168.2.4 | 164.90.222.65 |
Mar 17, 2023 09:07:43.807570934 CET | 49694 | 443 | 192.168.2.4 | 164.90.222.65 |
Mar 17, 2023 09:07:43.807612896 CET | 443 | 49694 | 164.90.222.65 | 192.168.2.4 |
Mar 17, 2023 09:07:43.841613054 CET | 443 | 49694 | 164.90.222.65 | 192.168.2.4 |
Mar 17, 2023 09:07:43.847589016 CET | 49695 | 443 | 192.168.2.4 | 164.90.222.65 |
Mar 17, 2023 09:07:43.847645044 CET | 443 | 49695 | 164.90.222.65 | 192.168.2.4 |
Mar 17, 2023 09:07:43.847801924 CET | 49695 | 443 | 192.168.2.4 | 164.90.222.65 |
Mar 17, 2023 09:07:43.848376036 CET | 49695 | 443 | 192.168.2.4 | 164.90.222.65 |
Mar 17, 2023 09:07:43.848397017 CET | 443 | 49695 | 164.90.222.65 | 192.168.2.4 |
Mar 17, 2023 09:07:43.882746935 CET | 443 | 49695 | 164.90.222.65 | 192.168.2.4 |
Mar 17, 2023 09:07:50.440401077 CET | 49696 | 8080 | 192.168.2.4 | 104.168.155.143 |
Mar 17, 2023 09:07:50.604892969 CET | 8080 | 49696 | 104.168.155.143 | 192.168.2.4 |
Mar 17, 2023 09:07:51.199918032 CET | 49696 | 8080 | 192.168.2.4 | 104.168.155.143 |
Mar 17, 2023 09:07:51.364449024 CET | 8080 | 49696 | 104.168.155.143 | 192.168.2.4 |
Mar 17, 2023 09:07:51.899883032 CET | 49696 | 8080 | 192.168.2.4 | 104.168.155.143 |
Mar 17, 2023 09:07:52.064246893 CET | 8080 | 49696 | 104.168.155.143 | 192.168.2.4 |
Mar 17, 2023 09:07:57.417993069 CET | 49697 | 8080 | 192.168.2.4 | 163.44.196.120 |
Mar 17, 2023 09:07:57.630830050 CET | 8080 | 49697 | 163.44.196.120 | 192.168.2.4 |
Mar 17, 2023 09:07:58.145246029 CET | 49697 | 8080 | 192.168.2.4 | 163.44.196.120 |
Mar 17, 2023 09:07:58.358165979 CET | 8080 | 49697 | 163.44.196.120 | 192.168.2.4 |
Mar 17, 2023 09:07:58.869560003 CET | 49697 | 8080 | 192.168.2.4 | 163.44.196.120 |
Mar 17, 2023 09:07:59.082464933 CET | 8080 | 49697 | 163.44.196.120 | 192.168.2.4 |
Mar 17, 2023 09:08:04.454890013 CET | 49698 | 8080 | 192.168.2.4 | 160.16.142.56 |
Mar 17, 2023 09:08:07.601447105 CET | 49698 | 8080 | 192.168.2.4 | 160.16.142.56 |
Mar 17, 2023 09:08:13.601902008 CET | 49698 | 8080 | 192.168.2.4 | 160.16.142.56 |
Mar 17, 2023 09:08:20.420095921 CET | 49699 | 443 | 192.168.2.4 | 159.89.202.34 |
Mar 17, 2023 09:08:20.420196056 CET | 443 | 49699 | 159.89.202.34 | 192.168.2.4 |
Mar 17, 2023 09:08:20.420330048 CET | 49699 | 443 | 192.168.2.4 | 159.89.202.34 |
Mar 17, 2023 09:08:20.421067953 CET | 49699 | 443 | 192.168.2.4 | 159.89.202.34 |
Mar 17, 2023 09:08:20.421127081 CET | 443 | 49699 | 159.89.202.34 | 192.168.2.4 |
Mar 17, 2023 09:08:20.689342022 CET | 443 | 49699 | 159.89.202.34 | 192.168.2.4 |
Mar 17, 2023 09:08:20.691514015 CET | 49700 | 443 | 192.168.2.4 | 159.89.202.34 |
Mar 17, 2023 09:08:20.691600084 CET | 443 | 49700 | 159.89.202.34 | 192.168.2.4 |
Mar 17, 2023 09:08:20.692032099 CET | 49700 | 443 | 192.168.2.4 | 159.89.202.34 |
Mar 17, 2023 09:08:20.692589045 CET | 49700 | 443 | 192.168.2.4 | 159.89.202.34 |
Mar 17, 2023 09:08:20.692627907 CET | 443 | 49700 | 159.89.202.34 | 192.168.2.4 |
Mar 17, 2023 09:08:20.958555937 CET | 443 | 49700 | 159.89.202.34 | 192.168.2.4 |
Mar 17, 2023 09:08:20.961616039 CET | 49701 | 443 | 192.168.2.4 | 159.89.202.34 |
Mar 17, 2023 09:08:20.961689949 CET | 443 | 49701 | 159.89.202.34 | 192.168.2.4 |
Mar 17, 2023 09:08:20.962076902 CET | 49701 | 443 | 192.168.2.4 | 159.89.202.34 |
Mar 17, 2023 09:08:20.962744951 CET | 49701 | 443 | 192.168.2.4 | 159.89.202.34 |
Mar 17, 2023 09:08:20.962775946 CET | 443 | 49701 | 159.89.202.34 | 192.168.2.4 |
Mar 17, 2023 09:08:21.261420012 CET | 443 | 49701 | 159.89.202.34 | 192.168.2.4 |
Mar 17, 2023 09:08:21.263144016 CET | 49702 | 443 | 192.168.2.4 | 159.89.202.34 |
Mar 17, 2023 09:08:21.263223886 CET | 443 | 49702 | 159.89.202.34 | 192.168.2.4 |
Mar 17, 2023 09:08:21.263452053 CET | 49702 | 443 | 192.168.2.4 | 159.89.202.34 |
Mar 17, 2023 09:08:21.264353037 CET | 49702 | 443 | 192.168.2.4 | 159.89.202.34 |
Mar 17, 2023 09:08:21.264384031 CET | 443 | 49702 | 159.89.202.34 | 192.168.2.4 |
Mar 17, 2023 09:08:21.523734093 CET | 443 | 49702 | 159.89.202.34 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 17, 2023 09:06:23.756524086 CET | 62577 | 53 | 192.168.2.4 | 8.8.8.8 |
Mar 17, 2023 09:06:23.774235964 CET | 53 | 62577 | 8.8.8.8 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 17, 2023 09:06:23.756524086 CET | 192.168.2.4 | 8.8.8.8 | 0xeaaa | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 17, 2023 09:06:23.774235964 CET | 8.8.8.8 | 192.168.2.4 | 0xeaaa | No error (0) | 203.26.41.131 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49685 | 203.26.41.131 | 443 | C:\Windows\SysWOW64\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.4 | 49689 | 182.162.143.56 | 443 | C:\Windows\System32\regsvr32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.4 | 49690 | 187.63.160.88 | 80 | C:\Windows\System32\regsvr32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 17, 2023 09:07:31.205951929 CET | 498 | OUT | |
Mar 17, 2023 09:07:31.450947046 CET | 499 | IN | |
Mar 17, 2023 09:07:31.450994015 CET | 499 | IN | |
Mar 17, 2023 09:07:31.456162930 CET | 500 | OUT | |
Mar 17, 2023 09:07:31.686403036 CET | 500 | IN | |
Mar 17, 2023 09:07:31.688262939 CET | 500 | OUT | |
Mar 17, 2023 09:07:32.965385914 CET | 500 | IN | |
Mar 17, 2023 09:07:35.964777946 CET | 501 | IN | |
Mar 17, 2023 09:07:35.968456030 CET | 501 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49685 | 203.26.41.131 | 443 | C:\Windows\SysWOW64\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-03-17 08:06:24 UTC | 0 | OUT | |
2023-03-17 08:06:24 UTC | 0 | IN | |
2023-03-17 08:06:24 UTC | 0 | IN | |
2023-03-17 08:06:25 UTC | 8 | IN | |
2023-03-17 08:06:25 UTC | 16 | IN | |
2023-03-17 08:06:25 UTC | 16 | IN | |
2023-03-17 08:06:25 UTC | 24 | IN | |
2023-03-17 08:06:25 UTC | 32 | IN | |
2023-03-17 08:06:25 UTC | 32 | IN | |
2023-03-17 08:06:25 UTC | 40 | IN | |
2023-03-17 08:06:25 UTC | 48 | IN | |
2023-03-17 08:06:25 UTC | 48 | IN | |
2023-03-17 08:06:25 UTC | 56 | IN | |
2023-03-17 08:06:25 UTC | 64 | IN | |
2023-03-17 08:06:25 UTC | 64 | IN | |
2023-03-17 08:06:25 UTC | 72 | IN | |
2023-03-17 08:06:25 UTC | 80 | IN | |
2023-03-17 08:06:25 UTC | 80 | IN | |
2023-03-17 08:06:25 UTC | 88 | IN | |
2023-03-17 08:06:25 UTC | 96 | IN | |
2023-03-17 08:06:25 UTC | 96 | IN | |
2023-03-17 08:06:25 UTC | 104 | IN | |
2023-03-17 08:06:25 UTC | 112 | IN | |
2023-03-17 08:06:25 UTC | 112 | IN | |
2023-03-17 08:06:25 UTC | 120 | IN | |
2023-03-17 08:06:25 UTC | 128 | IN | |
2023-03-17 08:06:25 UTC | 128 | IN | |
2023-03-17 08:06:25 UTC | 136 | IN | |
2023-03-17 08:06:25 UTC | 144 | IN | |
2023-03-17 08:06:25 UTC | 144 | IN | |
2023-03-17 08:06:25 UTC | 152 | IN | |
2023-03-17 08:06:25 UTC | 160 | IN | |
2023-03-17 08:06:25 UTC | 160 | IN | |
2023-03-17 08:06:25 UTC | 168 | IN | |
2023-03-17 08:06:25 UTC | 176 | IN | |
2023-03-17 08:06:26 UTC | 176 | IN | |
2023-03-17 08:06:26 UTC | 184 | IN | |
2023-03-17 08:06:26 UTC | 192 | IN | |
2023-03-17 08:06:26 UTC | 192 | IN | |
2023-03-17 08:06:26 UTC | 200 | IN | |
2023-03-17 08:06:26 UTC | 208 | IN | |
2023-03-17 08:06:26 UTC | 208 | IN | |
2023-03-17 08:06:26 UTC | 216 | IN | |
2023-03-17 08:06:26 UTC | 224 | IN | |
2023-03-17 08:06:26 UTC | 224 | IN | |
2023-03-17 08:06:26 UTC | 232 | IN | |
2023-03-17 08:06:26 UTC | 240 | IN | |
2023-03-17 08:06:26 UTC | 240 | IN | |
2023-03-17 08:06:26 UTC | 248 | IN | |
2023-03-17 08:06:26 UTC | 256 | IN | |
2023-03-17 08:06:26 UTC | 256 | IN | |
2023-03-17 08:06:26 UTC | 264 | IN | |
2023-03-17 08:06:26 UTC | 272 | IN | |
2023-03-17 08:06:26 UTC | 272 | IN | |
2023-03-17 08:06:26 UTC | 280 | IN | |
2023-03-17 08:06:26 UTC | 288 | IN | |
2023-03-17 08:06:26 UTC | 288 | IN | |
2023-03-17 08:06:26 UTC | 296 | IN | |
2023-03-17 08:06:26 UTC | 304 | IN | |
2023-03-17 08:06:26 UTC | 304 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.4 | 49689 | 182.162.143.56 | 443 | C:\Windows\System32\regsvr32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-03-17 08:07:23 UTC | 310 | OUT | |
2023-03-17 08:07:25 UTC | 310 | IN | |
2023-03-17 08:07:25 UTC | 310 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 09:05:56 |
Start date: | 17/03/2023 |
Path: | C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xeb0000 |
File size: | 1676072 bytes |
MD5 hash: | 8D7E99CB358318E1F38803C9E6B67867 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Target ID: | 1 |
Start time: | 09:06:22 |
Start date: | 17/03/2023 |
Path: | C:\Windows\SysWOW64\wscript.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1360000 |
File size: | 147456 bytes |
MD5 hash: | 7075DD7B9BE8807FCA93ACD86F724884 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Target ID: | 2 |
Start time: | 09:06:26 |
Start date: | 17/03/2023 |
Path: | C:\Windows\SysWOW64\regsvr32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1260000 |
File size: | 20992 bytes |
MD5 hash: | 426E7499F6A7346F0410DEAD0805586B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 3 |
Start time: | 09:06:26 |
Start date: | 17/03/2023 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff787110000 |
File size: | 24064 bytes |
MD5 hash: | D78B75FC68247E8A63ACBA846182740E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Target ID: | 4 |
Start time: | 09:06:29 |
Start date: | 17/03/2023 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff787110000 |
File size: | 24064 bytes |
MD5 hash: | D78B75FC68247E8A63ACBA846182740E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Execution Graph
Execution Coverage: | 8.4% |
Dynamic/Decrypted Code Coverage: | 8.9% |
Signature Coverage: | 7.1% |
Total number of Nodes: | 282 |
Total number of Limit Nodes: | 8 |
Graph
Function 009E0000 Relevance: 55.2, APIs: 5, Strings: 26, Instructions: 953memoryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1709C Relevance: 11.5, Strings: 9, Instructions: 237COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180010C10 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 78librarymemorynativeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E07D6C Relevance: 7.7, Strings: 6, Instructions: 201COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1A000 Relevance: 7.7, Strings: 6, Instructions: 154COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E0CC14 Relevance: 4.1, Strings: 3, Instructions: 312COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E08BC8 Relevance: 4.0, Strings: 3, Instructions: 213COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E18FC8 Relevance: 1.5, Strings: 1, Instructions: 279COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E0263C Relevance: 1.4, Strings: 1, Instructions: 135COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800063CC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 112COMMON
Control-flow Graph
C-Code - Quality: 71% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E13988 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 105processCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180008714 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 44% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800082EC Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E0F8C4 Relevance: 6.6, Strings: 5, Instructions: 393COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E15384 Relevance: 6.6, Strings: 5, Instructions: 313COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E08378 Relevance: 6.5, Strings: 5, Instructions: 238COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1610C Relevance: 6.5, Strings: 5, Instructions: 208COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E17518 Relevance: 6.3, Strings: 5, Instructions: 87COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E0975C Relevance: 6.3, Strings: 5, Instructions: 77COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180001D98 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1CF70 Relevance: 5.4, Strings: 4, Instructions: 410COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E04EB8 Relevance: 5.4, Strings: 4, Instructions: 386COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1AD28 Relevance: 5.2, Strings: 4, Instructions: 205COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E080CC Relevance: 5.2, Strings: 4, Instructions: 163COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E0D474 Relevance: 5.1, Strings: 4, Instructions: 136COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E014D4 Relevance: 5.1, Strings: 4, Instructions: 117COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E14A90 Relevance: 5.1, Strings: 4, Instructions: 101COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E0A660 Relevance: 5.1, Strings: 4, Instructions: 101COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E03274 Relevance: 5.1, Strings: 4, Instructions: 81COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E01B94 Relevance: 5.1, Strings: 4, Instructions: 77COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E048FC Relevance: 4.0, Strings: 3, Instructions: 225COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E03E0C Relevance: 3.9, Strings: 3, Instructions: 171COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1E750 Relevance: 3.9, Strings: 3, Instructions: 145COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1D5F0 Relevance: 3.8, Strings: 3, Instructions: 96COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E18BB8 Relevance: 3.8, Strings: 3, Instructions: 96COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1EAC0 Relevance: 3.8, Strings: 3, Instructions: 86COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E0DCB8 Relevance: 3.8, Strings: 3, Instructions: 80COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E0A7F0 Relevance: 3.8, Strings: 3, Instructions: 72COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000B878 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E13FD0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E0C078 Relevance: 2.9, Strings: 2, Instructions: 384COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E29910 Relevance: 2.8, Strings: 2, Instructions: 322COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1B460 Relevance: 2.8, Strings: 2, Instructions: 290COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E033D4 Relevance: 2.8, Strings: 2, Instructions: 276COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E04214 Relevance: 2.8, Strings: 2, Instructions: 253COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E16C70 Relevance: 2.7, Strings: 2, Instructions: 226COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E294BC Relevance: 2.7, Strings: 2, Instructions: 194COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1EC30 Relevance: 2.7, Strings: 2, Instructions: 188COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1662C Relevance: 2.7, Strings: 2, Instructions: 179COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E0AC94 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E15A00 Relevance: 2.7, Strings: 2, Instructions: 168COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E0AAB8 Relevance: 2.7, Strings: 2, Instructions: 152COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E07530 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E13B14 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E0B07C Relevance: 2.6, Strings: 2, Instructions: 115COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E06138 Relevance: 2.6, Strings: 2, Instructions: 106COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E04758 Relevance: 2.6, Strings: 2, Instructions: 101COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E15880 Relevance: 2.6, Strings: 2, Instructions: 99COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E18A2C Relevance: 2.6, Strings: 2, Instructions: 99COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1C058 Relevance: 2.6, Strings: 2, Instructions: 97COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1B130 Relevance: 2.6, Strings: 2, Instructions: 97COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E095BC Relevance: 2.6, Strings: 2, Instructions: 93COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1C44C Relevance: 2.6, Strings: 2, Instructions: 87COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E07C08 Relevance: 2.6, Strings: 2, Instructions: 82COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E28A00 Relevance: 2.6, Strings: 2, Instructions: 81COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E08FB0 Relevance: 2.6, Strings: 2, Instructions: 79COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E07840 Relevance: 2.6, Strings: 2, Instructions: 78COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E04C84 Relevance: 2.6, Strings: 2, Instructions: 72COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E0F65C Relevance: 2.6, Strings: 2, Instructions: 69COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E08A8C Relevance: 2.6, Strings: 2, Instructions: 68COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E10A70 Relevance: 2.6, Strings: 2, Instructions: 62COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E03CF4 Relevance: 2.6, Strings: 2, Instructions: 57COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E02FD4 Relevance: 2.6, Strings: 2, Instructions: 56COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E11924 Relevance: 1.7, Strings: 1, Instructions: 428COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E11030 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E0EF14 Relevance: 1.5, Strings: 1, Instructions: 255COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1A8B0 Relevance: 1.4, Strings: 1, Instructions: 195COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E14D20 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E0BE90 Relevance: 1.4, Strings: 1, Instructions: 132COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E0D6CC Relevance: 1.4, Strings: 1, Instructions: 125COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E0461C Relevance: 1.4, Strings: 1, Instructions: 115COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E0F77C Relevance: 1.4, Strings: 1, Instructions: 114COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E2181C Relevance: 1.4, Strings: 1, Instructions: 109COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E09408 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E28500 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E120E0 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E108CC Relevance: 1.3, Strings: 1, Instructions: 94COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E13CD4 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E018DC Relevance: 1.3, Strings: 1, Instructions: 77COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E24E8C Relevance: 1.3, Strings: 1, Instructions: 74COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1A244 Relevance: 1.3, Strings: 1, Instructions: 73COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E0D33C Relevance: 1.3, Strings: 1, Instructions: 72COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E10E2C Relevance: 1.3, Strings: 1, Instructions: 64COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E098AC Relevance: 1.3, Strings: 1, Instructions: 63COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E197CC Relevance: 1.3, Strings: 1, Instructions: 63COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1BDA0 Relevance: 1.3, Strings: 1, Instructions: 60COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E196D4 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E0DBA0 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E092F0 Relevance: 1.3, Strings: 1, Instructions: 52COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1A6BC Relevance: 1.3, Strings: 1, Instructions: 52COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E0B258 Relevance: .3, Instructions: 310COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E01000 Relevance: .2, Instructions: 238COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1020C Relevance: .2, Instructions: 230COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E0BA2C Relevance: .2, Instructions: 192COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1D770 Relevance: .2, Instructions: 191COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E227EC Relevance: .2, Instructions: 184COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E03ABC Relevance: .2, Instructions: 173COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1E310 Relevance: .1, Instructions: 141COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180007110 Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E02C78 Relevance: .1, Instructions: 128COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 56% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E090F8 Relevance: .1, Instructions: 119COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E0B83C Relevance: .1, Instructions: 119COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E15CC4 Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E25450 Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1CC84 Relevance: .1, Instructions: 86COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E0FFB8 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E18E08 Relevance: .1, Instructions: 65COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E14F18 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E115C8 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800070A0 Relevance: .0, Instructions: 32COMMON
C-Code - Quality: 86% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180010190 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 249COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800106E0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 100windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180003328 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMONLIBRARYCODE
C-Code - Quality: 66% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000A3DC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
C-Code - Quality: 77% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800045BC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
C-Code - Quality: 50% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180007DB8 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000F374 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180007F30 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180003B5C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 162COMMONLIBRARYCODE
C-Code - Quality: 63% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180002A84 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
C-Code - Quality: 30% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180006108 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800077FC Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180007FF8 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180003800 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMONLIBRARYCODE
C-Code - Quality: 68% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 32% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 28% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000DC50 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
C-Code - Quality: 29% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180004A60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800109D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 17.5% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 38 |
Total number of Limit Nodes: | 4 |
Graph
Function 00BB0000 Relevance: 55.2, APIs: 5, Strings: 26, Instructions: 953memoryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |