ID: Sample Name: INDUSTRIAL.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 02:35:30 Date: 25/04/2018 Version: 22.0.
Size: px
Start display at page:

Download "ID: Sample Name: INDUSTRIAL.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 02:35:30 Date: 25/04/2018 Version: 22.0."

Transcription

1 ID: Sample Name: INDUSTRIAL.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 02:35:30 Date: 25/04/2018 Version:

2 Table of Contents Table of Contents Analysis Report Overview Information Detection Confidence Classification Signature Overview AV Detection: Exploits: Software Vulnerabilities: Networking: Boot Survival: Persistence and Installation Behavior: Data Obfuscation: Spreading: System Summary: HIPS / PFW / Operating System Protection Evasion: Anti Debugging: Malware Analysis System Evasion: Hooking and other Techniques for Hiding and Protection: Language, Device and Operating System Detection: Behavior Graph Simulations Behavior and APIs Antivirus Detection Initial Sample Dropped Files Unpacked PE Files Domains Yara Overview Initial Sample PCAP (Network Traffic) Dropped Files Memory Dumps Unpacked PEs Joe Sandbox View / Context IPs Domains ASN Dropped Files Screenshots Startup Created / dropped Files Contacted Domains/Contacted IPs Contacted Domains Contacted IPs Static File Info File Icon Network Behavior Network Port Distribution TCP Packets Copyright Joe Security LLC 2018 Page 2 of 62

3 UDP Packets DNS Queries DNS Answers HTTP Request Dependency Graph HTTP Packets Code Manipulations Statistics Behavior System Behavior Analysis Process: WINWORD.EXE PID: 3424 Parent PID: 3012 File Activities Registry Activities Analysis Process: EQNEDT32.EXE PID: 3492 Parent PID: 548 File Activities File Created File Written Registry Activities Key Created Analysis Process: 76543ew4e5t76y6r57.bat PID: 3628 Parent PID: 3492 File Activities File Created File Deleted File Moved File Written File Read Registry Activities Analysis Process: explorer.exe PID: 3704 Parent PID: 3628 Analysis Process: explorer.exe PID: 3728 Parent PID: 548 Analysis Process: tgy746t3r2434r2r2.exe PID: 3760 Parent PID: 3728 Analysis Process: explorer.exe PID: 3788 Parent PID: 2980 Analysis Process: explorer.exe PID: 3816 Parent PID: 548 Analysis Process: tgy746t3r2434r2r2.exe PID: 3844 Parent PID: 3816 Analysis Process: tgy746t3r2434r2r2.exe PID: 2428 Parent PID: 3760 Analysis Process: explorer.exe PID: 2220 Parent PID: 2980 Analysis Process: explorer.exe PID: 2080 Parent PID: 548 Analysis Process: tgy746t3r2434r2r2.exe PID: 2148 Parent PID: 2080 Analysis Process: explorer.exe PID: 2832 Parent PID: 2980 Analysis Process: explorer.exe PID: 2884 Parent PID: 548 Analysis Process: tgy746t3r2434r2r2.exe PID: 2904 Parent PID: 3844 Analysis Process: tgy746t3r2434r2r2.exe PID: 3048 Parent PID: 2884 Analysis Process: explorer.exe PID: 3948 Parent PID: 2980 Analysis Process: explorer.exe PID: 3980 Parent PID: 548 Analysis Process: tgy746t3r2434r2r2.exe PID: 4000 Parent PID: 3980 Analysis Process: tgy746t3r2434r2r2.exe PID: 4016 Parent PID: Copyright Joe Security LLC 2018 Page 3 of 62

4 Analysis Process: explorer.exe PID: 4052 Parent PID: 2980 Analysis Process: explorer.exe PID: 4084 Parent PID: 548 Analysis Process: tgy746t3r2434r2r2.exe PID: 2176 Parent PID: 4084 Analysis Process: tgy746t3r2434r2r2.exe PID: 2192 Parent PID: 3048 Analysis Process: tgy746t3r2434r2r2.exe PID: 2668 Parent PID: 4000 Analysis Process: explorer.exe PID: 2544 Parent PID: 2980 Analysis Process: explorer.exe PID: 2432 Parent PID: 548 Analysis Process: tgy746t3r2434r2r2.exe PID: 2632 Parent PID: 2432 Analysis Process: tgy746t3r2434r2r2.exe PID: 2436 Parent PID: 2176 Analysis Process: explorer.exe PID: 1108 Parent PID: 2980 Analysis Process: explorer.exe PID: 264 Parent PID: 548 Analysis Process: tgy746t3r2434r2r2.exe PID: 2580 Parent PID: 264 Analysis Process: tgy746t3r2434r2r2.exe PID: 2628 Parent PID: 2632 Analysis Process: explorer.exe PID: 2716 Parent PID: 2980 Analysis Process: explorer.exe PID: 2748 Parent PID: 2980 Analysis Process: explorer.exe PID: 2780 Parent PID: 548 Analysis Process: explorer.exe PID: 2624 Parent PID: 548 Analysis Process: tgy746t3r2434r2r2.exe PID: 1456 Parent PID: 2780 Disassembly Code Analysis Copyright Joe Security LLC 2018 Page 4 of 62

5 Analysis Report Overview Information Joe Sandbox Version: Analysis ID: Start time: 02:35:30 Joe Sandbox Product: CloudBasic Start date: Overall analysis duration: Hypervisor based Inspection enabled: Report type: Sample file name: Cookbook file name: 0h 17m 16s light INDUSTRIAL.doc defaultwindowsofficecookbook.jbs Analysis system description: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java ) Number of analysed new started processes analysed: 41 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies Analysis stop reason: Detection: Classification: HCA enabled EGA enabled HDC enabled Timeout MAL mal92.evad.expl.adwa.windoc@60/34@1/2 HCA Information: Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0 EGA Information: Successful, ratio: 33.3% HDC Information: Successful, ratio: 32.6% (good quality ratio 26.7%) Quality average: 45.2% Quality standard deviation: 25.5% Cookbook Comments: Adjust boot time Correcting counters for adjusted boot time Found application associated with file extension:.doc Found Word or Excel or PowerPoint document Simulate clicks Found warning dialog Copyright Joe Security LLC 2018 Page 5 of 62

6 Warnings: Show All Max analysis timeout: 600s exceeded, the analysis took too long Exclude process from analysis (whitelisted): dllhost.exe Execution Graph export aborted for target tgy746t3r2434r2r2.exe, PID 2428 because there are no executed function Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtQueryAttributesFile calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtSetValueKey calls found. Skipping Hybrid Code Analysis (implementation is based on Java,.Net, VB or Delphi, or parses a document) for: WINWORD.EXE, 76543ew4e5t76y6r57.bat, tgy746t3r2434r2r2.exe, tgy746t3r2434r2r2.exe, tgy746t3r2434r2r2.exe, tgy746t3r2434r2r2.exe, tgy746t3r2434r2r2.exe, tgy746t3r2434r2r2.exe, tgy746t3r2434r2r2.exe, tgy746t3r2434r2r2.exe, tgy746t3r2434r2r2.exe Detection Strategy Score Range Reporting Detection Threshold Report FP / FN Confidence Strategy Score Range Further Analysis Required? Confidence Threshold Classification Copyright Joe Security LLC 2018 Page 6 of 62

7 Ransomware Miner Spreading malicious malicious malicious Evader Phishing suspicious suspicious suspicious clean clean clean Exploiter Banker Spyware Trojan / Bot Adware Signature Overview Detection AV Exploits Vulnerabilities Software Networking Survival Boot and Installation Behavior Persistence Obfuscation Data Spreading Summary System / PFW / Operating System Protection Evasion HIPS Debugging Anti Analysis System Evasion Malware and other Techniques for Hiding and Protection Hooking Language, Device and Operating System Detection Click to jump to signature section Copyright Joe Security LLC 2018 Page 7 of 62

8 AV Detection: Multi AV Scanner detection for domain / URL Multi AV Scanner detection for submitted file Exploits: Office equation editor starts processes (likely CVE or CVE ) Office Equation Editor has been started Software Vulnerabilities: Potential document exploit detected (performs DNS queries) Potential document exploit detected (performs HTTP gets) Potential document exploit detected (unknown TCP traffic) Networking: Contains functionality to download and execute PE files Downloads executable code via HTTP Uses a known web browser user agent for HTTP communication Contains functionality to download additional files from the internet Downloads files Downloads files from webservers via HTTP Performs DNS lookups Urls found in memory or binary data Boot Survival: Drops PE files to the startup folder Creates a start menu entry (Start Menu\Programs\Startup) Stores files to the Windows start menu directory Persistence and Installation Behavior: Drops files with a non-matching file extension (content does not match file extension) Drops PE files Data Obfuscation: Uses code obfuscation techniques (call, push, ret) Binary may include packed or encrypted code Spreading: Enumerates the file system System Summary: Creates files inside the system directory Deletes Windows files Detected potential crypto function PE file contains strange resources Reads the hosts file.net source code contains calls to encryption/decryption functions Copyright Joe Security LLC 2018 Page 8 of 62

9 .NET source code contains long base64-encoded strings Classification label Creates files inside the user directory Creates temporary files Launches a second explorer.exe instance Parts of this applications are using the.net runtime (Probably coded in C#) Reads ini files Reads software policies Sample is known by Antivirus (Virustotal or Metascan) Spawns processes Uses an in-process (OLE) Automation server Checks whether correct version of.net is installed Found graphical window changes (likely an installer) Uses Microsoft Silverlight Checks if Microsoft Office is installed Uses new MSVCR Dlls Binary contains paths to debug symbols HIPS / PFW / Operating System Protection Evasion: Allocates memory in foreign processes Injects a PE file into a foreign processes Injects code into the Windows Explorer (explorer.exe) Modifies the context of a thread in another process (thread injection) Writes to foreign memory regions May try to detect the Windows Explorer process (often used for injection) Anti Debugging: Checks for debuggers (devices) Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation)) Contains functionality to read the PEB Enables debug privileges Creates guard pages, often used to prevent reverse engineering and debugging Malware Analysis System Evasion: Found Joe Sandbox artifacts in binaries / network (likely an evasion) Contains long sleeps (>= 3 min) Enumerates the file system May sleep (evasive loops) to hinder dynamic analysis Hooking and other Techniques for Hiding and Protection: Disables application error messsages (SetErrorMode) Language, Device and Operating System Detection: Queries the volume information (name, serial number etc) of a device Queries the cryptographic machine GUID Behavior Graph Copyright Joe Security LLC 2018 Page 9 of 62

10 Behavior Graph Hide Legend Legend: Process Signature Created File DNS/IP Info ID: Is Dropped Sample: INDUSTRIAL.doc Startdate: 25/04/2018 Is Windows Process Architecture: WINDOWS Score: 92 Number of created Registry Values Multi AV Scanner detection for domain / URL Multi AV Scanner detection for submitted file Found Joe Sandbox artifacts in binaries / network (likely an evasion) Drops files with a non-matching file extension (content does not match file extension) started started started Number of created Files Visual Basic EQNEDT32.EXE explorer.exe explorer.exe other processes Delphi Java , 53, GOOGLE-GoogleIncUS United States i876edw4e5f6tg78hy9tg7r6ftgiy8.erlivia.ltd , 49164, 80 AVOLO-ASRO Romania dropped dropped.net C# or VB.NET C:\Users\user\AppData\Local\...\adobe[1].123, PE32 C:\Users\user\...\76543ew4e5t76y6r57.bat, PE32 started started started started started started C, C++ or other language Is malicious Office equation editor starts processes (likely CVE or CVE ) 76543ew4e5t76y6r57.bat tgy746t3r2434r2r2.exe tgy746t3r2434r2r2.exe tgy746t3r2434r2r2.exe tgy746t3r2434r2r2.exe tgy746t3r2434r2r2.exe 4 other processes 1 14 dropped C:\Users\user\...\tgy746t3r2434r2r2.exe, PE32 started started started started started started started started Injects code into the Windows Explorer (explorer.exe) Drops PE files to the startup folder Writes to foreign memory regions Allocates memory in foreign processes Modifies the context of a thread in another process (thread injection) Injects a PE file into a foreign processes explorer.exe tgy746t3r2434r2r2.exe tgy746t3r2434r2r2.exe tgy746t3r2434r2r2.exe tgy746t3r2434r2r2.exe tgy746t3r2434r2r2.exe tgy746t3r2434r2r2.exe tgy746t3r2434r2r2.exe Simulations Behavior and APIs Time Type Description 02:35:45 API Interceptor 1092x Sleep call for process: WINWORD.EXE modified 02:35:47 API Interceptor 71x Sleep call for process: EQNEDT32.EXE modified 02:35:56 API Interceptor 2x Sleep call for process: 76543ew4e5t76y6r57.bat modified 02:36:02 API Interceptor 71x Sleep call for process: explorer.exe modified 02:36:03 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.exe 02:36:05 API Interceptor 18x Sleep call for process: tgy746t3r2434r2r2.exe modified 02:36:29 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.EUhqtbvfumrOXRc0.lnk 02:36:34 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.gBEFm7QcEjfbFPDG.lnk 02:37:05 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.1lM7Cci0ytMjsCeO.lnk 02:37:10 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.ZevQYA2ixVOcezjZ.lnk 02:37:26 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.37sQ4wtFrZIH1ipo.lnk 02:37:31 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.fFQDt5yxjFDs15Sb.lnk 02:37:52 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.EIZ5czwQx2GQuOoU.lnk 02:37:52 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.fdbViEfoRRTd5C3o.lnk 02:37:57 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.nludqocYXqKoIfuE.lnk 02:38:02 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.PIPVak0VgYJoRyIt.lnk Copyright Joe Security LLC 2018 Page 10 of 62

11 Time Type Description 02:38:07 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.saodFdSd2BSdGbpm.lnk 02:38:13 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.KKE286T9lbRDcApR.lnk 02:38:18 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.AtaCanzi3gJx4tde.lnk 02:38:18 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.t05fnenHTZ9eiMo1.lnk 02:38:23 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.dj6evzqs8qlZORHG.lnk 02:38:23 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.et1MYMgQs6a54kRl.lnk 02:38:28 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.aOuem0F26IlHJwm7.lnk 02:38:28 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.PTo0dyxkCatVGsJc.lnk 02:38:34 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.quY3BQQvrRrQPagu.lnk 02:38:34 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.YSBieQEKoAyrScJE.lnk 02:38:39 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.iwMSzh0MaPTeBHgS.lnk 02:38:39 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.nKlmLYxiLAmMAV1p.lnk 02:38:44 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.BJu8I91UDAsqT8Tp.lnk 02:38:44 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.Ewu8ehCi6opFkMZT.lnk 02:38:49 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.OA9EgsO5V3C8YEq8.lnk 02:38:50 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.tEbCxY7ET1lCjCk2.lnk 02:38:55 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.G0z1VaPhiRnXS83e.lnk 02:38:55 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.UjHned5yu1DyDP0e.lnk 02:39:00 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.9SvzalDLZcshJxqK.lnk 02:39:00 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.TVUJFMveP5C2NKQT.lnk 02:39:05 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.BJI3npajf0MX6hBJ.lnk 02:39:05 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.HVZWlLaqGzq51Lf0.lnk 02:39:11 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.7nrrMeIv01PbTIBt.lnk 02:39:11 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.KxMnW4Inz0A6j7T2.lnk 02:39:16 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.2kkMb846ssAP5e4q.lnk 02:39:16 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.bVPrTwHehZFTkw6k.lnk 02:39:21 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.7yQPYZk6kl2oUBPO.lnk 02:39:22 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.Z0gxf0zDgmtWgLfK.lnk 02:39:27 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.ibMy4u5ipmROgzax.lnk 02:39:27 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.tcMTLUES52yh4DPj.lnk 02:39:32 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.DWkAE6f6QuLAfcC9.lnk 02:39:33 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.GR6o8ry7HZakorYr.lnk 02:39:38 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.xbOj6LYx7lthbxhc.lnk 02:39:38 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.zF2hBXxEdhs5CNuf.lnk 02:39:43 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.cmMXV6DDpexQItDy.lnk 02:39:43 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.j4JrLAjL2hwQrRYX.lnk 02:39:49 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.8oSQKxA1ObvcQbXw.lnk Copyright Joe Security LLC 2018 Page 11 of 62

12 Time Type Description 02:39:49 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.vXVyK2zNIfh3dbE1.lnk 02:39:54 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.IzINBsElYhq9flPP.lnk 02:39:54 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.Qz1lQTtUSBSE2vHK.lnk 02:39:59 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.C2cKtCKOrLVdZSk0.lnk 02:40:00 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.xhv1fvYYfgydGihN.lnk 02:40:05 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.iZep5OdbGaNiS8qZ.lnk 02:40:05 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.s040DfbkVt9UBAq7.lnk 02:40:10 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.emTavxqPuVs40XTi.lnk 02:40:10 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.hLXqcupVgTlxCO00.lnk 02:40:15 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.UAxrCRU5uQTwBSw5.lnk 02:40:15 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.VGYHJYmfxvDIx1GY.lnk 02:40:20 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.m1qjqejq4ZFWahzd.lnk 02:40:21 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.mrMZgLXahy9U2UAQ.lnk 02:40:26 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.huxOrkWos54zrnpQ.lnk 02:40:26 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.riMRuufKGEu4bNqX.lnk 02:40:31 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.HXZOX1xo0VlGOuBB.lnk 02:40:31 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.iptE18tppMZWQrkd.lnk 02:40:36 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.E6TbwVaFe8UMjnx6.lnk 02:40:37 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.OpfV9LANVkjfZyQL.lnk 02:40:42 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.9pR3DkTM8ayMOOpu.lnk 02:40:42 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.kLPk9u6ksUa0y8nQ.lnk 02:40:47 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.8sfKUbpdcik5HaPQ.lnk 02:40:47 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.d4ijrKBO52y8mUUV.lnk 02:40:52 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.jqoI7AKenMbeAUfs.lnk 02:40:52 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.m5ET5FOnhYFBRziA.lnk 02:40:57 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.8Wmaqv7I7c0wRadR.lnk 02:40:57 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.ZaxSOijnReSm2b66.lnk 02:41:03 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.cnnL6Ea6Yn8sgdt8.lnk 02:41:03 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.dVdhHspcDGG3O7FW.lnk 02:41:08 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.apUwQe3476b7nWnt.lnk 02:41:08 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.xM5xilbjUFgUcKtw.lnk 02:41:13 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.LFROc9uvvs1Hi2oG.lnk 02:41:13 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.U5jr9l2ElGrefEtb.lnk 02:41:19 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.fJUXiPNQTmUCD867.lnk 02:41:19 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.RD5OqSyaBBw2oMC6.lnk 02:41:24 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.8Th9mK9CMqBUPqJM.lnk 02:41:24 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.bSUDKK2VpAyWReDM.lnk Copyright Joe Security LLC 2018 Page 12 of 62

13 Time Type Description 02:41:29 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.Gtly1cb6bNJbS253.lnk 02:41:29 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.voYe5AJc0rYlwRG3.lnk 02:41:35 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.caBlIQfIdvmxkgxh.lnk 02:41:35 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.fdJEsmjxjz0IkZFC.lnk 02:41:40 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.hhM5U68JFcevNioW.lnk 02:41:40 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.p4BeqAClcSLWb5eJ.lnk 02:41:45 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.826eUsLNZ6myMlEg.lnk 02:41:46 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.YA63KEtlJRy4Tf4g.lnk 02:41:51 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.cRl5JKbIPb0xSz1n.lnk 02:41:51 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.UgBKmkbDR8jg01qJ.lnk 02:41:56 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.Ptv8Frectek9yAPW.lnk 02:41:56 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.RdPyXIFM2F4xm9aB.lnk 02:42:02 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.2gOjJpqR8gZ40Yuv.lnk 02:42:02 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.ySFvOabnlIaj600D.lnk 02:42:07 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.1S7ejUXIIZnMlowD.lnk 02:42:07 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.GZoYP6jhT87R8dWh.lnk 02:42:13 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.Nra1ZvklsUczyz2W.lnk 02:42:13 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.v4uvU1VvSLq2loJR.lnk 02:42:18 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.c5UA1hnfRaY0o2JI.lnk 02:42:18 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.Sw5PNM5jsOu9sihv.lnk 02:42:23 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.6f7KefEl44HUMOuh.lnk 02:42:24 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.SeUOy9pYXybmrRha.lnk 02:42:29 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.j9nnQYcAecWarr0D.lnk 02:42:29 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.m93EvNCbZ0ZqVQ0d.lnk 02:42:34 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.dtoQcvKmJ7HIvVY5.lnk 02:42:34 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.fyqhzEi5wyiakwA2.lnk 02:42:40 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.Gbw8yqpt2ilhaiu4.lnk 02:42:40 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.l3MQiQZ6qc9bxdd4.lnk 02:42:45 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.KRtKBF4Hoq8wO0Rg.lnk 02:42:45 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.Nn6meBHFj2SkFeyT.lnk 02:42:50 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.ENFUGj3vM3UvUFWP.lnk 02:42:51 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.Wpue0p7jSmgMdyMZ.lnk 02:42:56 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.wLiL6UptnzJCnOir.lnk 02:42:56 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.xzWZra8YoTBrGR8P.lnk 02:43:01 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.eI8hCABImrVQcFKM.lnk 02:43:01 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.gpfzbkwazO0r5MSe.lnk 02:43:07 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.6raEgj3nNZbwvh1h.lnk Copyright Joe Security LLC 2018 Page 13 of 62

14 Time Type Description 02:43:07 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.RnnjgUyxZHu7NNUw.lnk 02:43:12 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.jMXKXyV1VETThitz.lnk 02:43:12 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.pOWLw4428ZHN73Nh.lnk 02:43:18 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.laydd6hQUghlWdpS.lnk 02:43:18 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.yW02jhoXgdCWFcjZ.lnk 02:43:23 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.m0KFq8gaeHTCq4ph.lnk 02:43:23 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.nQ4OIK6HalTWneKe.lnk 02:43:28 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.7xLng522duSFw6eJ.lnk 02:43:28 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.HmKdWAj8wk8YF1Nf.lnk 02:43:33 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.KPOOYacboTH5qXzC.lnk 02:43:33 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.WQLiMmzeXqnNc7Jr.lnk 02:43:39 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.F0HZn1mOf0yQJITd.lnk 02:43:39 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.uyZxL93UOneLHqNw.lnk 02:43:44 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.7pd7kFzotsdQMTgf.lnk 02:43:44 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.WjCnHmbLzpCfITiN.lnk 02:43:50 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.bjgkuNRzxh7ApuwF.lnk 02:43:50 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.Rtip7FoTZGUIl0uk.lnk 02:43:55 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.fRFYfCvlhlfROzV1.lnk 02:43:55 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.SdDBC1Qkunm6gQGM.lnk 02:44:01 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.3iKANgUTr9oaa1ew.lnk 02:44:01 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.ZnevivdooOC43r9g.lnk 02:44:06 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.PRSJt7RccYa1zZlc.lnk 02:44:06 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.QpRdOcfdZWSGtC8e.lnk 02:44:11 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.6rhuO6xhJgBLbdY5.lnk 02:44:11 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.ydGXagB2t3NXpsua.lnk 02:44:17 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.Kp2P9xrNye5TPfCl.lnk 02:44:17 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.xD1QEUWf3FBOvype.lnk 02:44:22 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.KP5Swnm6i4GAHNcV.lnk 02:44:22 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.Md7sh6W2yWdeXcyD.lnk 02:44:27 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.nDcrlkbh6tO3X204.lnk 02:44:28 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.zhI7zV2y2ZFu2Ddu.lnk 02:44:33 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.0ahRbgD8kB4hJ0Ck.lnk 02:44:33 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.0kE8cRjl6RSRdatd.lnk 02:44:38 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.bdGLHVGeWADdeBEp.lnk 02:44:39 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.ZHT6ChnMsrrgSjoG.lnk 02:44:44 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.dZtzXDziXfEAzmpt.lnk 02:44:44 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.reLJsyHlHMJekdSJ.lnk Copyright Joe Security LLC 2018 Page 14 of 62

15 Time Type Description 02:44:49 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.2XRmZnAxohR1szoz.lnk 02:44:50 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.soNeOdcBxBfrQzcx.lnk 02:44:55 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.bRTmeEN0YUV8efwS.lnk 02:44:55 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.jTtA0pzjliFqTYDp.lnk 02:45:00 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.SuAKvh1FMzfYzzYv.lnk 02:45:00 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.VY9ahbEHLx5ETX0Q.lnk 02:45:06 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.3u5MmlPfCKO8Ei0C.lnk 02:45:06 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.8hH190aj0Trnoj1w.lnk 02:45:11 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.t6b7fGLFpmfJvhvX.lnk 02:45:11 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.ZICmS0AjCLytvMf5.lnk 02:45:16 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.5W32Kp7q1w3doV3Q.lnk 02:45:17 Autostart Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.o7hXvq3oAXobFYhR.lnk Antivirus Detection Initial Sample Source Detection Scanner Label Link INDUSTRIAL.doc 15% virustotal Browse Dropped Files No Antivirus matches Unpacked PE Files No Antivirus matches Domains Source Detection Scanner Label Link i876edw4e5f6tg78hy9tg7r6ftgiy8.erlivia.ltd 15% virustotal Browse Yara Overview Initial Sample No yara matches PCAP (Network Traffic) No yara matches Dropped Files No yara matches Memory Dumps No yara matches Copyright Joe Security LLC 2018 Page 15 of 62

16 Unpacked PEs No yara matches Joe Sandbox View / Context IPs No context Domains No context ASN Match AVOLO-ASRO Associated Sample Name / URL SHA 256 Detection Link Context _00068.e xe 79Swift Copy.exe 1Bank Slip.exe 52RFQ.exe 3po-new order_pdf.exe _pdf.exe 49Statement Of Account 26th,2018.exe T4oS1RzDp.exe 60Swift Copy.exe 8Fk3HB06P.exe 61COMPRA FYTEXIA CO.LTD.exe 53Swift Copy.exe 39Order.PF I_DOHA# exe 3Scan0001.exe 7Purchase Doc.exe 14Shipping Docs.exe 17DHL E-team.exe d02c552280e56d2a635 malicious Browse d cbfa20e0678c4e cc83407fb5 9e5cf5cdbe097d401613de96d1a malicious Browse f358887e f0b b627 4a9f7fc d4dd6d43a2143 malicious Browse a74d5c68f5a89ea0adedb0b bba 0b0a5446dc69873d3f0f99ca5ca9 malicious Browse b5158e43ed4cc8a61a0161e1ab a7969aa82 2aaac2a0545b5bb3dd66be8c4ad malicious Browse be675c53e5d218e55e4d9cece 87ee d68239ce02efc3ff9ed19e0f1f6 malicious Browse dd57295ae07e45e80d98f29c85 2d9e20c7 f4ea179c229e93df381e174decd9 malicious Browse ad94e7af6613d27cf6c5833df 35fd1714 ff6e473ec495ea68405f65deb263 malicious Browse efab52aec834118bbdc3fb8ba07f c c6ea649cc9e244a3ae34280db0a f1f fa4baa8cfa2c55a8faf 80f8167c malicious Browse ca87e7dddad89c5f0e6b31 malicious Browse b5fd748c835c417f26b51d998df4 55f586dbf 4732d d3d6c9d7a88a2 malicious Browse ea769b72879e7c f fdae716 6c333957e068f5b0315ca8b83ab malicious Browse e2499ec2e3e7e274b f 54e0492b94 311dcd8b47f f6b644d1 malicious Browse c088e8d6a9a744182dbbea a95b3b06 b88b5c74a ed9605bf malicious Browse c421fb c28894e5c6 4bf384d784 49f01dd3e8812d4047ffe55a7152 malicious Browse cba5cb62bf f8db793 8fda1560 e7c4b7e59bb6ae06b1ae3f34437 malicious Browse ee29a4e7d1f4beaff91857f635 7aebdc09 25d7efbdf808b4e8a547b21e86fff malicious Browse e3afd53fad57aacf12e2cef17c8 7ee356 Copyright Joe Security LLC 2018 Page 16 of 62

17 Match Associated Sample Name / URL SHA 256 Detection Link Context 55RFQ No.C F pdf.exe 7Purchase Order exe 11Shipment E-notific ation.exe c3c12d5697eea5f1be03b malicious Browse a31b4f939fb45e926ac0d1c9faebf 7692aa95 d8abc0e840e2e4e3bd4b3f1ba44 malicious Browse b427590f9687ab6a4de3c5aca ed5a8 346f98dcf733356e3656d97feda0 malicious Browse be3ef923025ec3f2a42046a56bb 6eff43f2 Dropped Files No context Screenshots Startup Copyright Joe Security LLC 2018 Page 17 of 62

18 System is w7 WINWORD.EXE (PID: 3424 cmdline: 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /n 'C:\Users\user\Desktop\ INDUSTRIAL.doc MD5: 5D798FF0BE2A8970D ACFD9D) EQNEDT32.EXE (PID: 3492 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8) 76543ew4e5t76y6r57.bat (PID: 3628 cmdline: C:\Users\user\AppData\Local\76543ew4e5t76y6r57.bat MD5: 16BA5D401FAA3B90594F9F FC) explorer.exe (PID: 3704 cmdline: 'C:\Windows\explorer.exe' /c select, C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.exe MD5: 6DDCA324434FFA506CF7DC4E51DB7935) explorer.exe (PID: 3728 cmdline: C:\Windows\explorer.exe /factory,{75dff2b c06-a8bb-676a7b00b24b} -Embedding MD5: 6DDCA324434FFA506CF7DC4E51DB7935) tgy746t3r2434r2r2.exe (PID: 3760 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.exe' MD5: 16BA5D401FAA3B90594F9F FC) tgy746t3r2434r2r2.exe (PID: 2428 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.exe MD5: 16BA5D401FAA3B90594F9F FC) explorer.exe (PID: 3788 cmdline: explorer.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.exe MD5: 6DDCA324434FFA506CF7DC4E51DB7935) explorer.exe (PID: 3816 cmdline: C:\Windows\explorer.exe /factory,{75dff2b c06-a8bb-676a7b00b24b} -Embedding MD5: 6DDCA324434FFA506CF7DC4E51DB7935) tgy746t3r2434r2r2.exe (PID: 3844 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.exe' MD5: 16BA5D401FAA3B90594F9F FC) tgy746t3r2434r2r2.exe (PID: 2904 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.exe MD5: 16BA5D401FAA3B90594F9F FC) explorer.exe (PID: 2220 cmdline: explorer.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.EUhqtbvfumrOXRc0.lnk MD5: 6DDCA324434FFA506CF7DC4E51DB7935) explorer.exe (PID: 2080 cmdline: C:\Windows\explorer.exe /factory,{75dff2b c06-a8bb-676a7b00b24b} -Embedding MD5: 6DDCA324434FFA506CF7DC4E51DB7935) tgy746t3r2434r2r2.exe (PID: 2148 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.exe' MD5: 16BA5D401FAA3B90594F9F FC) tgy746t3r2434r2r2.exe (PID: 4016 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.exe MD5: 16BA5D401FAA3B90594F9F FC) explorer.exe (PID: 2832 cmdline: explorer.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.gBEFm7QcEjfbFPDG.lnk MD5: 6DDCA324434FFA506CF7DC4E51DB7935) explorer.exe (PID: 2884 cmdline: C:\Windows\explorer.exe /factory,{75dff2b c06-a8bb-676a7b00b24b} -Embedding MD5: 6DDCA324434FFA506CF7DC4E51DB7935) tgy746t3r2434r2r2.exe (PID: 3048 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.exe' MD5: 16BA5D401FAA3B90594F9F FC) tgy746t3r2434r2r2.exe (PID: 2192 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.exe MD5: 16BA5D401FAA3B90594F9F FC) explorer.exe (PID: 3948 cmdline: explorer.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.1lM7Cci0ytMjsCeO.lnk MD5: 6DDCA324434FFA506CF7DC4E51DB7935) explorer.exe (PID: 3980 cmdline: C:\Windows\explorer.exe /factory,{75dff2b c06-a8bb-676a7b00b24b} -Embedding MD5: 6DDCA324434FFA506CF7DC4E51DB7935) tgy746t3r2434r2r2.exe (PID: 4000 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.exe' MD5: 16BA5D401FAA3B90594F9F FC) tgy746t3r2434r2r2.exe (PID: 2668 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.exe MD5: 16BA5D401FAA3B90594F9F FC) explorer.exe (PID: 4052 cmdline: explorer.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.ZevQYA2ixVOcezjZ.lnk MD5: 6DDCA324434FFA506CF7DC4E51DB7935) explorer.exe (PID: 4084 cmdline: C:\Windows\explorer.exe /factory,{75dff2b c06-a8bb-676a7b00b24b} -Embedding MD5: 6DDCA324434FFA506CF7DC4E51DB7935) tgy746t3r2434r2r2.exe (PID: 2176 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.exe' MD5: 16BA5D401FAA3B90594F9F FC) tgy746t3r2434r2r2.exe (PID: 2436 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.exe MD5: 16BA5D401FAA3B90594F9F FC) explorer.exe (PID: 2544 cmdline: explorer.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.37sQ4wtFrZIH1ipo.lnk MD5: 6DDCA324434FFA506CF7DC4E51DB7935) explorer.exe (PID: 2432 cmdline: C:\Windows\explorer.exe /factory,{75dff2b c06-a8bb-676a7b00b24b} -Embedding MD5: 6DDCA324434FFA506CF7DC4E51DB7935) tgy746t3r2434r2r2.exe (PID: 2632 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.exe' MD5: 16BA5D401FAA3B90594F9F FC) tgy746t3r2434r2r2.exe (PID: 2628 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.exe MD5: 16BA5D401FAA3B90594F9F FC) explorer.exe (PID: 1108 cmdline: explorer.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.fFQDt5yxjFDs15Sb.lnk MD5: 6DDCA324434FFA506CF7DC4E51DB7935) explorer.exe (PID: 264 cmdline: C:\Windows\explorer.exe /factory,{75dff2b c06-a8bb-676a7b00b24b} -Embedding MD5: 6DDCA324434FFA506CF7DC4E51DB7935) tgy746t3r2434r2r2.exe (PID: 2580 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.exe' MD5: 16BA5D401FAA3B90594F9F FC) explorer.exe (PID: 2716 cmdline: explorer.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.EIZ5czwQx2GQuOoU.lnk MD5: 6DDCA324434FFA506CF7DC4E51DB7935) explorer.exe (PID: 2748 cmdline: explorer.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.fdbViEfoRRTd5C3o.lnk MD5: 6DDCA324434FFA506CF7DC4E51DB7935) explorer.exe (PID: 2780 cmdline: C:\Windows\explorer.exe /factory,{75dff2b c06-a8bb-676a7b00b24b} -Embedding MD5: 6DDCA324434FFA506CF7DC4E51DB7935) cleanup tgy746t3r2434r2r2.exe (PID: 1456 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.exe' MD5: 16BA5D401FAA3B90594F9F FC) explorer.exe (PID: 2624 cmdline: C:\Windows\explorer.exe /factory,{75dff2b c06-a8bb-676a7b00b24b} -Embedding MD5: 6DDCA324434FFA506CF7DC4E51DB7935) Created / dropped Files C:\Users\user\AppData\Local\76543ew4e5t76y6r57.bat Process: C:\Program Files\Common Files\microsoft shared\equation\eqnedt32.exe File Type: PE32 executable (GUI) Intel Mono/.Net assembly, for MS Windows Size (bytes): Entropy (8bit): Encrypted: Copyright Joe Security LLC 2018 Page 18 of 62

19 C:\Users\user\AppData\Local\76543ew4e5t76y6r57.bat MD5: SHA1: SHA-256: SHA-512: Malicious: 16BA5D401FAA3B90594F9F FC 86D567C2270B1DFBE46BCABEDD13869CBAFF7441 C4DF6AA9F90F508FE E3FDCE505F6CD6AABB7EF9FB37168A1FA16E1D6 067FE81F9162B2318B2A7C3C6556DF49C94F604CDE46E367B87A5ADF000E24E62C4F9D53B45E985C669B03B933C D9B C73D7C09E307CA6D1BD0 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TZNT9WD\adobe[1].123 Process: File Type: Size (bytes): Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: C:\Program Files\Common Files\microsoft shared\equation\eqnedt32.exe PE32 executable (GUI) Intel Mono/.Net assembly, for MS Windows 16BA5D401FAA3B90594F9F FC 86D567C2270B1DFBE46BCABEDD13869CBAFF7441 C4DF6AA9F90F508FE E3FDCE505F6CD6AABB7EF9FB37168A1FA16E1D6 067FE81F9162B2318B2A7C3C6556DF49C94F604CDE46E367B87A5ADF000E24E62C4F9D53B45E985C669B03B933C D9B C73D7C09E307CA6D1BD0 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5CC40EC3-C28E-404B-BD1A-E A}.tmp Process: File Type: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE data Size (bytes): Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: EE45D12AA75460E37C8B67172B6B11A9 36AD37FA4A3DE37DAACD23FAC1A260D9CFAE8C9C 45A3F7FFB C76BB40A C39D2C992CCDBAD24D005F973C55BF38D E03636B1F3BD6CDC9FEA4E83C0302B7A E9B2B5676C00EAC7BC27535B2A50C8E69A37770F FE130F8B8E0A6021C09F733B0FF4149A2 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6C34163B D-89C9-3893C87B25EE}.tmp Process: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE File Type: FoxPro FPT, blocks size 0, next free block index , 1st used item "\375" Size (bytes): 1024 Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: 5D4D94EE7E06BBB0AF B23A DBB111419C704F116EFA8E72471DD83E86E C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D D997CC5FD1 95F83AE84CAFCCED5EAF C34D5F9710E5CA2D F2FBECCB25F9CF50BBFC272BD75E1A66A 18B7783F09E1C1454AFDA519624BC2BB2F28BA4 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{ FC13-44AF-87E5-6BF9ACD816E3}.tmp Process: File Type: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE data Size (bytes): 1536 Entropy (8bit): Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: 08FD4F20F9F7710E91B2F A126 4ECF C2582C1FC3D57EF776FD57E140B3E 0300AED099751FD973FB048F63C72D5113EF7DAF3131CCD DA635656E1 BC74F B8F8E57085F378B266F BB77E65B E9F51F0FBF5B8E20BDD844D A717 3A77CB20F0C3C83EB978CDF60DD2D C:\Users\user\AppData\Roaming\Microsoft\CLR Security Config\v \security.config.cch.new Process: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgy746t3r2434r2r2.exe File Type: data Size (bytes): 906 Entropy (8bit): Encrypted: MD5: 04B4B08934BCBCFEB95EF4C045CB9A4F Copyright Joe Security LLC 2018 Page 19 of 62

Similar documents

ID: Sample Name: FsQHOWXph8.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 20:31:13 Date: 16/03/2018 Version:

ID: Sample Name: FsQHOWXph8.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 20:31:13 Date: 16/03/2018 Version: ID: 50648 Sample Name: FsQHOWXph8.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 20:31: Date: 16/03/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection Confidence

More information

ID: Sample Name: MobaXterm_installer.dat Cookbook: default.jbs Time: 18:29:43 Date: 25/05/2018 Version:

ID: Sample Name: MobaXterm_installer.dat Cookbook: default.jbs Time: 18:29:43 Date: 25/05/2018 Version: ID: 1259 Sample Name: MobaXterm_installer.dat Cookbook: default.jbs Time: 1:29:43 Date: 25/05/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection

More information

ID: Cookbook: urldownload.jbs Time: 11:39:45 Date: 07/04/2018 Version:

ID: Cookbook: urldownload.jbs Time: 11:39:45 Date: 07/04/2018 Version: ID: 53619 Cookbook: urldownload.jbs Time: 11:39:45 Date: 07/04/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Sample Name: js.jar Cookbook: defaultwindowsfilecookbook.jbs Time: 10:01:15 Date: 26/09/2018 Version:

ID: Sample Name: js.jar Cookbook: defaultwindowsfilecookbook.jbs Time: 10:01:15 Date: 26/09/2018 Version: ID: 80115 Sample Name: js.jar Cookbook: defaultwindowsfilecookbook.jbs Time: 10:01:15 Date: 26/09/2018 Version: 23.0.0 Table of Contents Table of Contents Analysis Report js.jar Overview General Information

More information

ID: Sample Name: fly.jse Cookbook: default.jbs Time: 18:17:26 Date: 11/11/2017 Version:

ID: Sample Name: fly.jse Cookbook: default.jbs Time: 18:17:26 Date: 11/11/2017 Version: ID: 371 Sample Name: fly.jse Cookbook: default.jbs Time: 1:17:2 Date: 11/11/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection Confidence Classification

More information

ID: Cookbook: browseurl.jbs Time: 20:07:02 Date: 11/07/2018 Version:

ID: Cookbook: browseurl.jbs Time: 20:07:02 Date: 11/07/2018 Version: ID: 67658 Cookbook: browseurl.jbs Time: 20:07:02 Date: 11/07/2018 Version: 23.0.0 Table of Contents Analysis Report Overview Information Detection Confidence Classification Analysis Advice Signature Overview

More information

ID: Sample Name: FD-1 Phase Out Notice.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 14:36:29 Date: 04/05/2018 Version: 22.0.

ID: Sample Name: FD-1 Phase Out Notice.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 14:36:29 Date: 04/05/2018 Version: 22.0. ID: 5762 Sample Name: FD-1 Phase Out Notice.doc Cookbook: defaultwindowsofficecookbook.jbs Time: :36:2 Date: 04/05/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection

More information

ID: Sample Name: image002 Cookbook: default.jbs Time: 18:19:28 Date: 18/05/2018 Version:

ID: Sample Name: image002 Cookbook: default.jbs Time: 18:19:28 Date: 18/05/2018 Version: ID: 0309 Sample Name: image002 Cookbook: default.jbs Time: 1:19:2 Date: 1/05/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification

More information

ID: Sample Name: 21PO jpg...js Cookbook: default.jbs Time: 14:32:06 Date: 21/11/2017 Version:

ID: Sample Name: 21PO jpg...js Cookbook: default.jbs Time: 14:32:06 Date: 21/11/2017 Version: ID: 371 Sample Name: 21PO201745.jpg...js Cookbook: default.jbs Time: 14:32:0 Date: 21/11/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection Confidence

More information

ID: Sample Name: test.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 18:57:54 Date: 12/04/2018 Version:

ID: Sample Name: test.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 18:57:54 Date: 12/04/2018 Version: ID: 54427 Sample Name: test.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 18:57:54 Date: /04/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection Confidence Classification

More information

ID: Cookbook: browseurl.jbs Time: 12:58:02 Date: 02/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 12:58:02 Date: 02/04/2018 Version: ID: 5253 Cookbook: browseurl.jbs Time: 12:5:02 Date: 02/04/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Sample Name: MSM- 24_Supply_List RU_518.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 17:15:48 Date: 19/06/2018 Version: 22.0.

ID: Sample Name: MSM- 24_Supply_List RU_518.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 17:15:48 Date: 19/06/2018 Version: 22.0. ID: 64635 Sample Name: MSM- 24_Supply_List RU_518.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 17::48 Date: 1/06/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection

More information

ID: Sample Name: Dxd1yOZMU1.bin Cookbook: defaultwindowsofficecookbook.jbs Time: 09:43:59 Date: 21/10/2017 Version:

ID: Sample Name: Dxd1yOZMU1.bin Cookbook: defaultwindowsofficecookbook.jbs Time: 09:43:59 Date: 21/10/2017 Version: ID: 34788 Sample Name: Dxd1yOZMU1.bin Cookbook: defaultwindowsofficecookbook.jbs Time: 0:43:5 Date: 21/10/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information

More information

ID: Sample Name: maintools.js Cookbook: default.jbs Time: 15:43:35 Date: 17/02/2018 Version:

ID: Sample Name: maintools.js Cookbook: default.jbs Time: 15:43:35 Date: 17/02/2018 Version: ID: 48 Sample Name: maintools.js Cookbook: default.jbs Time: 1:43:3 Date: 1/02/2018 Version: 21.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Cookbook: browseurl.jbs Time: 16:58:45 Date: 04/06/2018 Version:

ID: Cookbook: browseurl.jbs Time: 16:58:45 Date: 04/06/2018 Version: ID: 62529 Cookbook: browseurl.jbs Time: 16:58:45 Date: 04/06/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Cookbook: browseurl.jbs Time: 13:10:41 Date: 01/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 13:10:41 Date: 01/04/2018 Version: ID: 52775 Cookbook: browseurl.jbs Time: 13:10:41 Date: 01/04/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: urldownload.jbs Time: 16:41:45 Date: 23/06/2018 Version:

ID: Cookbook: urldownload.jbs Time: 16:41:45 Date: 23/06/2018 Version: ID: 52 Cookbook: urldownload.jbs Time: 1:41:45 Date: 23/0/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature

More information

ID: Sample Name: tesseract-ocrsetup exe. Cookbook: default.jbs Time: 16:44:15 Date: 12/02/2018 Version:

ID: Sample Name: tesseract-ocrsetup exe. Cookbook: default.jbs Time: 16:44:15 Date: 12/02/2018 Version: ID: 46161 Sample Name: tesseract-ocrsetup-3.05.01.exe Cookbook: default.jbs Time: 16:44:15 Date: 12/02/2018 Version: 20.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: quzpecasrh Cookbook: default.jbs Time: 16:55:54 Date: 07/10/2017 Version:

ID: Sample Name: quzpecasrh Cookbook: default.jbs Time: 16:55:54 Date: 07/10/2017 Version: ID: 3393 Sample Name: quzpecasrh Cookbook: default.jbs Time: 1:55:54 Date: 0//201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification

More information

ID: Sample Name: Liste_az.docx Cookbook: defaultwindowsofficecookbook.jbs Time: 00:17:54 Date: 30/12/2017 Version:

ID: Sample Name: Liste_az.docx Cookbook: defaultwindowsofficecookbook.jbs Time: 00:17:54 Date: 30/12/2017 Version: ID: 41280 Sample Name: Liste_az.docx Cookbook: defaultwindowsofficecookbook.jbs Time: 00:17:54 Date: 30/12/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information

More information

ID: Sample Name: test.txt Cookbook: default.jbs Time: 13:18:36 Date: 31/03/2018 Version:

ID: Sample Name: test.txt Cookbook: default.jbs Time: 13:18:36 Date: 31/03/2018 Version: ID: 5250 Sample Name: test.txt Cookbook: default.jbs Time: 13:18:3 Date: 31/03/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Cookbook: browseurl.jbs Time: 15:46:38 Date: 29/03/2018 Version:

ID: Cookbook: browseurl.jbs Time: 15:46:38 Date: 29/03/2018 Version: ID: 52374 Cookbook: browseurl.jbs Time: 15:46:3 Date: 29/03/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: browseurl.jbs Time: 17:39:02 Date: 22/03/2018 Version:

ID: Cookbook: browseurl.jbs Time: 17:39:02 Date: 22/03/2018 Version: ID: 5139 Cookbook: browseurl.jbs Time: 17:39:02 Date: 22/03/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: urldownload.jbs Time: 19:53:36 Date: 07/03/2018 Version:

ID: Cookbook: urldownload.jbs Time: 19:53:36 Date: 07/03/2018 Version: ID: 49 Cookbook: urldownload.jbs Time: 19:: Date: 0/0/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice

More information

ID: Cookbook: urldownload.jbs Time: 22:26:00 Date: 30/12/2017 Version:

ID: Cookbook: urldownload.jbs Time: 22:26:00 Date: 30/12/2017 Version: ID: 41304 Cookbook: urldownload.jbs Time: 22:26:00 Date: 30/12/2017 Version: 20.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature Overview

More information

ID: Cookbook: browseurl.jbs Time: 10:12:02 Date: 15/01/2018 Version:

ID: Cookbook: browseurl.jbs Time: 10:12:02 Date: 15/01/2018 Version: ID: 42670 Cookbook: browseurl.jbs Time: 10:12:02 Date: 15/01/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: urldownload.jbs Time: 20:09:25 Date: 13/06/2018 Version:

ID: Cookbook: urldownload.jbs Time: 20:09:25 Date: 13/06/2018 Version: ID: 3923 Cookbook: urldownload.jbs Time: 20:09:25 Date: 13/0/201 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Sample Name: SSI Set Details.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 01:14:07 Date: 13/04/2018 Version: 22.0.

ID: Sample Name: SSI Set Details.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 01:14:07 Date: 13/04/2018 Version: 22.0. ID: 54478 Sample Name: SSI Set Details.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 01:14:07 Date: /04/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection Confidence

More information

ID: Sample Name: TO_HM_CROWN PR#U0130NCE MOHAMMED B#U0130N SALMAN - Dear Prime Minister.doc Cookbook: defaultwindowsofficecookbook.

ID: Sample Name: TO_HM_CROWN PR#U0130NCE MOHAMMED B#U0130N SALMAN - Dear Prime Minister.doc Cookbook: defaultwindowsofficecookbook. ID: 63341 Sample Name: TO_HM_CROWN PR#U0130NCE MOHAMMED B#U0130N SALMAN - Dear Prime Minister.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 08:43:14 Date: 10/06/2018 Version: 22.0.0 Table of Contents

More information

ID: Sample Name: Luxus.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 10:22:08 Date: 09/01/2018 Version:

ID: Sample Name: Luxus.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 10:22:08 Date: 09/01/2018 Version: ID: 42035 Sample Name: Luxus.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 10:22:08 Date: 09/01/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection

More information

ID: Sample Name: Serial.txt Cookbook: default.jbs Time: 02:59:20 Date: 07/05/2018 Version:

ID: Sample Name: Serial.txt Cookbook: default.jbs Time: 02:59:20 Date: 07/05/2018 Version: ID: 58133 Sample Name: Serial.txt Cookbook: default.jbs Time: 02:5:20 Date: 0/05/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Cookbook: browseurl.jbs Time: 20:27:59 Date: 16/03/2018 Version:

ID: Cookbook: browseurl.jbs Time: 20:27:59 Date: 16/03/2018 Version: ID: 50646 Cookbook: browseurl.jbs Time: 20:27:59 Date: 16/03/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: browseurl.jbs Time: 11:59:06 Date: 14/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 11:59:06 Date: 14/05/2018 Version: ID: 5945 Cookbook: browseurl.jbs Time: 11:59:06 Date: 14/05/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: urldownload.jbs Time: 22:46:20 Date: 19/02/2018 Version:

ID: Cookbook: urldownload.jbs Time: 22:46:20 Date: 19/02/2018 Version: ID: 4706 Cookbook: urldownload.jbs Time: 22:46:20 Date: 1/02/201 Version: 21.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature

More information

ID: Cookbook: browseurl.jbs Time: 00:12:30 Date: 24/03/2018 Version:

ID: Cookbook: browseurl.jbs Time: 00:12:30 Date: 24/03/2018 Version: ID: 51630 Cookbook: browseurl.jbs Time: 00:12:30 Date: 24/03/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Sample Name: DOCS.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 16:07:38 Date: 06/02/2018 Version:

ID: Sample Name: DOCS.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 16:07:38 Date: 06/02/2018 Version: ID: 45263 Sample Name: DOCS.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 16:07:38 Date: 06/02/2018 Version: 20.0.0 Table of Contents Analysis Report Overview Information Detection Confidence Classification

More information

ID: Sample Name: testfiletestfile.txt Cookbook: default.jbs Time: 15:24:30 Date: 06/07/2018 Version:

ID: Sample Name: testfiletestfile.txt Cookbook: default.jbs Time: 15:24:30 Date: 06/07/2018 Version: ID: 6045 Sample Name: testfiletestfile.txt Cookbook: default.jbs Time: 15:24:30 Date: 06/0/201 Version: 23.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection

More information

ID: Cookbook: browseurl.jbs Time: 15:48:15 Date: 29/03/2018 Version:

ID: Cookbook: browseurl.jbs Time: 15:48:15 Date: 29/03/2018 Version: ID: 52376 Cookbook: browseurl.jbs Time: 15:4:15 Date: 29/03/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: urldownload.jbs Time: 19:58:34 Date: 02/05/2018 Version:

ID: Cookbook: urldownload.jbs Time: 19:58:34 Date: 02/05/2018 Version: ID: 57706 Cookbook: urldownload.jbs Time: 19:5:34 Date: 02/05/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Sample Name: Coss, Daniel.vcf Cookbook: default.jbs Time: 15:16:47 Date: 21/06/2018 Version:

ID: Sample Name: Coss, Daniel.vcf Cookbook: default.jbs Time: 15:16:47 Date: 21/06/2018 Version: ID: 6467 Sample Name: Coss, Daniel.vcf Cookbook: default.jbs Time: 15:16:47 Date: 21/06/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: MacKeeper.dmg Cookbook: default.jbs Time: 11:09:32 Date: 02/06/2018 Version:

ID: Sample Name: MacKeeper.dmg Cookbook: default.jbs Time: 11:09:32 Date: 02/06/2018 Version: ID: 22 Sample Name: MacKeeper.dmg Cookbook: default.jbs Time: 11:0:2 Date: 02/0/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Cookbook: browseurl.jbs Time: 07:02:50 Date: 27/03/2018 Version:

ID: Cookbook: browseurl.jbs Time: 07:02:50 Date: 27/03/2018 Version: ID: 51900 Cookbook: browseurl.jbs Time: 07:02:50 Date: 27/03/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature Overview Networking:

More information

ID: Cookbook: browseurl.jbs Time: 16:56:06 Date: 13/02/2018 Version:

ID: Cookbook: browseurl.jbs Time: 16:56:06 Date: 13/02/2018 Version: ID: 46296 Cookbook: browseurl.jbs Time: 16:56:06 Date: 13/02/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Sample Name: text_0.txt Cookbook: default.jbs Time: 16:20:15 Date: 12/01/2018 Version:

ID: Sample Name: text_0.txt Cookbook: default.jbs Time: 16:20:15 Date: 12/01/2018 Version: ID: 4253 Sample Name: text_0.txt Cookbook: default.jbs Time: 1:20:15 Date: 12/01/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: E DA5e8a0c01b.txt Cookbook: default.jbs Time: 15:35:01 Date: 18/04/2018 Version:

ID: Sample Name: E DA5e8a0c01b.txt Cookbook: default.jbs Time: 15:35:01 Date: 18/04/2018 Version: ID: 55401 Sample Name: E203182DA5e8a0c01b.txt Cookbook: default.jbs Time: 15:35:01 Date: 18/04/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection

More information

ID: Sample Name: NEW ORDER LIST.jar Cookbook: default.jbs Time: 10:19:47 Date: 19/02/2018 Version:

ID: Sample Name: NEW ORDER LIST.jar Cookbook: default.jbs Time: 10:19:47 Date: 19/02/2018 Version: ID: 47020 Sample Name: NEW ORDER LIST.jar Cookbook: default.jbs Time: :19:47 Date: 19/02/201 Version: 21.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection Confidence

More information

ID: Cookbook: browseurl.jbs Time: 14:46:55 Date: 31/08/2018 Version:

ID: Cookbook: browseurl.jbs Time: 14:46:55 Date: 31/08/2018 Version: ID: 74919 Cookbook: browseurl.jbs Time: 14:46:55 Date: 31/08/2018 Version: 23.0.0 Table of Contents Table of Contents Analysis Report http://tiny.cc/34aqxy Overview General Information Detection Confidence

More information

ID: Cookbook: urldownload.jbs Time: 08:25:02 Date: 29/10/2018 Version: Fire Opal

ID: Cookbook: urldownload.jbs Time: 08:25:02 Date: 29/10/2018 Version: Fire Opal ID: Cookbook: urldownload.jbs Time: 0:25:02 Date: 29//201 Version: 24.0.0 Fire Opal Table of Contents Table of Contents Analysis Report http://15.1..14/neko.sh Overview General Information Detection Confidence

More information

ID: Cookbook: browseurl.jbs Time: 22:12:09 Date: 17/11/2017 Version:

ID: Cookbook: browseurl.jbs Time: 22:12:09 Date: 17/11/2017 Version: ID: 37366 Cookbook: browseurl.jbs Time: 22:12:09 Date: 17/11/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Sample Name: 5GeZNwROcB.bin Cookbook: default.jbs Time: 15:22:54 Date: 30/11/2017 Version:

ID: Sample Name: 5GeZNwROcB.bin Cookbook: default.jbs Time: 15:22:54 Date: 30/11/2017 Version: ID: 82 Sample Name: GeZNwROcB.bin Cookbook: default.jbs Time: 1:22:4 Date: 0/11/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Cookbook: browseurl.jbs Time: 13:46:19 Date: 09/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 13:46:19 Date: 09/05/2018 Version: ID: 5702 Cookbook: browseurl.jbs Time: 13:46:19 Date: 09/05/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: browseurl.jbs Time: 20:04:11 Date: 14/06/2018 Version:

ID: Cookbook: browseurl.jbs Time: 20:04:11 Date: 14/06/2018 Version: ID: 64085 Cookbook: browseurl.jbs Time: 20:04:11 Date: 14/06/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Sample Name: dronefly.apk Cookbook: default.jbs Time: 10:24:54 Date: 07/06/2018 Version:

ID: Sample Name: dronefly.apk Cookbook: default.jbs Time: 10:24:54 Date: 07/06/2018 Version: ID: 001 Sample Name: dronefly.apk Cookbook: default.jbs Time: 10:24:4 Date: 0/0/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Cookbook: urldownload.jbs Time: 20:31:22 Date: 09/08/2018 Version:

ID: Cookbook: urldownload.jbs Time: 20:31:22 Date: 09/08/2018 Version: ID: 153 Cookbook: urldownload.jbs Time: 20:31:22 Date: 09/0/201 Version: 23.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Cookbook: browseurl.jbs Time: 23:36:16 Date: 10/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 23:36:16 Date: 10/04/2018 Version: ID: 54075 Cookbook: browseurl.jbs Time: 23:36:16 Date: 10/04/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Sample Name: test Cookbook: default.jbs Time: 09:46:13 Date: 21/05/2018 Version:

ID: Sample Name: test Cookbook: default.jbs Time: 09:46:13 Date: 21/05/2018 Version: ID: 042 Sample Name: test Cookbook: default.jbs Time: 09:4:1 Date: 21/0/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification

More information

ID: Cookbook: browseurl.jbs Time: 20:56:26 Date: 03/07/2018 Version:

ID: Cookbook: browseurl.jbs Time: 20:56:26 Date: 03/07/2018 Version: ID: 66665 Cookbook: browseurl.jbs Time: 20:56:26 Date: 03/07/2018 Version: 23.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Sample Name: Payment_Remittance#.xps Cookbook: defaultwindowsofficecookbook.jbs Time: 01:35:46 Date: 20/09/2018 Version: 23.0.

ID: Sample Name: Payment_Remittance#.xps Cookbook: defaultwindowsofficecookbook.jbs Time: 01:35:46 Date: 20/09/2018 Version: 23.0. ID: 25 Sample Name: Payment_Remittance#.xps Cookbook: defaultwindowsofficecookbook.jbs Time: 01:35:4 Date: 20/09/201 Version: 23.0.0 Table of Contents Table of Contents Analysis Report Payment_Remittance#.xps

More information

ID: Sample Name: paint.net install.exe Cookbook: default.jbs Time: 00:46:01 Date: 01/12/2017 Version:

ID: Sample Name: paint.net install.exe Cookbook: default.jbs Time: 00:46:01 Date: 01/12/2017 Version: ID: 38812 Sample Name: paint.net.4.0.19.install.exe Cookbook: default.jbs Time: 00:46:01 Date: 01/12/2017 Version: 20.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: ff2c8cadaa0fd8da6138cce6fce37e001f53a5d9ceccd67945b15ae273f4d751.evaljs.js Cookbook: default.jbs Time: 16:44:00 Date:

ID: Sample Name: ff2c8cadaa0fd8da6138cce6fce37e001f53a5d9ceccd67945b15ae273f4d751.evaljs.js Cookbook: default.jbs Time: 16:44:00 Date: ID: 33355 Sample Name: ff2c8cadaa0fd8da138ccefce3e001f53a5dceccd45b15ae23f4d51.evaljs.js Cookbook: default.jbs Time: 1:44:00 Date: 04//201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report

More information

ID: Cookbook: urldownload.jbs Time: 18:48:38 Date: 19/06/2018 Version:

ID: Cookbook: urldownload.jbs Time: 18:48:38 Date: 19/06/2018 Version: ID: 64646 Cookbook: urldownload.jbs Time: 1:4:3 Date: 19/06/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature

More information

ID: Sample Name: Swift details.xls Cookbook: defaultwindowsofficecookbook.jbs Time: 17:14:48 Date: 21/06/2018 Version: 22.0.

ID: Sample Name: Swift details.xls Cookbook: defaultwindowsofficecookbook.jbs Time: 17:14:48 Date: 21/06/2018 Version: 22.0. ID: 64992 Sample Name: Swift details.xls Cookbook: defaultwindowsofficecookbook.jbs Time: 17::48 Date: 21/06/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection Confidence

More information

ID: Cookbook: urldownload.jbs Time: 02:55:04 Date: 01/02/2018 Version:

ID: Cookbook: urldownload.jbs Time: 02:55:04 Date: 01/02/2018 Version: ID: 4441 Cookbook: urldownload.jbs Time: 02:55:04 Date: 01/02/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature

More information

ID: Sample Name: Commercial Card Services CTO Quality Control Checklist v9.docm Cookbook: defaultwindowsofficecookbook.jbs Time: 15:55:50 Date:

ID: Sample Name: Commercial Card Services CTO Quality Control Checklist v9.docm Cookbook: defaultwindowsofficecookbook.jbs Time: 15:55:50 Date: ID: 244 Sample Name: Commercial Card Services CTO Quality Control Checklist v9.docm Cookbook: defaultwindowsofficecookbook.jbs Time: 15:55:50 Date: 05/10/201 Version: 24.0.0 Fire Opal Table of Contents

More information

ID: Sample Name: faktury_pdf.rar Cookbook: default.jbs Time: 12:24:33 Date: 15/12/2017 Version:

ID: Sample Name: faktury_pdf.rar Cookbook: default.jbs Time: 12:24:33 Date: 15/12/2017 Version: ID: 4019 Sample Name: faktury_pdf.rar Cookbook: default.jbs Time: 12:24: Date: 1/12/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: dialog.nvp Cookbook: default.jbs Time: 00:09:12 Date: 10/05/2018 Version:

ID: Sample Name: dialog.nvp Cookbook: default.jbs Time: 00:09:12 Date: 10/05/2018 Version: ID: 09 Sample Name: dialog.nvp Cookbook: default.jbs Time: 00:09:12 Date: 10/0/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: vlaue.exe Cookbook: default.jbs Time: 18:54:49 Date: 26/01/2018 Version:

ID: Sample Name: vlaue.exe Cookbook: default.jbs Time: 18:54:49 Date: 26/01/2018 Version: ID: 44024 Sample Name: vlaue.exe Cookbook: default.jbs Time: 18:4:49 Date: 2/01/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Cookbook: browseurl.jbs Time: 00:46:14 Date: 03/07/2018 Version:

ID: Cookbook: browseurl.jbs Time: 00:46:14 Date: 03/07/2018 Version: ID: 66523 Cookbook: browseurl.jbs Time: 00:46:14 Date: 03/07/2018 Version: 23.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Sample Name: Commercial Card Services CTO Quality Control Checklist v9.docm Cookbook: defaultwindowsofficecookbook.jbs Time: 15:52:31 Date:

ID: Sample Name: Commercial Card Services CTO Quality Control Checklist v9.docm Cookbook: defaultwindowsofficecookbook.jbs Time: 15:52:31 Date: ID: 244 Sample Name: Commercial Card Services CTO Quality Control Checklist v9.docm Cookbook: defaultwindowsofficecookbook.jbs Time: 15:52:31 Date: 05/10/201 Version: 24.0.0 Fire Opal Table of Contents

More information

ID: Sample Name: gpg4win exe.sig Cookbook: default.jbs Time: 21:44:31 Date: 02/02/2018 Version:

ID: Sample Name: gpg4win exe.sig Cookbook: default.jbs Time: 21:44:31 Date: 02/02/2018 Version: ID: Sample Name: gpgwin-.0..exe.sig Cookbook: default.jbs Time: 21::1 Date: 02/02/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: lt.pak Cookbook: default.jbs Time: 12:40:34 Date: 26/07/2018 Version:

ID: Sample Name: lt.pak Cookbook: default.jbs Time: 12:40:34 Date: 26/07/2018 Version: ID: 90 Sample Name: lt.pak Cookbook: default.jbs Time: 12:40:4 Date: 2/0/201 Version: 2.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification

More information

ID: Cookbook: browseurl.jbs Time: 20:07:43 Date: 27/09/2018 Version:

ID: Cookbook: browseurl.jbs Time: 20:07:43 Date: 27/09/2018 Version: ID: 80599 Cookbook: browseurl.jbs Time: 20:07:43 Date: 27/09/2018 Version: 23.0.0 Table of Contents Table of Contents Analysis Report http://www.qbproadvisorshelp.com Overview General Information Detection

More information

ID: Cookbook: browseurl.jbs Time: 18:45:10 Date: 08/10/2018 Version: Fire Opal

ID: Cookbook: browseurl.jbs Time: 18:45:10 Date: 08/10/2018 Version: Fire Opal ID: 82913 Cookbook: browseurl.jbs Time: 18:45:10 Date: 08/10/2018 Version: 24.0.0 Fire Opal Table of Contents Table of Contents Analysis Report http://www.learningtoolkit.club Overview General Information

More information

ID: Sample Name:._k.php Cookbook: default.jbs Time: 05:41:18 Date: 25/04/2018 Version:

ID: Sample Name:._k.php Cookbook: default.jbs Time: 05:41:18 Date: 25/04/2018 Version: ID: 2 Sample Name:._k.php Cookbook: default.jbs Time: 0:41:1 Date: 2/04/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification

More information

ID: Sample Name: 11#Ucb#Uae#Uc4#Ube#Ue5#Ubb#UaafNOnOJTVYQ.exe Cookbook: default.jbs Time: 09:47:21 Date: 02/02/2018 Version: 20.0.

ID: Sample Name: 11#Ucb#Uae#Uc4#Ube#Ue5#Ubb#UaafNOnOJTVYQ.exe Cookbook: default.jbs Time: 09:47:21 Date: 02/02/2018 Version: 20.0. ID: 4457 Sample Name: #Ucb#Uae#Uc4#Ube#Ue5#Ubb#UaafNOnOJTVYQ.exe Cookbook: default.jbs Time: 09:47:21 Date: 02/02/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General

More information

ID: Cookbook: urldownload.jbs Time: 20:47:24 Date: 09/12/2017 Version:

ID: Cookbook: urldownload.jbs Time: 20:47:24 Date: 09/12/2017 Version: ID: 0 Cookbook: urldownload.jbs Time: 20:4:24 Date: 0/12/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Sample Name: PO xls Cookbook: defaultwindowsofficecookbook.jbs Time: 03:13:36 Date: 08/01/2018 Version:

ID: Sample Name: PO xls Cookbook: defaultwindowsofficecookbook.jbs Time: 03:13:36 Date: 08/01/2018 Version: ID: 41861 Sample Name: PO65445465.xls Cookbook: defaultwindowsofficecookbook.jbs Time: 03::36 Date: 08/01/2018 Version: 20.0.0 Table of Contents Analysis Report Overview Information Detection Confidence

More information

ID: Sample Name: SSB SBV Daily Report - Logistics Template DEC '17 (8).xlsm Cookbook: defaultwindowsofficecookbook.jbs Time: 06:35:29 Date:

ID: Sample Name: SSB SBV Daily Report - Logistics Template DEC '17 (8).xlsm Cookbook: defaultwindowsofficecookbook.jbs Time: 06:35:29 Date: ID: 41310 Sample Name: SSB SBV Daily Report - Logistics Template DEC '17 (8).xlsm Cookbook: defaultwindowsofficecookbook.jbs Time: 06:35:29 Date: 31/12/2017 Version: 20.0.0 Table of Contents Analysis Report

More information

ID: Sample Name: New invoice doc Cookbook: defaultwindowsofficecookbook.jbs Time: 21:49:06 Date: 07/11/2017 Version: 20.0.

ID: Sample Name: New invoice doc Cookbook: defaultwindowsofficecookbook.jbs Time: 21:49:06 Date: 07/11/2017 Version: 20.0. ID: 36381 Sample Name: New invoice 1385371761.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 21:4:06 Date: 07/11/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview

More information

ID: Sample Name: _ doc Cookbook: defaultwindowsofficecookbook.jbs Time: 14:23:56 Date: 20/10/2017 Version: 20.0.

ID: Sample Name: _ doc Cookbook: defaultwindowsofficecookbook.jbs Time: 14:23:56 Date: 20/10/2017 Version: 20.0. ID: 34737 Sample Name: 20170927_655387.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 14:23:56 Date: 20/10/2017 Version: 20.0.0 Table of Contents Analysis Report Overview Information Detection Confidence

More information

ID: Cookbook: browseurl.jbs Time: 14:05:23 Date: 30/07/2018 Version:

ID: Cookbook: browseurl.jbs Time: 14:05:23 Date: 30/07/2018 Version: ID: 70096 Cookbook: browseurl.jbs Time: 14:05:23 Date: 30/07/2018 Version: 23.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Sample Name: MobaXterm_installer_10.5.msi Cookbook: defaultwindowsmsicookbook.jbs Time: 18:29:36 Date: 25/05/2018 Version: 22.0.

ID: Sample Name: MobaXterm_installer_10.5.msi Cookbook: defaultwindowsmsicookbook.jbs Time: 18:29:36 Date: 25/05/2018 Version: 22.0. ID: 61258 Sample Name: MobaXterm_installer_10.5.msi Cookbook: defaultwindowsmsicookbook.jbs Time: 18:29:36 Date: 25/05/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection

More information

ID: Cookbook: browseurl.jbs Time: 18:05:31 Date: 26/12/2017 Version:

ID: Cookbook: browseurl.jbs Time: 18:05:31 Date: 26/12/2017 Version: ID: 41000 Cookbook: browseurl.jbs Time: 1:05:31 Date: 26/12/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Sample Name: Unconfirmed crdownload Cookbook: default.jbs Time: 22:58:07 Date: 08/11/2017 Version:

ID: Sample Name: Unconfirmed crdownload Cookbook: default.jbs Time: 22:58:07 Date: 08/11/2017 Version: ID: 80 Sample Name: Unconfirmed.crdownload Cookbook: default.jbs Time: 22:8:0 Date: 08/11/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection

More information

ID: Cookbook: urldownload.jbs Time: 16:10:39 Date: 07/12/2017 Version:

ID: Cookbook: urldownload.jbs Time: 16:10:39 Date: 07/12/2017 Version: ID: 94 Cookbook: urldownload.jbs Time: 1:10:9 Date: 0/12/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature

More information

ID: Sample Name: scan00.html Cookbook: default.jbs Time: 22:21:27 Date: 16/12/2017 Version:

ID: Sample Name: scan00.html Cookbook: default.jbs Time: 22:21:27 Date: 16/12/2017 Version: ID: 40269 Sample Name: scan00.html Cookbook: default.jbs Time: 22:21:27 Date: 16/12/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: FORMP16T.docx Cookbook: defaultwindowsofficecookbook.jbs Time: 09:39:29 Date: 28/05/2018 Version:

ID: Sample Name: FORMP16T.docx Cookbook: defaultwindowsofficecookbook.jbs Time: 09:39:29 Date: 28/05/2018 Version: ID: 61383 Sample Name: FORMP16T.docx Cookbook: defaultwindowsofficecookbook.jbs Time: 09:39:29 Date: 28/05/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information

More information

ID: Cookbook: urldownload.jbs Time: 21:28:55 Date: 28/06/2018 Version:

ID: Cookbook: urldownload.jbs Time: 21:28:55 Date: 28/06/2018 Version: ID: 6600 Cookbook: urldownload.jbs Time: 21:2:55 Date: 2/06/201 Version: 23.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature Overview Networking:

More information

ID: Cookbook: urldownload.jbs Time: 23:23:00 Date: 11/01/2018 Version:

ID: Cookbook: urldownload.jbs Time: 23:23:00 Date: 11/01/2018 Version: ID: 42417 Cookbook: urldownload.jbs Time: 23:23:00 Date: 11/01/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature

More information

ID: Sample Name: modulecheck.js Cookbook: default.jbs Time: 17:46:31 Date: 01/02/2018 Version:

ID: Sample Name: modulecheck.js Cookbook: default.jbs Time: 17:46:31 Date: 01/02/2018 Version: ID: 44491 Sample Name: modulecheck.js Cookbook: default.jbs Time: 17:4:31 Date: 01/02/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: wtf.bat Cookbook: default.jbs Time: 18:32:35 Date: 19/05/2018 Version:

ID: Sample Name: wtf.bat Cookbook: default.jbs Time: 18:32:35 Date: 19/05/2018 Version: ID: 6036 Sample Name: wtf.bat Cookbook: default.jbs Time: 1:32:35 Date: 19/05/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification

More information

ID: Cookbook: browseurl.jbs Time: 19:21:50 Date: 15/10/2017 Version:

ID: Cookbook: browseurl.jbs Time: 19:21:50 Date: 15/10/2017 Version: ID: 34266 Cookbook: browseurl.jbs Time: 19:21:50 Date: 15/10/2017 Version: 20.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Sample Name: oq5wdjgk2r.exe Cookbook: default.jbs Time: 20:25:47 Date: 22/11/2017 Version:

ID: Sample Name: oq5wdjgk2r.exe Cookbook: default.jbs Time: 20:25:47 Date: 22/11/2017 Version: ID: 388 Sample Name: oq5wdjgk2r.exe Cookbook: default.jbs Time: 20:25:4 Date: 22/11/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

ID: Sample Name: binarydata Cookbook: default.jbs Time: 22:09:57 Date: 22/11/2017 Version:

ID: Sample Name: binarydata Cookbook: default.jbs Time: 22:09:57 Date: 22/11/2017 Version: ID: 88 Sample Name: binarydata Cookbook: default.jbs Time: 22:09: Date: 22/11/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification

More information

ID: Sample Name: promo_50_ iqy Cookbook: default.jbs Time: 15:01:30 Date: 07/06/2018 Version:

ID: Sample Name: promo_50_ iqy Cookbook: default.jbs Time: 15:01:30 Date: 07/06/2018 Version: ID: 63041 Sample Name: promo_50_57443456.iqy Cookbook: default.jbs Time: 15:01:30 Date: 07/06/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection Confidence

More information

ID: Cookbook: browseurl.jbs Time: 15:47:47 Date: 11/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 15:47:47 Date: 11/05/2018 Version: ID: 59136 Cookbook: browseurl.jbs Time: 15:47:47 Date: 11/05/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature

More information

ID: Cookbook: browseurl.jbs Time: 14:54:22 Date: 05/09/2018 Version:

ID: Cookbook: browseurl.jbs Time: 14:54:22 Date: 05/09/2018 Version: ID: 75522 Cookbook: browseurl.jbs Time: 14:54:22 Date: 05/09/2018 Version: 23.0.0 Table of Contents Table of Contents 2 Analysis Report http://www.springdwnld2.com/download/? d=0&h=1&pnid=4&domain=hmapsanddrivingdirection.com&implementation_id=maps_spt_&source=g-ccc7-lp0-

More information

ID: Sample Name: rechnung_ js Cookbook: default.jbs Time: 19:18:52 Date: 08/04/2018 Version:

ID: Sample Name: rechnung_ js Cookbook: default.jbs Time: 19:18:52 Date: 08/04/2018 Version: ID: 53668 Sample Name: rechnung_164920244621218163584.js Cookbook: default.jbs Time: 19:18:52 Date: 08/04/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information

More information

ID: Sample Name: zzz.ps1 Cookbook: default.jbs Time: 20:46:52 Date: 16/03/2018 Version:

ID: Sample Name: zzz.ps1 Cookbook: default.jbs Time: 20:46:52 Date: 16/03/2018 Version: ID: 50654 Sample Name: zzz.ps1 Cookbook: default.jbs Time: 20:46:52 Date: 16/03/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Sample Name: Request.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 15:59:16 Date: 22/11/2017 Version:

ID: Sample Name: Request.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 15:59:16 Date: 22/11/2017 Version: ID: 37845 Sample Name: Request.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 15:59:16 Date: 22/11/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback