| rule | 0_init_hdd_all.txt | 1_queryplan_hdd_all.txt | 2_earlyexit_hdd_all.txt | 3_ngramcache_hdd_all.txt |
|---|---|---|---|---|
| apt_aa19_024a.yar | files: 0 ands: 3467 (92ms) ors: 135 (0ms) minofs: 9 (0ms) reads: 3287 (224ms) |
files: 0 ands: 1628 (19ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 1628 (20ms) |
files: 0 ands: 1268 (16ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 1268 (74ms) |
files: 0 ands: 1268 (21ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 1161 (22ms) |
| apt_agent_btz.yar | degenerate | degenerate | degenerate | degenerate |
| apt_alienspy_rat.yar | files: 0 ands: 4712 (99ms) ors: 522 (0ms) minofs: 27 (0ms) reads: 4429 (173ms) |
files: 0 ands: 1510 (29ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 1510 (29ms) |
files: 0 ands: 723 (9ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 723 (9ms) |
files: 0 ands: 723 (10ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 656 (10ms) |
| apt_apt3_bemstour.yar | files: 0 ands: 72643 (2542ms) ors: 4599 (6ms) minofs: 54 (0ms) reads: 65872 (5145ms) |
files: 0 ands: 16149 (194ms) ors: 846 (0ms) minofs: 54 (0ms) reads: 15015 (237ms) |
files: 0 ands: 9628 (165ms) ors: 504 (0ms) minofs: 9 (0ms) reads: 9345 (416ms) |
files: 0 ands: 9628 (140ms) ors: 504 (0ms) minofs: 9 (0ms) reads: 6529 (94ms) |
| apt_apt6_malware.yar | files: 2 ands: 22138 (324ms) ors: 1332 (0ms) minofs: 36 (0ms) reads: 21384 (1053ms) |
files: 2 ands: 8202 (61ms) ors: 36 (0ms) minofs: 36 (0ms) reads: 8184 (115ms) |
files: 2 ands: 8202 (54ms) ors: 36 (0ms) minofs: 29 (0ms) reads: 8184 (180ms) |
files: 2 ands: 8202 (67ms) ors: 36 (0ms) minofs: 29 (0ms) reads: 3547 (48ms) |
| apt_apt10.yar | degenerate | degenerate | degenerate | degenerate |
| apt_apt10_redleaves.yar | degenerate | degenerate | degenerate | degenerate |
| apt_apt12_malware.yar | degenerate | degenerate | degenerate | degenerate |
| apt_apt15.yar | degenerate | degenerate | degenerate | degenerate |
| apt_apt17_mal_sep17.yar | degenerate | degenerate | degenerate | degenerate |
| apt_apt17_malware.yar | files: 0 ands: 4320 (266ms) ors: 306 (3ms) minofs: 27 (3ms) reads: 3978 (549ms) |
files: 0 ands: 1270 (51ms) ors: 18 (0ms) minofs: 27 (3ms) reads: 1252 (50ms) |
files: 0 ands: 773 (33ms) ors: 18 (0ms) minofs: 18 (1ms) reads: 762 (106ms) |
files: 0 ands: 773 (37ms) ors: 18 (0ms) minofs: 18 (1ms) reads: 715 (39ms) |
| apt_apt19.yar | files: 0 ands: 13395 (319ms) ors: 693 (0ms) minofs: 36 (0ms) reads: 13045 (4070ms) |
files: 0 ands: 2352 (24ms) ors: 108 (0ms) minofs: 36 (0ms) reads: 2352 (36ms) |
files: 0 ands: 1427 (11ms) ors: 72 (0ms) minofs: 3 (0ms) reads: 1427 (68ms) |
files: 0 ands: 1427 (12ms) ors: 72 (0ms) minofs: 3 (0ms) reads: 1072 (21ms) |
| apt_apt27_hyperbro.yar | degenerate | degenerate | degenerate | degenerate |
| apt_apt28.yar | files: 94 ands: 11535 (587ms) ors: 882 (7ms) minofs: 63 (0ms) reads: 9830 (1180ms) |
files: 94 ands: 3407 (126ms) ors: 126 (0ms) minofs: 63 (0ms) reads: 2993 (99ms) |
files: 94 ands: 2012 (57ms) ors: 126 (0ms) minofs: 18 (0ms) reads: 1598 (173ms) |
files: 94 ands: 2012 (44ms) ors: 126 (0ms) minofs: 18 (0ms) reads: 1334 (41ms) |
| apt_apt28_drovorub.yar | files: 0 ands: 14972 (613ms) ors: 1872 (2ms) minofs: 27 (0ms) reads: 13372 (1060ms) |
files: 0 ands: 4784 (77ms) ors: 468 (0ms) minofs: 27 (0ms) reads: 4640 (93ms) |
files: 0 ands: 1819 (37ms) ors: 256 (0ms) minofs: 0 (0ms) reads: 1781 (124ms) |
files: 0 ands: 1819 (32ms) ors: 256 (0ms) minofs: 0 (0ms) reads: 1185 (28ms) |
| apt_apt29_grizzly_steppe.yar | files: 14 ands: 22532 (554ms) ors: 2070 (0ms) minofs: 144 (0ms) reads: 20819 (1424ms) |
files: 14 ands: 6240 (80ms) ors: 306 (0ms) minofs: 144 (0ms) reads: 6060 (88ms) |
files: 14 ands: 3660 (97ms) ors: 306 (0ms) minofs: 6 (0ms) reads: 3505 (304ms) |
files: 14 ands: 3660 (66ms) ors: 306 (0ms) minofs: 6 (0ms) reads: 2924 (45ms) |
| apt_apt29_nobelium_apr22.yar | files: 2 ands: 10082 (156ms) ors: 7118 (18ms) minofs: 9 (0ms) reads: 6694 (402ms) |
files: 2 ands: 1201 (24ms) ors: 36 (0ms) minofs: 9 (0ms) reads: 1147 (25ms) |
files: 2 ands: 827 (27ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 789 (31ms) |
files: 2 ands: 827 (30ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 789 (40ms) |
| apt_apt29_nobelium_may21.yar | degenerate | degenerate | degenerate | degenerate |
| apt_apt30_backspace.yar | files: 27 ands: 137634 (4845ms) ors: 10530 (18ms) minofs: 513 (0ms) reads: 126280 (25649ms) |
files: 27 ands: 40191 (632ms) ors: 990 (0ms) minofs: 513 (0ms) reads: 40173 (995ms) |
files: 27 ands: 19612 (379ms) ors: 990 (0ms) minofs: 53 (0ms) reads: 19599 (594ms) |
files: 27 ands: 19612 (368ms) ors: 990 (0ms) minofs: 53 (0ms) reads: 10423 (159ms) |
| apt_apt32.yar | files: 0 ands: 3730 (140ms) ors: 360 (4ms) minofs: 27 (0ms) reads: 3370 (12568ms) |
files: 0 ands: 810 (29ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 738 (25ms) |
files: 0 ands: 505 (18ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 433 (70ms) |
files: 0 ands: 505 (18ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 433 (20ms) |
| apt_apt34.yar | files: 0 ands: 19866 (643ms) ors: 576 (0ms) minofs: 27 (0ms) reads: 18818 (8717ms) |
files: 0 ands: 2592 (21ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 2592 (34ms) |
files: 0 ands: 2424 (30ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 2424 (66ms) |
files: 0 ands: 2424 (21ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 2162 (30ms) |
| apt_apt37.yar | files: 0 ands: 2094 (27ms) ors: 54 (0ms) minofs: 9 (0ms) reads: 2004 (65ms) |
files: 0 ands: 984 (5ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 984 (10ms) |
files: 0 ands: 492 (4ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 492 (7ms) |
files: 0 ands: 492 (3ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 492 (5ms) |
| apt_apt37_bluelight.yar | files: 0 ands: 27930 (784ms) ors: 3114 (4ms) minofs: 63 (0ms) reads: 26120 (10764ms) |
files: 0 ands: 10335 (87ms) ors: 108 (0ms) minofs: 63 (0ms) reads: 10317 (101ms) |
files: 0 ands: 3025 (39ms) ors: 108 (0ms) minofs: 0 (0ms) reads: 3016 (43ms) |
files: 0 ands: 3025 (27ms) ors: 108 (0ms) minofs: 0 (0ms) reads: 1874 (19ms) |
| apt_apt41.yar | degenerate | degenerate | degenerate | degenerate |
| apt_ar18_165a.yar | files: 0 ands: 7210 (252ms) ors: 306 (0ms) minofs: 36 (0ms) reads: 6807 (7823ms) |
files: 0 ands: 775 (6ms) ors: 54 (0ms) minofs: 36 (0ms) reads: 775 (12ms) |
files: 0 ands: 623 (6ms) ors: 54 (0ms) minofs: 0 (0ms) reads: 623 (12ms) |
files: 0 ands: 623 (3ms) ors: 54 (0ms) minofs: 0 (0ms) reads: 503 (5ms) |
| apt_area1_phishing_diplomacy.yar | files: 0 ands: 6241 (316ms) ors: 360 (0ms) minofs: 18 (0ms) reads: 5170 (11166ms) |
files: 0 ands: 1847 (25ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 1649 (27ms) |
files: 0 ands: 1014 (24ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 933 (64ms) |
files: 0 ands: 1014 (12ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 798 (13ms) |
| apt_aus_parl_compromise.yar | files: 1845 ands: 42298 (1693ms) ors: 2421 (0ms) minofs: 90 (0ms) reads: 38636 (14875ms) |
files: 453 ands: 6991 (73ms) ors: 432 (0ms) minofs: 45 (0ms) reads: 6973 (96ms) |
files: 453 ands: 6263 (80ms) ors: 396 (0ms) minofs: 18 (0ms) reads: 6254 (165ms) |
files: 453 ands: 6263 (65ms) ors: 396 (0ms) minofs: 18 (0ms) reads: 3165 (44ms) |
| apt_babyshark.yar | degenerate | degenerate | degenerate | degenerate |
| apt_backdoor_ssh_python.yar | files: 0 ands: 1073 (70ms) ors: 81 (0ms) minofs: 9 (0ms) reads: 964 (324ms) |
files: 0 ands: 200 (7ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 200 (4ms) |
files: 0 ands: 141 (10ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 141 (5ms) |
files: 0 ands: 141 (4ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 141 (2ms) |
| apt_backdoor_sunburst_fnv1a_experimental.yar | files: 0 ands: 236 (16ms) ors: 54 (0ms) minofs: 9 (0ms) reads: 164 (1105ms) |
files: 0 ands: 152 (6ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 134 (6ms) |
files: 0 ands: 44 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 44 (0ms) |
files: 0 ands: 44 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 44 (0ms) |
| apt_backspace.yar | files: 0 ands: 965 (19ms) ors: 81 (0ms) minofs: 9 (0ms) reads: 893 (618ms) |
files: 0 ands: 380 (2ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 380 (2ms) |
files: 0 ands: 77 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 77 (1ms) |
files: 0 ands: 77 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 77 (1ms) |
| apt_beepservice.yar | files: 0 ands: 960 (12ms) ors: 90 (0ms) minofs: 9 (0ms) reads: 879 (1118ms) |
files: 0 ands: 624 (3ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 606 (6ms) |
files: 0 ands: 379 (3ms) ors: 0 (0ms) minofs: 3 (0ms) reads: 367 (7ms) |
files: 0 ands: 379 (3ms) ors: 0 (0ms) minofs: 3 (0ms) reads: 355 (6ms) |
| apt_between-hk-and-burma.yar | files: 1 ands: 12476 (909ms) ors: 810 (0ms) minofs: 36 (0ms) reads: 11894 (9494ms) |
files: 1 ands: 4278 (119ms) ors: 144 (0ms) minofs: 36 (0ms) reads: 4260 (72ms) |
files: 1 ands: 2821 (101ms) ors: 144 (0ms) minofs: 1 (0ms) reads: 2812 (57ms) |
files: 1 ands: 2821 (88ms) ors: 144 (0ms) minofs: 1 (0ms) reads: 1188 (14ms) |
| apt_bigbang.yar | degenerate | degenerate | degenerate | degenerate |
| apt_bitter.yar | files: 0 ands: 4337 (288ms) ors: 342 (2ms) minofs: 18 (0ms) reads: 3989 (4230ms) |
files: 0 ands: 811 (17ms) ors: 72 (0ms) minofs: 18 (0ms) reads: 793 (14ms) |
files: 0 ands: 174 (3ms) ors: 24 (0ms) minofs: 1 (0ms) reads: 165 (4ms) |
files: 0 ands: 174 (2ms) ors: 24 (0ms) minofs: 1 (0ms) reads: 159 (3ms) |
| apt_blackenergy.yar | files: 0 ands: 18689 (860ms) ors: 1035 (0ms) minofs: 63 (0ms) reads: 17778 (6608ms) |
files: 0 ands: 5675 (83ms) ors: 126 (0ms) minofs: 63 (0ms) reads: 5675 (157ms) |
files: 0 ands: 2482 (38ms) ors: 126 (0ms) minofs: 0 (0ms) reads: 2482 (69ms) |
files: 0 ands: 2482 (38ms) ors: 126 (0ms) minofs: 0 (0ms) reads: 2211 (40ms) |
| apt_blackenergy_installer.yar | files: 0 ands: 428 (10ms) ors: 27 (0ms) minofs: 9 (0ms) reads: 296 (577ms) |
files: 0 ands: 110 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 110 (2ms) |
files: 0 ands: 110 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 110 (3ms) |
files: 0 ands: 110 (1ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 110 (3ms) |
| apt_bluetermite_emdivi.yar | files: 0 ands: 25002 (787ms) ors: 1296 (1ms) minofs: 63 (0ms) reads: 23534 (7147ms) |
files: 0 ands: 8339 (70ms) ors: 90 (0ms) minofs: 63 (0ms) reads: 8303 (114ms) |
files: 0 ands: 2944 (20ms) ors: 90 (0ms) minofs: 6 (0ms) reads: 2926 (57ms) |
files: 0 ands: 2944 (18ms) ors: 90 (0ms) minofs: 6 (0ms) reads: 2491 (27ms) |
| apt_bronze_butler.yar | degenerate | degenerate | degenerate | degenerate |
| apt_buckeye.yar | files: 0 ands: 35970 (1255ms) ors: 963 (0ms) minofs: 45 (0ms) reads: 33608 (6637ms) |
files: 0 ands: 4563 (27ms) ors: 72 (0ms) minofs: 45 (0ms) reads: 4563 (43ms) |
files: 0 ands: 2431 (24ms) ors: 72 (0ms) minofs: 0 (0ms) reads: 2431 (56ms) |
files: 0 ands: 2431 (18ms) ors: 72 (0ms) minofs: 0 (0ms) reads: 1541 (15ms) |
| apt_candiru.yar | degenerate | degenerate | degenerate | degenerate |
| apt_carbon_paper_turla.yar | degenerate | degenerate | degenerate | degenerate |
| apt_casper.yar | files: 0 ands: 14383 (593ms) ors: 1062 (2ms) minofs: 72 (0ms) reads: 13292 (6909ms) |
files: 0 ands: 5146 (64ms) ors: 90 (0ms) minofs: 72 (0ms) reads: 5110 (103ms) |
files: 0 ands: 2780 (39ms) ors: 90 (0ms) minofs: 20 (0ms) reads: 2761 (97ms) |
files: 0 ands: 2780 (26ms) ors: 90 (0ms) minofs: 20 (0ms) reads: 2372 (33ms) |
| apt_cheshirecat.yar | files: 0 ands: 15516 (724ms) ors: 1053 (0ms) minofs: 72 (0ms) reads: 14320 (3897ms) |
files: 0 ands: 4411 (50ms) ors: 36 (0ms) minofs: 72 (0ms) reads: 4321 (71ms) |
files: 0 ands: 1122 (22ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 1077 (33ms) |
files: 0 ands: 1122 (18ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 675 (15ms) |
| apt_cloudatlas.yar | files: 0 ands: 1676 (88ms) ors: 72 (0ms) minofs: 9 (0ms) reads: 1612 (1122ms) |
files: 0 ands: 507 (3ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 507 (7ms) |
files: 0 ands: 507 (4ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 507 (7ms) |
files: 0 ands: 507 (4ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 489 (7ms) |
| apt_cloudduke.yar | files: 0 ands: 5110 (235ms) ors: 306 (0ms) minofs: 27 (0ms) reads: 4588 (1566ms) |
files: 0 ands: 1770 (25ms) ors: 18 (0ms) minofs: 27 (0ms) reads: 1752 (46ms) |
files: 0 ands: 826 (15ms) ors: 18 (0ms) minofs: 2 (0ms) reads: 817 (26ms) |
files: 0 ands: 826 (14ms) ors: 18 (0ms) minofs: 2 (0ms) reads: 795 (25ms) |
| apt_cmstar.yar | degenerate | degenerate | degenerate | degenerate |
| apt_cn_netfilter.yar | files: 0 ands: 17256 (699ms) ors: 1008 (0ms) minofs: 36 (0ms) reads: 15807 (2481ms) |
files: 0 ands: 12387 (406ms) ors: 54 (0ms) minofs: 36 (0ms) reads: 11811 (557ms) |
files: 0 ands: 4300 (76ms) ors: 54 (0ms) minofs: 9 (0ms) reads: 4273 (187ms) |
files: 0 ands: 4300 (76ms) ors: 54 (0ms) minofs: 9 (0ms) reads: 2103 (40ms) |
| apt_cn_pp_zerot.yar | files: 4 ands: 16197 (505ms) ors: 2196 (0ms) minofs: 171 (0ms) reads: 15361 (3946ms) |
files: 4 ands: 5533 (57ms) ors: 306 (0ms) minofs: 171 (0ms) reads: 5515 (67ms) |
files: 4 ands: 2917 (38ms) ors: 306 (0ms) minofs: 21 (0ms) reads: 2906 (51ms) |
files: 4 ands: 2917 (27ms) ors: 306 (0ms) minofs: 21 (0ms) reads: 1746 (23ms) |
| apt_cn_reddelta.yar | files: 4 ands: 13435 (644ms) ors: 783 (0ms) minofs: 36 (0ms) reads: 12443 (6235ms) |
files: 4 ands: 3421 (36ms) ors: 90 (0ms) minofs: 36 (0ms) reads: 3421 (56ms) |
files: 4 ands: 2935 (31ms) ors: 90 (0ms) minofs: 5 (0ms) reads: 2935 (67ms) |
files: 4 ands: 2935 (32ms) ors: 90 (0ms) minofs: 5 (0ms) reads: 2405 (39ms) |
| apt_cn_twisted_panda.yar | files: 4 ands: 3089 (136ms) ors: 513 (10ms) minofs: 36 (13ms) reads: 1226 (2763ms) |
files: 4 ands: 1627 (82ms) ors: 72 (0ms) minofs: 36 (8ms) reads: 1051 (51ms) |
files: 4 ands: 1483 (99ms) ors: 72 (0ms) minofs: 36 (11ms) reads: 1001 (126ms) |
files: 4 ands: 1483 (83ms) ors: 72 (0ms) minofs: 36 (9ms) reads: 785 (37ms) |
| apt_cobaltstrike.yar | files: 29 ands: 192350 (2029ms) ors: 29331 (6ms) minofs: 45 (0ms) reads: 178682 (32989ms) |
files: 29 ands: 43336 (254ms) ors: 13842 (0ms) minofs: 45 (0ms) reads: 43336 (500ms) |
files: 29 ands: 41947 (251ms) ors: 13842 (0ms) minofs: 22 (0ms) reads: 41947 (418ms) |
files: 29 ands: 41947 (254ms) ors: 13842 (0ms) minofs: 22 (0ms) reads: 19918 (95ms) |
| apt_cobaltstrike_evasive.yar | files: 18239 ands: 127920 (4138ms) ors: 25650 (183ms) minofs: 18 (3ms) reads: 88806 (9788ms) |
files: 18239 ands: 90200 (1149ms) ors: 72 (0ms) minofs: 18 (3ms) reads: 71768 (1784ms) |
files: 18239 ands: 88348 (1172ms) ors: 72 (0ms) minofs: 11 (3ms) reads: 70479 (1760ms) |
files: 18239 ands: 88348 (1148ms) ors: 72 (0ms) minofs: 11 (4ms) reads: 25296 (131ms) |
| apt_codoso.yar | files: 82 ands: 84268 (2655ms) ors: 4329 (2ms) minofs: 216 (0ms) reads: 77949 (15627ms) |
files: 82 ands: 28892 (333ms) ors: 432 (0ms) minofs: 216 (0ms) reads: 28856 (440ms) |
files: 82 ands: 23193 (286ms) ors: 432 (0ms) minofs: 73 (0ms) reads: 23167 (509ms) |
files: 82 ands: 23193 (285ms) ors: 432 (0ms) minofs: 73 (0ms) reads: 11742 (164ms) |
| apt_coreimpact_agent.yar | files: 0 ands: 13537 (464ms) ors: 675 (0ms) minofs: 18 (0ms) reads: 12955 (2891ms) |
files: 0 ands: 4612 (53ms) ors: 36 (0ms) minofs: 18 (0ms) reads: 4612 (71ms) |
files: 0 ands: 3964 (50ms) ors: 36 (0ms) minofs: 1 (0ms) reads: 3964 (68ms) |
files: 0 ands: 3964 (55ms) ors: 36 (0ms) minofs: 1 (0ms) reads: 2796 (48ms) |
| apt_danti_svcmondr.yar | files: 0 ands: 9887 (258ms) ors: 837 (0ms) minofs: 45 (0ms) reads: 9395 (3977ms) |
files: 0 ands: 3713 (32ms) ors: 72 (0ms) minofs: 45 (0ms) reads: 3695 (36ms) |
files: 0 ands: 3492 (43ms) ors: 72 (0ms) minofs: 11 (0ms) reads: 3474 (44ms) |
files: 0 ands: 3492 (31ms) ors: 72 (0ms) minofs: 11 (0ms) reads: 2173 (20ms) |
| apt_darkcaracal.yar | files: 0 ands: 547 (16ms) ors: 54 (0ms) minofs: 9 (0ms) reads: 520 (694ms) |
files: 0 ands: 160 (2ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 160 (1ms) |
files: 0 ands: 160 (4ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 160 (3ms) |
files: 0 ands: 160 (3ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 160 (3ms) |
| apt_darkhydrus.yar | degenerate | degenerate | degenerate | degenerate |
| apt_deeppanda.yar | files: 28 ands: 20122 (768ms) ors: 999 (0ms) minofs: 36 (0ms) reads: 19221 (6929ms) |
files: 28 ands: 7319 (90ms) ors: 54 (0ms) minofs: 36 (0ms) reads: 7319 (115ms) |
files: 28 ands: 6043 (74ms) ors: 54 (0ms) minofs: 12 (0ms) reads: 6043 (106ms) |
files: 28 ands: 6043 (74ms) ors: 54 (0ms) minofs: 12 (0ms) reads: 4747 (56ms) |
| apt_derusbi.yar | files: 571 ands: 18962 (592ms) ors: 918 (0ms) minofs: 45 (0ms) reads: 17347 (5756ms) |
files: 571 ands: 6652 (75ms) ors: 108 (0ms) minofs: 45 (0ms) reads: 6544 (119ms) |
files: 571 ands: 6246 (75ms) ors: 108 (0ms) minofs: 19 (0ms) reads: 6183 (185ms) |
files: 571 ands: 6246 (75ms) ors: 108 (0ms) minofs: 19 (0ms) reads: 3538 (56ms) |
| apt_dnspionage.yar | files: 0 ands: 5915 (277ms) ors: 396 (0ms) minofs: 36 (0ms) reads: 5626 (1660ms) |
files: 0 ands: 2069 (29ms) ors: 54 (0ms) minofs: 36 (0ms) reads: 2069 (35ms) |
files: 0 ands: 1574 (21ms) ors: 54 (0ms) minofs: 0 (0ms) reads: 1574 (28ms) |
files: 0 ands: 1574 (21ms) ors: 54 (0ms) minofs: 0 (0ms) reads: 1505 (26ms) |
| apt_donotteam_ytyframework.yar | degenerate | degenerate | degenerate | degenerate |
| apt_dragonfly.yar | degenerate | degenerate | degenerate | degenerate |
| apt_dtrack.yar | files: 0 ands: 11396 (144ms) ors: 990 (0ms) minofs: 27 (0ms) reads: 10759 (428ms) |
files: 0 ands: 6151 (58ms) ors: 54 (0ms) minofs: 27 (0ms) reads: 6151 (86ms) |
files: 0 ands: 5926 (56ms) ors: 54 (0ms) minofs: 14 (0ms) reads: 5926 (78ms) |
files: 0 ands: 5926 (55ms) ors: 54 (0ms) minofs: 14 (0ms) reads: 1927 (32ms) |
| apt_dubnium.yar | files: 4 ands: 7556 (190ms) ors: 603 (0ms) minofs: 63 (0ms) reads: 7309 (12536ms) |
files: 4 ands: 2607 (18ms) ors: 108 (0ms) minofs: 63 (0ms) reads: 2607 (24ms) |
files: 4 ands: 2064 (17ms) ors: 108 (0ms) minofs: 4 (0ms) reads: 2064 (55ms) |
files: 4 ands: 2064 (15ms) ors: 108 (0ms) minofs: 4 (0ms) reads: 1826 (18ms) |
| apt_duqu1_5_modules.yar | files: 0 ands: 1442 (73ms) ors: 117 (0ms) minofs: 9 (0ms) reads: 1291 (1066ms) |
files: 0 ands: 436 (4ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 436 (5ms) |
files: 0 ands: 93 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 93 (1ms) |
files: 0 ands: 93 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 93 (1ms) |
| apt_duqu2.yar | files: 0 ands: 29574 (743ms) ors: 486 (0ms) minofs: 45 (0ms) reads: 27409 (4382ms) |
files: 0 ands: 6525 (58ms) ors: 108 (0ms) minofs: 45 (0ms) reads: 6525 (139ms) |
files: 0 ands: 3217 (25ms) ors: 108 (0ms) minofs: 0 (0ms) reads: 3217 (75ms) |
files: 0 ands: 3217 (25ms) ors: 108 (0ms) minofs: 0 (0ms) reads: 1484 (28ms) |
| apt_dustman.yar | files: 0 ands: 9721 (386ms) ors: 576 (0ms) minofs: 36 (0ms) reads: 9230 (3677ms) |
files: 0 ands: 2750 (44ms) ors: 54 (0ms) minofs: 36 (0ms) reads: 2750 (101ms) |
files: 0 ands: 2349 (38ms) ors: 54 (0ms) minofs: 6 (0ms) reads: 2349 (65ms) |
files: 0 ands: 2349 (38ms) ors: 54 (0ms) minofs: 6 (0ms) reads: 1557 (26ms) |
| apt_emissary.yar | files: 0 ands: 4749 (214ms) ors: 270 (0ms) minofs: 9 (0ms) reads: 4557 (832ms) |
files: 0 ands: 1778 (22ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 1778 (25ms) |
files: 0 ands: 1437 (18ms) ors: 0 (0ms) minofs: 1 (0ms) reads: 1437 (21ms) |
files: 0 ands: 1437 (17ms) ors: 0 (0ms) minofs: 1 (0ms) reads: 1117 (14ms) |
| apt_eqgrp.yar | files: 171 ands: 335673 (11035ms) ors: 18225 (7ms) minofs: 1170 (0ms) reads: 316637 (68506ms) |
files: 171 ands: 73492 (778ms) ors: 2376 (0ms) minofs: 1170 (0ms) reads: 73474 (982ms) |
files: 171 ands: 47969 (470ms) ors: 2376 (0ms) minofs: 50 (0ms) reads: 47960 (853ms) |
files: 171 ands: 47969 (466ms) ors: 2376 (0ms) minofs: 50 (0ms) reads: 25288 (301ms) |
| apt_eqgrp_apr17.yar | files: 1122 ands: 318870 (7242ms) ors: 22437 (4ms) minofs: 2034 (0ms) reads: 301977 (50267ms) |
files: 1122 ands: 90860 (946ms) ors: 4050 (0ms) minofs: 2034 (0ms) reads: 90806 (1455ms) |
files: 1122 ands: 74722 (720ms) ors: 4050 (0ms) minofs: 163 (0ms) reads: 74686 (1115ms) |
files: 1122 ands: 74722 (721ms) ors: 4050 (0ms) minofs: 163 (0ms) reads: 40545 (429ms) |
| apt_eternalblue_non_wannacry.yar | files: 401 ands: 18065 (342ms) ors: 918 (0ms) minofs: 45 (0ms) reads: 17364 (784ms) |
files: 401 ands: 10512 (83ms) ors: 72 (0ms) minofs: 45 (0ms) reads: 10512 (98ms) |
files: 401 ands: 9237 (65ms) ors: 72 (0ms) minofs: 30 (0ms) reads: 9237 (86ms) |
files: 401 ands: 9237 (65ms) ors: 72 (0ms) minofs: 30 (0ms) reads: 3470 (42ms) |
| apt_exile_rat.yar | degenerate | degenerate | degenerate | degenerate |
| apt_f5_bigip_expl_payloads.yar | files: 0 ands: 2271 (24ms) ors: 342 (0ms) minofs: 18 (0ms) reads: 2093 (145ms) |
files: 0 ands: 820 (1ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 820 (4ms) |
files: 0 ands: 737 (1ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 737 (3ms) |
files: 0 ands: 737 (1ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 363 (1ms) |
| apt_fakem_backdoor.yar | files: 1247 ands: 4015 (128ms) ors: 396 (0ms) minofs: 45 (0ms) reads: 3826 (328ms) |
files: 1247 ands: 1737 (28ms) ors: 72 (0ms) minofs: 45 (0ms) reads: 1737 (41ms) |
files: 1247 ands: 1507 (27ms) ors: 72 (0ms) minofs: 21 (0ms) reads: 1507 (39ms) |
files: 1247 ands: 1507 (26ms) ors: 72 (0ms) minofs: 21 (0ms) reads: 1132 (25ms) |
| apt_fancybear_computrace_agent.yar | files: 6 ands: 637 (5ms) ors: 90 (0ms) minofs: 0 (0ms) reads: 576 (242ms) |
files: 6 ands: 346 (0ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 328 (3ms) |
files: 6 ands: 326 (1ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 312 (5ms) |
files: 6 ands: 326 (0ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 292 (3ms) |
| apt_fancybear_dnc.yar | files: 2030 ands: 4837 (116ms) ors: 423 (0ms) minofs: 18 (0ms) reads: 4556 (300ms) |
files: 2030 ands: 4098 (55ms) ors: 144 (0ms) minofs: 18 (0ms) reads: 4098 (137ms) |
files: 2030 ands: 4098 (56ms) ors: 144 (0ms) minofs: 9 (0ms) reads: 4098 (102ms) |
files: 2030 ands: 4098 (56ms) ors: 144 (0ms) minofs: 9 (0ms) reads: 2390 (36ms) |
| apt_fancybear_osxagent.yar | files: 0 ands: 1813 (14ms) ors: 189 (0ms) minofs: 18 (0ms) reads: 1653 (63ms) |
files: 0 ands: 460 (1ms) ors: 0 (0ms) minofs: 18 (0ms) reads: 442 (2ms) |
files: 0 ands: 87 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 78 (1ms) |
files: 0 ands: 87 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 78 (0ms) |
| apt_fidelis_phishing_plain_sight.yar | files: 0 ands: 1075 (24ms) ors: 144 (0ms) minofs: 18 (0ms) reads: 1010 (43ms) |
files: 0 ands: 409 (4ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 409 (5ms) |
files: 0 ands: 157 (1ms) ors: 18 (0ms) minofs: 1 (0ms) reads: 157 (2ms) |
files: 0 ands: 157 (1ms) ors: 18 (0ms) minofs: 1 (0ms) reads: 153 (2ms) |
| apt_fin7.yar | degenerate | degenerate | degenerate | degenerate |
| apt_fin7_backdoor.yar | files: 3 ands: 39487 (272ms) ors: 28985 (11ms) minofs: 63 (0ms) reads: 27312 (603ms) |
degenerate | degenerate | degenerate |
| apt_fin8.yar | files: 0 ands: 466 (0ms) ors: 108 (0ms) minofs: 18 (0ms) reads: 376 (216ms) |
files: 0 ands: 181 (0ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 181 (1113ms) |
files: 0 ands: 77 (0ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 77 (0ms) |
files: 0 ands: 77 (0ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 77 (0ms) |
| apt_flame2_orchestrator.yar | empty | empty | empty | empty |
| apt_foudre.yar | files: 93 ands: 33537 (840ms) ors: 612 (0ms) minofs: 54 (0ms) reads: 28891 (1944ms) |
files: 93 ands: 7288 (149ms) ors: 90 (0ms) minofs: 54 (0ms) reads: 7288 (2247ms) |
files: 93 ands: 5672 (58ms) ors: 90 (0ms) minofs: 24 (0ms) reads: 5672 (73ms) |
files: 93 ands: 5672 (57ms) ors: 90 (0ms) minofs: 24 (0ms) reads: 3478 (43ms) |
| apt_four_element_sword.yar | files: 20 ands: 19089 (567ms) ors: 1440 (2ms) minofs: 108 (0ms) reads: 17670 (1392ms) |
files: 20 ands: 5975 (174ms) ors: 234 (0ms) minofs: 108 (0ms) reads: 5957 (3667ms) |
files: 20 ands: 2592 (34ms) ors: 234 (0ms) minofs: 19 (0ms) reads: 2574 (45ms) |
files: 20 ands: 2592 (35ms) ors: 234 (0ms) minofs: 19 (0ms) reads: 1740 (30ms) |
| apt_freemilk.yar | degenerate | degenerate | degenerate | degenerate |
| apt_fujinama_rat.yar | files: 0 ands: 49086 (783ms) ors: 39988 (198ms) minofs: 9 (2ms) reads: 32936 (1812ms) |
degenerate | degenerate | degenerate |
| apt_furtim.yar | files: 0 ands: 4105 (135ms) ors: 423 (0ms) minofs: 36 (0ms) reads: 3698 (354ms) |
files: 0 ands: 1452 (35ms) ors: 72 (0ms) minofs: 36 (0ms) reads: 1434 (1691ms) |
files: 0 ands: 208 (0ms) ors: 72 (0ms) minofs: 0 (0ms) reads: 199 (1ms) |
files: 0 ands: 208 (0ms) ors: 72 (0ms) minofs: 0 (0ms) reads: 178 (1ms) |
| apt_fvey_shadowbroker_dec16.yar | files: 69 ands: 19537 (481ms) ors: 2745 (0ms) minofs: 225 (0ms) reads: 18390 (2274ms) |
files: 69 ands: 4497 (38ms) ors: 486 (0ms) minofs: 225 (0ms) reads: 4497 (6671ms) |
files: 69 ands: 4497 (30ms) ors: 486 (0ms) minofs: 19 (0ms) reads: 4497 (70ms) |
files: 69 ands: 4497 (24ms) ors: 486 (0ms) minofs: 19 (0ms) reads: 3817 (29ms) |
| apt_fvey_shadowbroker_jan17.yar | files: 2 ands: 8262 (219ms) ors: 936 (0ms) minofs: 54 (0ms) reads: 7912 (620ms) |
files: 2 ands: 1814 (24ms) ors: 234 (0ms) minofs: 54 (0ms) reads: 1814 (1627ms) |
files: 2 ands: 1225 (8ms) ors: 198 (0ms) minofs: 5 (0ms) reads: 1225 (12ms) |
files: 2 ands: 1225 (8ms) ors: 198 (0ms) minofs: 5 (0ms) reads: 933 (8ms) |
| apt_ghostdragon_gh0st_rat.yar | files: 3615 ands: 20839 (397ms) ors: 1548 (0ms) minofs: 63 (0ms) reads: 19837 (851ms) |
files: 3615 ands: 9299 (188ms) ors: 108 (0ms) minofs: 63 (0ms) reads: 9299 (2560ms) |
files: 3615 ands: 7989 (90ms) ors: 108 (0ms) minofs: 27 (0ms) reads: 7989 (117ms) |
files: 3615 ands: 7989 (90ms) ors: 108 (0ms) minofs: 27 (0ms) reads: 3655 (46ms) |
| apt_glassRAT.yar | files: 0 ands: 4420 (137ms) ors: 441 (0ms) minofs: 27 (0ms) reads: 4078 (520ms) |
files: 0 ands: 2134 (40ms) ors: 18 (0ms) minofs: 27 (0ms) reads: 2098 (3172ms) |
files: 0 ands: 1459 (16ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 1441 (18ms) |
files: 0 ands: 1459 (16ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 1272 (17ms) |
| apt_golddragon.yar | degenerate | degenerate | degenerate | degenerate |
| apt_goldenspy.yar | files: 0 ands: 4718 (162ms) ors: 207 (0ms) minofs: 9 (0ms) reads: 4584 (848ms) |
files: 0 ands: 2697 (92ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 2697 (5306ms) |
files: 0 ands: 2678 (62ms) ors: 0 (0ms) minofs: 6 (0ms) reads: 2678 (97ms) |
files: 0 ands: 2678 (64ms) ors: 0 (0ms) minofs: 6 (0ms) reads: 2029 (47ms) |
| apt_greenbug.yar | degenerate | degenerate | degenerate | degenerate |
| apt_greyenergy.yar | degenerate | degenerate | degenerate | degenerate |
| apt_grizzlybear_uscert.yar | degenerate | degenerate | degenerate | degenerate |
| apt_hackingteam_rules.yar | files: 0 ands: 17466 (436ms) ors: 846 (0ms) minofs: 36 (0ms) reads: 16249 (1141ms) |
files: 0 ands: 4878 (107ms) ors: 36 (0ms) minofs: 36 (0ms) reads: 4860 (2385ms) |
files: 0 ands: 1899 (21ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 1890 (31ms) |
files: 0 ands: 1899 (21ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 1201 (18ms) |
| apt_hafnium.yar | files: 6 ands: 196724 (2751ms) ors: 126923 (259ms) minofs: 252 (0ms) reads: 135729 (6534ms) |
degenerate | degenerate | degenerate |
| apt_hafnium_log_sigs.yar | files: 0 ands: 30996 (524ms) ors: 2718 (4ms) minofs: 45 (0ms) reads: 28032 (1863ms) |
files: 0 ands: 9297 (166ms) ors: 900 (6ms) minofs: 45 (0ms) reads: 8865 (3345ms) |
files: 0 ands: 7069 (86ms) ors: 548 (0ms) minofs: 7 (0ms) reads: 6917 (171ms) |
files: 0 ands: 7069 (84ms) ors: 548 (0ms) minofs: 7 (0ms) reads: 2643 (46ms) |
| apt_ham_tofu_chches.yar | files: 0 ands: 571 (6ms) ors: 108 (0ms) minofs: 0 (0ms) reads: 517 (55ms) |
files: 0 ands: 241 (2ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 241 (377ms) |
files: 0 ands: 241 (1ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 241 (2ms) |
files: 0 ands: 241 (1ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 241 (1ms) |
| apt_hatman.yar | files: 0 ands: 2683 (67ms) ors: 558 (0ms) minofs: 0 (0ms) reads: 1855 (566ms) |
files: 0 ands: 1512 (26ms) ors: 144 (0ms) minofs: 0 (0ms) reads: 1206 (4139ms) |
files: 0 ands: 282 (1ms) ors: 72 (0ms) minofs: 0 (0ms) reads: 228 (2ms) |
files: 0 ands: 282 (0ms) ors: 72 (0ms) minofs: 0 (0ms) reads: 153 (1ms) |
| apt_hellsing_kaspersky.yar | files: 0 ands: 70709 (599ms) ors: 44537 (9ms) minofs: 72 (0ms) reads: 49220 (2176ms) |
degenerate | degenerate | degenerate |
| apt_hidden_cobra.yar | files: 2 ands: 9876 (360ms) ors: 873 (0ms) minofs: 63 (0ms) reads: 9350 (1695ms) |
files: 2 ands: 4160 (98ms) ors: 126 (0ms) minofs: 63 (0ms) reads: 4088 (5850ms) |
files: 2 ands: 3100 (51ms) ors: 126 (0ms) minofs: 14 (0ms) reads: 3073 (65ms) |
files: 2 ands: 3100 (51ms) ors: 126 (0ms) minofs: 14 (0ms) reads: 2490 (47ms) |
| apt_hiddencobra_bankshot.yar | files: 108 ands: 13087 (279ms) ors: 945 (0ms) minofs: 36 (0ms) reads: 12183 (1702ms) |
files: 108 ands: 4260 (51ms) ors: 54 (0ms) minofs: 36 (0ms) reads: 4260 (6145ms) |
files: 108 ands: 4037 (34ms) ors: 54 (0ms) minofs: 9 (0ms) reads: 4037 (67ms) |
files: 108 ands: 4037 (33ms) ors: 54 (0ms) minofs: 9 (0ms) reads: 3439 (52ms) |
| apt_hiddencobra_wiper.yar | files: 0 ands: 2446 (74ms) ors: 189 (0ms) minofs: 18 (0ms) reads: 2068 (431ms) |
files: 0 ands: 1555 (35ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 1447 (5341ms) |
files: 0 ands: 941 (11ms) ors: 18 (0ms) minofs: 3 (0ms) reads: 905 (16ms) |
files: 0 ands: 941 (10ms) ors: 18 (0ms) minofs: 3 (0ms) reads: 878 (13ms) |
| apt_hizor_rat.yar | files: 0 ands: 5336 (158ms) ors: 414 (0ms) minofs: 9 (0ms) reads: 4473 (342ms) |
files: 0 ands: 1791 (33ms) ors: 90 (0ms) minofs: 9 (0ms) reads: 1647 (2052ms) |
files: 0 ands: 560 (6ms) ors: 26 (0ms) minofs: 1 (0ms) reads: 416 (9ms) |
files: 0 ands: 560 (5ms) ors: 26 (0ms) minofs: 1 (0ms) reads: 354 (7ms) |
| apt_hkdoor.yar | files: 7 ands: 11147 (163ms) ors: 729 (0ms) minofs: 36 (0ms) reads: 10787 (496ms) |
files: 7 ands: 4143 (70ms) ors: 54 (0ms) minofs: 36 (0ms) reads: 4143 (1360ms) |
files: 7 ands: 3448 (31ms) ors: 54 (0ms) minofs: 11 (0ms) reads: 3448 (50ms) |
files: 7 ands: 3448 (31ms) ors: 54 (0ms) minofs: 11 (0ms) reads: 1931 (24ms) |
| apt_iamtheking.yar | files: 11 ands: 13749 (336ms) ors: 720 (0ms) minofs: 27 (0ms) reads: 12424 (644ms) |
files: 11 ands: 5628 (139ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 5628 (521ms) |
files: 11 ands: 5612 (80ms) ors: 36 (0ms) minofs: 22 (0ms) reads: 5612 (122ms) |
files: 11 ands: 5612 (80ms) ors: 36 (0ms) minofs: 22 (0ms) reads: 1977 (33ms) |
| apt_icefog.yar | files: 0 ands: 5491 (162ms) ors: 234 (0ms) minofs: 9 (0ms) reads: 5061 (470ms) |
files: 0 ands: 1403 (29ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 1403 (793ms) |
files: 0 ands: 1403 (16ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 1403 (27ms) |
files: 0 ands: 1403 (16ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 1279 (22ms) |
| apt_indetectables_rat.yar | files: 29 ands: 19056 (483ms) ors: 477 (0ms) minofs: 27 (0ms) reads: 18005 (1947ms) |
files: 29 ands: 2519 (40ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 2519 (3228ms) |
files: 29 ands: 2197 (23ms) ors: 36 (0ms) minofs: 8 (0ms) reads: 2197 (33ms) |
files: 29 ands: 2197 (23ms) ors: 36 (0ms) minofs: 8 (0ms) reads: 1923 (28ms) |
| apt_industroyer.yar | files: 6626 ands: 57244 (1982ms) ors: 2826 (2ms) minofs: 117 (0ms) reads: 54471 (3970ms) |
files: 6626 ands: 21031 (784ms) ors: 234 (0ms) minofs: 117 (0ms) reads: 21031 (4707ms) |
files: 6626 ands: 19472 (498ms) ors: 234 (0ms) minofs: 42 (0ms) reads: 19472 (964ms) |
files: 6626 ands: 19472 (485ms) ors: 234 (0ms) minofs: 42 (0ms) reads: 5473 (114ms) |
| apt_inocnation.yar | files: 0 ands: 8387 (234ms) ors: 1206 (4ms) minofs: 9 (0ms) reads: 5852 (953ms) |
files: 0 ands: 4945 (162ms) ors: 36 (0ms) minofs: 9 (0ms) reads: 3865 (8496ms) |
files: 0 ands: 2711 (52ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 1931 (73ms) |
files: 0 ands: 2711 (51ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 1549 (32ms) |
| apt_irongate.yar | files: 0 ands: 13674 (351ms) ors: 1008 (0ms) minofs: 36 (0ms) reads: 12986 (792ms) |
files: 0 ands: 2308 (43ms) ors: 72 (0ms) minofs: 36 (0ms) reads: 2308 (598ms) |
files: 0 ands: 1324 (7ms) ors: 72 (0ms) minofs: 0 (0ms) reads: 1324 (12ms) |
files: 0 ands: 1324 (7ms) ors: 72 (0ms) minofs: 0 (0ms) reads: 701 (8ms) |
| apt_irontiger.yar | files: 10 ands: 34875 (560ms) ors: 2115 (0ms) minofs: 81 (0ms) reads: 33448 (1543ms) |
files: 10 ands: 12289 (158ms) ors: 144 (0ms) minofs: 81 (0ms) reads: 12289 (4165ms) |
files: 10 ands: 9413 (55ms) ors: 144 (0ms) minofs: 11 (0ms) reads: 9413 (175ms) |
files: 10 ands: 9413 (55ms) ors: 144 (0ms) minofs: 11 (0ms) reads: 3392 (38ms) |
| apt_irontiger_trendmicro.yar | files: 677 ands: 713991 (10906ms) ors: 569724 (1324ms) minofs: 189 (0ms) reads: 451997 (25133ms) |
degenerate | degenerate | degenerate |
| apt_ism_rat.yar | files: 0 ands: 3944 (110ms) ors: 108 (0ms) minofs: 9 (0ms) reads: 3638 (277ms) |
files: 0 ands: 1085 (27ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 1085 (1113ms) |
files: 0 ands: 422 (3ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 422 (7ms) |
files: 0 ands: 422 (3ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 392 (5ms) |
| apt_kaspersky_duqu2.yar | files: 0 ands: 114126 (1757ms) ors: 57611 (36ms) minofs: 126 (0ms) reads: 82570 (4542ms) |
degenerate | degenerate | degenerate |
| apt_ke3chang.yar | files: 0 ands: 4008 (97ms) ors: 315 (0ms) minofs: 36 (0ms) reads: 3825 (444ms) |
files: 0 ands: 1343 (19ms) ors: 36 (0ms) minofs: 36 (0ms) reads: 1307 (3354ms) |
files: 0 ands: 926 (12ms) ors: 36 (0ms) minofs: 1 (0ms) reads: 908 (22ms) |
files: 0 ands: 926 (12ms) ors: 36 (0ms) minofs: 1 (0ms) reads: 557 (13ms) |
| apt_keyboys.yar | degenerate | degenerate | degenerate | degenerate |
| apt_keylogger_cn.yar | files: 0 ands: 7447 (145ms) ors: 495 (0ms) minofs: 18 (0ms) reads: 7106 (307ms) |
files: 0 ands: 3624 (69ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 3624 (1752ms) |
files: 0 ands: 3624 (37ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 3624 (37ms) |
files: 0 ands: 3624 (37ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 2115 (20ms) |
| apt_khrat.yar | degenerate | degenerate | degenerate | degenerate |
| apt_korplug_fast.yar | files: 14 ands: 3576 (39ms) ors: 414 (0ms) minofs: 18 (0ms) reads: 3382 (97ms) |
files: 14 ands: 1377 (14ms) ors: 36 (0ms) minofs: 18 (0ms) reads: 1359 (1018ms) |
files: 14 ands: 1334 (9ms) ors: 36 (0ms) minofs: 9 (0ms) reads: 1316 (16ms) |
files: 14 ands: 1334 (9ms) ors: 36 (0ms) minofs: 9 (0ms) reads: 480 (6ms) |
| apt_kwampirs.yar | files: 0 ands: 868 (52ms) ors: 81 (0ms) minofs: 9 (0ms) reads: 796 (463ms) |
files: 0 ands: 471 (28ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 471 (1873ms) |
files: 0 ands: 337 (18ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 337 (44ms) |
files: 0 ands: 337 (11ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 335 (10ms) |
| apt_laudanum_webshells.yar | files: 0 ands: 27575 (415ms) ors: 2178 (0ms) minofs: 162 (0ms) reads: 25666 (1506ms) |
files: 0 ands: 8644 (90ms) ors: 306 (0ms) minofs: 162 (0ms) reads: 8644 (9163ms) |
files: 0 ands: 2895 (29ms) ors: 306 (0ms) minofs: 0 (0ms) reads: 2895 (36ms) |
files: 0 ands: 2895 (29ms) ors: 306 (0ms) minofs: 0 (0ms) reads: 2486 (27ms) |
| apt_lazarus_applejeus.yar | degenerate | degenerate | degenerate | degenerate |
| apt_lazarus_aug20.yar | files: 23 ands: 50839 (828ms) ors: 38857 (81ms) minofs: 27 (0ms) reads: 33081 (1563ms) |
files: 15616 ands: 3098 (138ms) ors: 162 (0ms) minofs: 27 (0ms) reads: 2954 (2501ms) |
files: 15616 ands: 2567 (55ms) ors: 90 (0ms) minofs: 9 (0ms) reads: 2423 (62ms) |
files: 15616 ands: 2567 (54ms) ors: 90 (0ms) minofs: 9 (0ms) reads: 1183 (28ms) |
| apt_lazarus_dec17.yar | files: 0 ands: 6288 (120ms) ors: 486 (0ms) minofs: 36 (0ms) reads: 5794 (639ms) |
files: 0 ands: 1785 (14ms) ors: 54 (0ms) minofs: 36 (0ms) reads: 1785 (3803ms) |
files: 0 ands: 1493 (7ms) ors: 54 (0ms) minofs: 3 (0ms) reads: 1493 (17ms) |
files: 0 ands: 1493 (7ms) ors: 54 (0ms) minofs: 3 (0ms) reads: 1458 (17ms) |
| apt_lazarus_dec20.yar | degenerate | degenerate | degenerate | degenerate |
| apt_lazarus_jan21.yar | files: 0 ands: 89 (0ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 71 (46ms) |
files: 0 ands: 35 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 35 (204ms) |
files: 0 ands: 35 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 35 (0ms) |
files: 0 ands: 35 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 35 (0ms) |
| apt_lazarus_jun18.yar | degenerate | degenerate | degenerate | degenerate |
| apt_lazarus_vhd_ransomware.yar | files: 0 ands: 1977 (55ms) ors: 198 (0ms) minofs: 18 (0ms) reads: 1808 (350ms) |
files: 0 ands: 707 (16ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 707 (2409ms) |
files: 0 ands: 629 (11ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 629 (12ms) |
files: 0 ands: 629 (10ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 611 (11ms) |
| apt_leviathan.yar | files: 1 ands: 15250 (258ms) ors: 1053 (0ms) minofs: 72 (0ms) reads: 14626 (688ms) |
files: 1 ands: 4425 (69ms) ors: 126 (0ms) minofs: 72 (0ms) reads: 4425 (3113ms) |
files: 1 ands: 3552 (33ms) ors: 126 (0ms) minofs: 1 (0ms) reads: 3552 (49ms) |
files: 1 ands: 3552 (32ms) ors: 126 (0ms) minofs: 1 (0ms) reads: 2027 (29ms) |
| apt_lnx_kobalos.yar | files: 234816 ands: 1659 (286ms) ors: 117 (0ms) minofs: 18 (0ms) reads: 1569 (486ms) |
files: 234816 ands: 1408 (451ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 1408 (2999ms) |
files: 234816 ands: 1408 (248ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 1408 (222ms) |
files: 234816 ands: 1408 (247ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 877 (55ms) |
| apt_lnx_linadoor_rootkit.yar | files: 0 ands: 3656 (52ms) ors: 486 (0ms) minofs: 18 (0ms) reads: 3350 (80ms) |
files: 0 ands: 1306 (45ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 1306 (3116ms) |
files: 0 ands: 1220 (26ms) ors: 18 (0ms) minofs: 2 (0ms) reads: 1220 (17ms) |
files: 0 ands: 1220 (26ms) ors: 18 (0ms) minofs: 2 (0ms) reads: 637 (9ms) |
| apt_lotusblossom_elise.yar | degenerate | degenerate | degenerate | degenerate |
| apt_magichound.yar | files: 0 ands: 5733 (110ms) ors: 423 (0ms) minofs: 27 (0ms) reads: 5472 (340ms) |
files: 0 ands: 1488 (22ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 1488 (2354ms) |
files: 0 ands: 1336 (12ms) ors: 36 (0ms) minofs: 4 (0ms) reads: 1336 (18ms) |
files: 0 ands: 1336 (12ms) ors: 36 (0ms) minofs: 4 (0ms) reads: 842 (11ms) |
| apt_mal_ilo_board_elf.yar | files: 0 ands: 2110 (17ms) ors: 234 (0ms) minofs: 18 (0ms) reads: 1990 (50ms) |
files: 0 ands: 360 (1ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 360 (133ms) |
files: 0 ands: 180 (0ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 180 (0ms) |
files: 0 ands: 180 (0ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 45 (0ms) |
| apt_microcin.yar | degenerate | degenerate | degenerate | degenerate |
| apt_middle_east_talosreport.yar | degenerate | degenerate | degenerate | degenerate |
| apt_miniasp.yar | files: 2 ands: 9693 (218ms) ors: 468 (0ms) minofs: 27 (0ms) reads: 9281 (573ms) |
files: 2 ands: 4409 (92ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 4409 (2934ms) |
files: 2 ands: 2715 (31ms) ors: 36 (0ms) minofs: 2 (0ms) reads: 2715 (52ms) |
files: 2 ands: 2715 (30ms) ors: 36 (0ms) minofs: 2 (0ms) reads: 1889 (22ms) |
| apt_minidionis.yar | files: 15 ands: 8580 (212ms) ors: 441 (0ms) minofs: 36 (0ms) reads: 7707 (593ms) |
files: 15 ands: 3116 (45ms) ors: 54 (0ms) minofs: 36 (0ms) reads: 3062 (1529ms) |
files: 15 ands: 1531 (12ms) ors: 54 (0ms) minofs: 11 (0ms) reads: 1497 (23ms) |
files: 15 ands: 1531 (12ms) ors: 54 (0ms) minofs: 11 (0ms) reads: 1173 (18ms) |
| apt_mofang.yar | files: 0 ands: 5755 (153ms) ors: 756 (4ms) minofs: 9 (0ms) reads: 5197 (551ms) |
files: 0 ands: 2334 (62ms) ors: 72 (0ms) minofs: 9 (0ms) reads: 2136 (4753ms) |
files: 0 ands: 669 (25ms) ors: 72 (0ms) minofs: 0 (0ms) reads: 531 (88ms) |
files: 0 ands: 669 (16ms) ors: 72 (0ms) minofs: 0 (0ms) reads: 456 (9ms) |
| apt_molerats_jul17.yar | files: 12 ands: 41031 (507ms) ors: 25162 (14ms) minofs: 63 (0ms) reads: 29273 (1945ms) |
degenerate | degenerate | degenerate |
| apt_monsoon.yar | degenerate | degenerate | degenerate | degenerate |
| apt_moonlightmaze.yar | files: 3 ands: 26776 (721ms) ors: 2079 (0ms) minofs: 81 (0ms) reads: 24852 (1790ms) |
files: 3 ands: 7093 (69ms) ors: 414 (0ms) minofs: 81 (0ms) reads: 7093 (6354ms) |
files: 3 ands: 6744 (47ms) ors: 414 (0ms) minofs: 21 (0ms) reads: 6744 (84ms) |
files: 3 ands: 6744 (46ms) ors: 414 (0ms) minofs: 21 (0ms) reads: 4699 (54ms) |
| apt_muddywater.yar | files: 2 ands: 21938 (437ms) ors: 405 (0ms) minofs: 36 (0ms) reads: 20503 (1679ms) |
files: 2 ands: 4180 (43ms) ors: 54 (0ms) minofs: 36 (0ms) reads: 4180 (5887ms) |
files: 2 ands: 2327 (20ms) ors: 54 (0ms) minofs: 2 (0ms) reads: 2327 (45ms) |
files: 2 ands: 2327 (20ms) ors: 54 (0ms) minofs: 2 (0ms) reads: 1587 (23ms) |
| apt_naikon.yar | files: 5 ands: 8277 (186ms) ors: 477 (0ms) minofs: 18 (0ms) reads: 7708 (493ms) |
files: 5 ands: 3768 (61ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 3768 (4477ms) |
files: 5 ands: 3768 (39ms) ors: 18 (0ms) minofs: 11 (0ms) reads: 3768 (51ms) |
files: 5 ands: 3768 (39ms) ors: 18 (0ms) minofs: 11 (0ms) reads: 2892 (37ms) |
| apt_nanocore_rat.yar | files: 119 ands: 17037 (199ms) ors: 1296 (0ms) minofs: 90 (0ms) reads: 16559 (629ms) |
files: 119 ands: 3165 (21ms) ors: 162 (0ms) minofs: 90 (0ms) reads: 3165 (6919ms) |
files: 119 ands: 2113 (8ms) ors: 162 (0ms) minofs: 20 (0ms) reads: 2113 (12ms) |
files: 119 ands: 2113 (8ms) ors: 162 (0ms) minofs: 20 (0ms) reads: 1407 (9ms) |
| apt_nazar.yar | files: 3 ands: 1623 (20ms) ors: 216 (0ms) minofs: 18 (0ms) reads: 1425 (388ms) |
files: 3 ands: 1003 (9ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 1003 (3626ms) |
files: 3 ands: 825 (5ms) ors: 18 (0ms) minofs: 2 (0ms) reads: 825 (8ms) |
files: 3 ands: 825 (5ms) ors: 18 (0ms) minofs: 2 (0ms) reads: 792 (9ms) |
| apt_ncsc_report_04_2018.yar | files: 196 ands: 16406 (372ms) ors: 1530 (0ms) minofs: 81 (0ms) reads: 15177 (1621ms) |
files: 196 ands: 3764 (74ms) ors: 270 (0ms) minofs: 81 (0ms) reads: 3728 (8440ms) |
files: 196 ands: 2427 (38ms) ors: 252 (0ms) minofs: 10 (0ms) reads: 2399 (58ms) |
files: 196 ands: 2427 (38ms) ors: 252 (0ms) minofs: 10 (0ms) reads: 2128 (38ms) |
| apt_netwire_rat.yar | files: 0 ands: 2497 (92ms) ors: 252 (0ms) minofs: 27 (0ms) reads: 2371 (237ms) |
files: 0 ands: 742 (45ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 742 (967ms) |
files: 0 ands: 592 (41ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 592 (25ms) |
files: 0 ands: 592 (40ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 592 (25ms) |
| apt_nk_gen.yar | files: 5 ands: 7192 (95ms) ors: 558 (0ms) minofs: 18 (0ms) reads: 6907 (297ms) |
files: 5 ands: 2215 (32ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 2215 (3592ms) |
files: 5 ands: 2183 (19ms) ors: 18 (0ms) minofs: 2 (0ms) reads: 2183 (46ms) |
files: 5 ands: 2183 (20ms) ors: 18 (0ms) minofs: 2 (0ms) reads: 1499 (17ms) |
| apt_nk_goldbackdoor.yar | files: 0 ands: 1677 (54ms) ors: 252 (0ms) minofs: 27 (0ms) reads: 1186 (361ms) |
files: 0 ands: 715 (17ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 607 (1820ms) |
files: 0 ands: 308 (3ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 299 (5ms) |
files: 0 ands: 308 (3ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 299 (5ms) |
| apt_nk_inkysquid.yar | files: 0 ands: 12024 (285ms) ors: 1116 (1ms) minofs: 54 (0ms) reads: 10130 (1380ms) |
files: 0 ands: 3233 (46ms) ors: 162 (0ms) minofs: 54 (0ms) reads: 2747 (8636ms) |
files: 0 ands: 2386 (31ms) ors: 162 (0ms) minofs: 8 (0ms) reads: 2091 (42ms) |
files: 0 ands: 2386 (21ms) ors: 162 (0ms) minofs: 8 (0ms) reads: 2028 (28ms) |
| apt_oilrig.yar | degenerate | degenerate | degenerate | degenerate |
| apt_oilrig_chafer_mar18.yar | files: 0 ands: 13176 (484ms) ors: 558 (0ms) minofs: 63 (0ms) reads: 12385 (1138ms) |
files: 0 ands: 1866 (41ms) ors: 126 (0ms) minofs: 63 (0ms) reads: 1866 (1821ms) |
files: 0 ands: 1813 (26ms) ors: 126 (0ms) minofs: 0 (0ms) reads: 1813 (25ms) |
files: 0 ands: 1813 (25ms) ors: 126 (0ms) minofs: 0 (0ms) reads: 1543 (18ms) |
| apt_oilrig_oct17.yar | degenerate | degenerate | degenerate | degenerate |
| apt_oilrig_rgdoor.yar | degenerate | degenerate | degenerate | degenerate |
| apt_olympic_destroyer.yar | degenerate | degenerate | degenerate | degenerate |
| apt_onhat_proxy.yar | files: 1 ands: 2236 (10ms) ors: 180 (0ms) minofs: 18 (0ms) reads: 2140 (30ms) |
files: 1 ands: 738 (0ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 738 (855ms) |
files: 1 ands: 714 (0ms) ors: 18 (0ms) minofs: 2 (0ms) reads: 714 (3ms) |
files: 1 ands: 714 (0ms) ors: 18 (0ms) minofs: 2 (0ms) reads: 253 (1ms) |
| apt_op_cleaver.yar | files: 0 ands: 33109 (489ms) ors: 17219 (12ms) minofs: 171 (0ms) reads: 25708 (2028ms) |
degenerate | degenerate | degenerate |
| apt_op_cloudhopper.yar | files: 223 ands: 45806 (929ms) ors: 3249 (0ms) minofs: 225 (0ms) reads: 42997 (2799ms) |
files: 223 ands: 16071 (243ms) ors: 414 (0ms) minofs: 225 (0ms) reads: 16053 (27067ms) |
files: 223 ands: 14677 (139ms) ors: 414 (0ms) minofs: 60 (0ms) reads: 14668 (229ms) |
files: 223 ands: 14677 (138ms) ors: 414 (0ms) minofs: 60 (0ms) reads: 6842 (101ms) |
| apt_op_honeybee.yar | degenerate | degenerate | degenerate | degenerate |
| apt_op_shadowhammer.yar | files: 0 ands: 509 (7ms) ors: 54 (0ms) minofs: 9 (0ms) reads: 491 (44ms) |
files: 0 ands: 72 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 72 (120ms) |
files: 0 ands: 72 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 72 (0ms) |
files: 0 ands: 72 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 36 (0ms) |
| apt_op_wocao.yar | files: 271 ands: 83070 (1940ms) ors: 4977 (1ms) minofs: 225 (0ms) reads: 77923 (6082ms) |
files: 271 ands: 18284 (319ms) ors: 1062 (0ms) minofs: 225 (0ms) reads: 18050 (21917ms) |
files: 271 ands: 15821 (174ms) ors: 1002 (0ms) minofs: 43 (0ms) reads: 15653 (333ms) |
files: 271 ands: 15821 (175ms) ors: 1002 (0ms) minofs: 43 (0ms) reads: 10008 (126ms) |
| apt_passcv.yar | files: 336 ands: 27466 (723ms) ors: 1890 (1ms) minofs: 117 (0ms) reads: 26181 (1901ms) |
files: 336 ands: 5460 (148ms) ors: 216 (0ms) minofs: 117 (0ms) reads: 5424 (8101ms) |
files: 336 ands: 1944 (25ms) ors: 216 (0ms) minofs: 12 (0ms) reads: 1926 (63ms) |
files: 336 ands: 1944 (26ms) ors: 216 (0ms) minofs: 12 (0ms) reads: 1361 (18ms) |
| apt_passthehashtoolkit.yar | files: 2 ands: 21524 (333ms) ors: 1215 (0ms) minofs: 63 (0ms) reads: 20922 (1186ms) |
files: 2 ands: 6305 (66ms) ors: 108 (0ms) minofs: 63 (0ms) reads: 6305 (5161ms) |
files: 2 ands: 4904 (29ms) ors: 108 (0ms) minofs: 13 (0ms) reads: 4904 (50ms) |
files: 2 ands: 4904 (29ms) ors: 108 (0ms) minofs: 13 (0ms) reads: 2972 (35ms) |
| apt_patchwork.yar | files: 455 ands: 3518 (72ms) ors: 153 (0ms) minofs: 9 (0ms) reads: 3401 (298ms) |
files: 455 ands: 2021 (24ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 2021 (2806ms) |
files: 455 ands: 2021 (24ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 2021 (64ms) |
files: 455 ands: 2021 (18ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 959 (15ms) |
| apt_plead_downloader.yar | files: 27 ands: 2424 (70ms) ors: 198 (0ms) minofs: 27 (0ms) reads: 2208 (86ms) |
files: 27 ands: 1354 (19ms) ors: 18 (0ms) minofs: 27 (0ms) reads: 1336 (562ms) |
files: 27 ands: 1354 (13ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 1336 (14ms) |
files: 27 ands: 1354 (12ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 364 (3ms) |
| apt_plugx.yar | files: 858 ands: 810 (7ms) ors: 36 (0ms) minofs: 9 (0ms) reads: 126 (9ms) |
files: 858 ands: 342 (2ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 126 (406ms) |
files: 858 ands: 342 (2ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 126 (4ms) |
files: 858 ands: 342 (2ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 63 (2ms) |
| apt_poisonivy.yar | files: 40 ands: 46731 (1965ms) ors: 2556 (5ms) minofs: 108 (2ms) reads: 42358 (3047ms) |
files: 40 ands: 13665 (364ms) ors: 180 (0ms) minofs: 108 (5ms) reads: 13647 (12183ms) |
files: 40 ands: 7489 (83ms) ors: 180 (0ms) minofs: 33 (2ms) reads: 7476 (183ms) |
files: 40 ands: 7489 (83ms) ors: 180 (0ms) minofs: 33 (2ms) reads: 4363 (66ms) |
| apt_poisonivy_gen3.yar | files: 0 ands: 2630 (139ms) ors: 405 (1ms) minofs: 18 (0ms) reads: 2432 (204ms) |
files: 0 ands: 1343 (67ms) ors: 36 (0ms) minofs: 18 (1ms) reads: 1343 (1575ms) |
files: 0 ands: 1343 (38ms) ors: 36 (0ms) minofs: 18 (0ms) reads: 1343 (40ms) |
files: 0 ands: 1343 (37ms) ors: 36 (0ms) minofs: 18 (0ms) reads: 1100 (26ms) |
| apt_poseidon_group.yar | files: 2 ands: 11429 (257ms) ors: 963 (0ms) minofs: 45 (0ms) reads: 10936 (787ms) |
files: 2 ands: 5720 (158ms) ors: 54 (0ms) minofs: 45 (0ms) reads: 5702 (4581ms) |
files: 2 ands: 4999 (76ms) ors: 54 (0ms) minofs: 18 (0ms) reads: 4987 (84ms) |
files: 2 ands: 4999 (75ms) ors: 54 (0ms) minofs: 18 (0ms) reads: 2154 (28ms) |
| apt_poshspy.yar | files: 2 ands: 1881 (40ms) ors: 162 (0ms) minofs: 9 (0ms) reads: 1804 (308ms) |
files: 2 ands: 445 (7ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 445 (2375ms) |
files: 2 ands: 445 (4ms) ors: 0 (0ms) minofs: 1 (0ms) reads: 445 (3ms) |
files: 2 ands: 445 (4ms) ors: 0 (0ms) minofs: 1 (0ms) reads: 444 (3ms) |
| apt_prikormka.yar | files: 501 ands: 15446 (425ms) ors: 1503 (0ms) minofs: 45 (0ms) reads: 14633 (1853ms) |
files: 501 ands: 4222 (50ms) ors: 108 (0ms) minofs: 45 (0ms) reads: 4222 (8671ms) |
files: 501 ands: 4149 (41ms) ors: 108 (0ms) minofs: 10 (0ms) reads: 4149 (83ms) |
files: 501 ands: 4149 (41ms) ors: 108 (0ms) minofs: 10 (0ms) reads: 2821 (44ms) |
| apt_project_m.yar | files: 80 ands: 7874 (230ms) ors: 567 (0ms) minofs: 27 (0ms) reads: 7176 (426ms) |
files: 80 ands: 2568 (54ms) ors: 54 (0ms) minofs: 27 (0ms) reads: 2568 (3230ms) |
files: 80 ands: 629 (6ms) ors: 54 (0ms) minofs: 9 (0ms) reads: 629 (9ms) |
files: 80 ands: 629 (6ms) ors: 54 (0ms) minofs: 9 (0ms) reads: 461 (8ms) |
| apt_project_sauron_extras.yar | files: 21 ands: 33672 (961ms) ors: 2520 (0ms) minofs: 207 (0ms) reads: 31181 (2801ms) |
files: 21 ands: 7183 (121ms) ors: 324 (0ms) minofs: 207 (0ms) reads: 7057 (17508ms) |
files: 21 ands: 3129 (21ms) ors: 324 (0ms) minofs: 9 (0ms) reads: 3057 (30ms) |
files: 21 ands: 3129 (21ms) ors: 324 (0ms) minofs: 9 (0ms) reads: 2233 (23ms) |
| apt_promethium_neodymium.yar | files: 1 ands: 31946 (878ms) ors: 1620 (0ms) minofs: 90 (0ms) reads: 29877 (1778ms) |
files: 1 ands: 8723 (270ms) ors: 162 (0ms) minofs: 90 (0ms) reads: 8723 (3922ms) |
files: 1 ands: 6914 (112ms) ors: 162 (0ms) minofs: 3 (0ms) reads: 6914 (162ms) |
files: 1 ands: 6914 (111ms) ors: 162 (0ms) minofs: 3 (0ms) reads: 1612 (22ms) |
| apt_pulsesecure.yar | degenerate | degenerate | degenerate | degenerate |
| apt_putterpanda.yar | files: 62 ands: 56076 (2249ms) ors: 3447 (4ms) minofs: 162 (2ms) reads: 52306 (3665ms) |
files: 62 ands: 18121 (708ms) ors: 234 (0ms) minofs: 162 (5ms) reads: 18031 (12013ms) |
files: 62 ands: 16044 (354ms) ors: 234 (0ms) minofs: 118 (2ms) reads: 15963 (329ms) |
files: 62 ands: 16044 (354ms) ors: 234 (0ms) minofs: 118 (2ms) reads: 7914 (140ms) |
| apt_quarkspwdump.yar | files: 0 ands: 1641 (95ms) ors: 99 (0ms) minofs: 9 (0ms) reads: 1578 (210ms) |
files: 0 ands: 602 (31ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 602 (564ms) |
files: 0 ands: 248 (13ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 248 (9ms) |
files: 0 ands: 248 (15ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 248 (10ms) |
| apt_quasar_rat.yar | files: 31 ands: 9903 (248ms) ors: 639 (0ms) minofs: 36 (0ms) reads: 9395 (798ms) |
files: 31 ands: 2431 (42ms) ors: 72 (0ms) minofs: 36 (0ms) reads: 2431 (4823ms) |
files: 31 ands: 1570 (15ms) ors: 72 (0ms) minofs: 9 (0ms) reads: 1570 (52ms) |
files: 31 ands: 1570 (15ms) ors: 72 (0ms) minofs: 9 (0ms) reads: 1378 (19ms) |
| apt_quasar_vermin.yar | files: 7 ands: 16960 (460ms) ors: 900 (0ms) minofs: 27 (0ms) reads: 16070 (875ms) |
files: 7 ands: 4097 (91ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 4079 (2354ms) |
files: 7 ands: 2754 (35ms) ors: 36 (0ms) minofs: 6 (0ms) reads: 2745 (38ms) |
files: 7 ands: 2754 (35ms) ors: 36 (0ms) minofs: 6 (0ms) reads: 1260 (21ms) |
| apt_rancor.yar | degenerate | degenerate | degenerate | degenerate |
| apt_reaver_sunorcal.yar | degenerate | degenerate | degenerate | degenerate |
| apt_rehashed_rat.yar | degenerate | degenerate | degenerate | degenerate |
| apt_revenge_rat.yar | files: 103 ands: 6509 (100ms) ors: 369 (0ms) minofs: 18 (0ms) reads: 6219 (204ms) |
files: 103 ands: 1757 (11ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 1757 (2629ms) |
files: 103 ands: 1370 (2ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 1370 (6ms) |
files: 103 ands: 1370 (2ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 600 (3ms) |
| apt_rocketkitten_keylogger.yar | files: 0 ands: 3389 (70ms) ors: 387 (0ms) minofs: 27 (0ms) reads: 3169 (177ms) |
files: 0 ands: 1024 (8ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 988 (1139ms) |
files: 0 ands: 246 (2ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 228 (2ms) |
files: 0 ands: 246 (2ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 205 (3ms) |
| apt_rokrat.yar | degenerate | degenerate | degenerate | degenerate |
| apt_royalroad.yar | files: 1 ands: 13102 (163ms) ors: 765 (0ms) minofs: 18 (0ms) reads: 12594 (809ms) |
files: 1 ands: 3746 (5ms) ors: 144 (0ms) minofs: 18 (0ms) reads: 3584 (4181ms) |
files: 1 ands: 3723 (4ms) ors: 144 (0ms) minofs: 9 (0ms) reads: 3561 (11ms) |
files: 1 ands: 3723 (4ms) ors: 144 (0ms) minofs: 9 (0ms) reads: 1510 (4ms) |
| apt_ruag.yar | degenerate | degenerate | degenerate | degenerate |
| apt_rwmc_powershell_creddump.yar | files: 0 ands: 3186 (82ms) ors: 234 (0ms) minofs: 18 (0ms) reads: 2943 (283ms) |
files: 0 ands: 510 (8ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 510 (1263ms) |
files: 0 ands: 278 (1ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 278 (2ms) |
files: 0 ands: 278 (1ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 278 (2ms) |
| apt_sakula.yar | files: 0 ands: 7736 (97ms) ors: 378 (0ms) minofs: 27 (0ms) reads: 7166 (563ms) |
files: 0 ands: 3595 (38ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 3523 (4514ms) |
files: 0 ands: 3402 (24ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 3370 (33ms) |
files: 0 ands: 3402 (24ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 2312 (25ms) |
| apt_sandworm_centreon.yar | files: 1 ands: 14783 (540ms) ors: 1962 (2ms) minofs: 162 (0ms) reads: 13562 (1571ms) |
files: 1 ands: 6022 (498ms) ors: 270 (0ms) minofs: 162 (0ms) reads: 5806 (8046ms) |
files: 1 ands: 3323 (251ms) ors: 270 (0ms) minofs: 1 (0ms) reads: 3232 (231ms) |
files: 1 ands: 3323 (253ms) ors: 270 (0ms) minofs: 1 (0ms) reads: 2131 (57ms) |
| apt_sandworm_cyclops_blink.yar | files: 0 ands: 7611 (125ms) ors: 1098 (0ms) minofs: 72 (0ms) reads: 6736 (678ms) |
files: 0 ands: 2535 (22ms) ors: 126 (0ms) minofs: 72 (0ms) reads: 2463 (5440ms) |
files: 0 ands: 1035 (8ms) ors: 126 (0ms) minofs: 0 (0ms) reads: 990 (11ms) |
files: 0 ands: 1035 (7ms) ors: 126 (0ms) minofs: 0 (0ms) reads: 739 (9ms) |
| apt_sandworm_exim_expl.yar | files: 0 ands: 8952 (165ms) ors: 1125 (0ms) minofs: 90 (0ms) reads: 8302 (765ms) |
files: 0 ands: 2404 (18ms) ors: 180 (0ms) minofs: 90 (0ms) reads: 2386 (4219ms) |
files: 0 ands: 1765 (10ms) ors: 180 (0ms) minofs: 0 (0ms) reads: 1756 (14ms) |
files: 0 ands: 1765 (12ms) ors: 180 (0ms) minofs: 0 (0ms) reads: 1341 (12ms) |
| apt_saudi_aramco_phish.yar | files: 273 ands: 1269 (30ms) ors: 27 (0ms) minofs: 9 (0ms) reads: 1233 (157ms) |
files: 273 ands: 963 (14ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 963 (1689ms) |
files: 273 ands: 963 (16ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 963 (48ms) |
files: 273 ands: 963 (12ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 801 (20ms) |
| apt_scanbox_deeppanda.yar | files: 0 ands: 4176 (94ms) ors: 342 (0ms) minofs: 27 (0ms) reads: 3956 (306ms) |
files: 0 ands: 1355 (23ms) ors: 18 (0ms) minofs: 27 (0ms) reads: 1337 (945ms) |
files: 0 ands: 1139 (13ms) ors: 18 (0ms) minofs: 3 (0ms) reads: 1127 (14ms) |
files: 0 ands: 1139 (13ms) ors: 18 (0ms) minofs: 3 (0ms) reads: 980 (10ms) |
| apt_scarcruft.yar | files: 0 ands: 1103 (26ms) ors: 54 (0ms) minofs: 9 (0ms) reads: 1049 (87ms) |
files: 0 ands: 293 (10ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 293 (144ms) |
files: 0 ands: 293 (6ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 293 (7ms) |
files: 0 ands: 293 (5ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 293 (6ms) |
| apt_seaduke_unit42.yar | files: 0 ands: 1380 (25ms) ors: 135 (0ms) minofs: 9 (0ms) reads: 1290 (75ms) |
files: 0 ands: 379 (2ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 379 (470ms) |
files: 0 ands: 28 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 28 (0ms) |
files: 0 ands: 28 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 28 (0ms) |
| apt_sednit_delphidownloader.yar | files: 195 ands: 19064 (229ms) ors: 531 (0ms) minofs: 18 (0ms) reads: 18799 (1309ms) |
files: 195 ands: 6434 (20ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 6434 (6317ms) |
files: 195 ands: 6434 (15ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 6434 (54ms) |
files: 195 ands: 6434 (15ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 4154 (21ms) |
| apt_servantshell.yar | files: 0 ands: 1169 (18ms) ors: 135 (0ms) minofs: 9 (0ms) reads: 1124 (60ms) |
files: 0 ands: 276 (2ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 276 (792ms) |
files: 0 ands: 94 (1ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 94 (2ms) |
files: 0 ands: 94 (1ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 94 (2ms) |
| apt_shadowpad.yar | degenerate | degenerate | degenerate | degenerate |
| apt_shamoon.yar | files: 0 ands: 2277 (123ms) ors: 153 (0ms) minofs: 9 (0ms) reads: 2097 (297ms) |
files: 0 ands: 340 (3ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 322 (274ms) |
files: 0 ands: 309 (2ms) ors: 18 (0ms) minofs: 2 (0ms) reads: 298 (5ms) |
files: 0 ands: 309 (2ms) ors: 18 (0ms) minofs: 2 (0ms) reads: 251 (3ms) |
| apt_shamoon2.yar | files: 0 ands: 14695 (283ms) ors: 630 (0ms) minofs: 45 (0ms) reads: 14235 (985ms) |
files: 0 ands: 2197 (41ms) ors: 72 (0ms) minofs: 45 (0ms) reads: 2197 (4235ms) |
files: 0 ands: 1841 (21ms) ors: 72 (0ms) minofs: 0 (0ms) reads: 1841 (35ms) |
files: 0 ands: 1841 (21ms) ors: 72 (0ms) minofs: 0 (0ms) reads: 972 (14ms) |
| apt_sharptongue.yar | files: 0 ands: 4801 (123ms) ors: 567 (0ms) minofs: 45 (0ms) reads: 4424 (385ms) |
files: 0 ands: 1318 (30ms) ors: 54 (0ms) minofs: 45 (0ms) reads: 1300 (1232ms) |
files: 0 ands: 586 (7ms) ors: 54 (0ms) minofs: 0 (0ms) reads: 577 (9ms) |
files: 0 ands: 586 (7ms) ors: 54 (0ms) minofs: 0 (0ms) reads: 384 (5ms) |
| apt_shellcrew_streamex.yar | files: 0 ands: 10224 (203ms) ors: 675 (0ms) minofs: 27 (0ms) reads: 9379 (1140ms) |
files: 0 ands: 3056 (67ms) ors: 144 (0ms) minofs: 27 (0ms) reads: 2966 (3304ms) |
files: 0 ands: 2203 (42ms) ors: 144 (0ms) minofs: 0 (0ms) reads: 2119 (63ms) |
files: 0 ands: 2203 (44ms) ors: 144 (0ms) minofs: 0 (0ms) reads: 1925 (45ms) |
| apt_sidewinder.yar | files: 0 ands: 3253 (106ms) ors: 225 (0ms) minofs: 18 (0ms) reads: 2950 (358ms) |
files: 0 ands: 861 (18ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 843 (2397ms) |
files: 0 ands: 631 (10ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 613 (20ms) |
files: 0 ands: 631 (10ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 525 (13ms) |
| apt_silence.yar | degenerate | degenerate | degenerate | degenerate |
| apt_skeletonkey.yar | files: 0 ands: 5151 (93ms) ors: 333 (0ms) minofs: 18 (0ms) reads: 4899 (554ms) |
files: 0 ands: 2780 (21ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 2726 (6280ms) |
files: 0 ands: 1944 (13ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 1916 (25ms) |
files: 0 ands: 1944 (14ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 1392 (18ms) |
| apt_slingshot.yar | degenerate | degenerate | degenerate | degenerate |
| apt_snaketurla_osx.yar | files: 0 ands: 3087 (50ms) ors: 315 (0ms) minofs: 45 (0ms) reads: 2919 (323ms) |
files: 0 ands: 569 (4ms) ors: 72 (0ms) minofs: 45 (0ms) reads: 569 (1550ms) |
files: 0 ands: 315 (2ms) ors: 72 (0ms) minofs: 0 (0ms) reads: 315 (3ms) |
files: 0 ands: 315 (2ms) ors: 72 (0ms) minofs: 0 (0ms) reads: 315 (2ms) |
| apt_snowglobe_babar.yar | files: 2 ands: 7114 (199ms) ors: 504 (0ms) minofs: 36 (0ms) reads: 6665 (511ms) |
files: 2 ands: 3014 (98ms) ors: 18 (0ms) minofs: 36 (0ms) reads: 2978 (3176ms) |
files: 2 ands: 1207 (27ms) ors: 18 (0ms) minofs: 4 (0ms) reads: 1187 (23ms) |
files: 2 ands: 1207 (15ms) ors: 18 (0ms) minofs: 4 (0ms) reads: 1185 (13ms) |
| apt_sofacy.yar | degenerate | degenerate | degenerate | degenerate |
| apt_sofacy_cannon.yar | files: 1 ands: 10714 (322ms) ors: 342 (0ms) minofs: 18 (0ms) reads: 9945 (712ms) |
files: 1 ands: 2487 (66ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 2487 (2014ms) |
files: 1 ands: 2487 (37ms) ors: 18 (0ms) minofs: 2 (0ms) reads: 2487 (47ms) |
files: 1 ands: 2487 (37ms) ors: 18 (0ms) minofs: 2 (0ms) reads: 1452 (25ms) |
| apt_sofacy_dec15.yar | files: 36 ands: 26325 (1140ms) ors: 918 (0ms) minofs: 81 (0ms) reads: 23449 (1992ms) |
files: 36 ands: 4838 (111ms) ors: 126 (0ms) minofs: 81 (0ms) reads: 4820 (3906ms) |
files: 36 ands: 2317 (53ms) ors: 108 (0ms) minofs: 16 (0ms) reads: 2308 (48ms) |
files: 36 ands: 2317 (55ms) ors: 108 (0ms) minofs: 16 (0ms) reads: 1416 (29ms) |
| apt_sofacy_fysbis.yar | files: 8 ands: 8699 (161ms) ors: 441 (0ms) minofs: 36 (0ms) reads: 8427 (418ms) |
files: 8 ands: 2671 (39ms) ors: 36 (0ms) minofs: 36 (0ms) reads: 2653 (1740ms) |
files: 8 ands: 2132 (21ms) ors: 36 (0ms) minofs: 10 (0ms) reads: 2118 (27ms) |
files: 8 ands: 2132 (21ms) ors: 36 (0ms) minofs: 10 (0ms) reads: 1250 (15ms) |
| apt_sofacy_hospitality.yar | files: 0 ands: 395 (2ms) ors: 99 (0ms) minofs: 18 (0ms) reads: 332 (131ms) |
files: 0 ands: 145 (0ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 145 (807ms) |
files: 0 ands: 70 (0ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 70 (0ms) |
files: 0 ands: 70 (0ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 70 (0ms) |
| apt_sofacy_jun16.yar | files: 0 ands: 5557 (147ms) ors: 405 (0ms) minofs: 36 (0ms) reads: 5315 (426ms) |
files: 0 ands: 975 (13ms) ors: 72 (0ms) minofs: 36 (0ms) reads: 975 (955ms) |
files: 0 ands: 695 (5ms) ors: 72 (0ms) minofs: 1 (0ms) reads: 695 (7ms) |
files: 0 ands: 695 (5ms) ors: 72 (0ms) minofs: 1 (0ms) reads: 551 (6ms) |
| apt_sofacy_oct17_camp.yar | degenerate | degenerate | degenerate | degenerate |
| apt_sofacy_xtunnel_bundestag.yar | degenerate | degenerate | degenerate | degenerate |
| apt_sofacy_zebrocy.yar | files: 0 ands: 2115 (55ms) ors: 342 (2ms) minofs: 9 (0ms) reads: 1900 (181ms) |
files: 0 ands: 694 (3ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 622 (1115ms) |
files: 0 ands: 70 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 34 (0ms) |
files: 0 ands: 70 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 34 (0ms) |
| apt_solarwinds_sunburst.yar | files: 1606 ands: 192743 (2330ms) ors: 124935 (207ms) minofs: 54 (1ms) reads: 129146 (7261ms) |
degenerate | degenerate | degenerate |
| apt_solarwinds_susp_sunburst.yar | files: 0 ands: 1412 (88ms) ors: 180 (0ms) minofs: 0 (0ms) reads: 1263 (253ms) |
files: 0 ands: 212 (0ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 140 (245ms) |
files: 0 ands: 107 (0ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 83 (1ms) |
files: 0 ands: 107 (0ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 83 (1ms) |
| apt_sphinx_moth.yar | files: 0 ands: 11141 (304ms) ors: 1062 (0ms) minofs: 81 (0ms) reads: 10505 (1408ms) |
files: 0 ands: 3296 (41ms) ors: 126 (0ms) minofs: 81 (0ms) reads: 3260 (6423ms) |
files: 0 ands: 696 (2ms) ors: 126 (0ms) minofs: 0 (0ms) reads: 678 (5ms) |
files: 0 ands: 696 (2ms) ors: 126 (0ms) minofs: 0 (0ms) reads: 545 (3ms) |
| apt_stealer_cisa_ar22_277a.yar | files: 0 ands: 5789 (113ms) ors: 549 (0ms) minofs: 27 (0ms) reads: 5533 (481ms) |
files: 0 ands: 1226 (14ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 1208 (3258ms) |
files: 0 ands: 616 (6ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 604 (6ms) |
files: 0 ands: 616 (3ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 532 (3ms) |
| apt_stonedrill.yar | files: 20323 ands: 64244 (1353ms) ors: 32081 (121ms) minofs: 108 (2ms) reads: 48501 (2767ms) |
files: 522427 ands: 11537 (287ms) ors: 270 (1ms) minofs: 108 (0ms) reads: 11375 (6812ms) |
files: 522427 ands: 10721 (169ms) ors: 234 (0ms) minofs: 40 (0ms) reads: 10703 (328ms) |
files: 522427 ands: 10721 (160ms) ors: 234 (1ms) minofs: 40 (0ms) reads: 3891 (93ms) |
| apt_stuxnet.yar | files: 12 ands: 32629 (671ms) ors: 1161 (0ms) minofs: 72 (0ms) reads: 30756 (2259ms) |
files: 12 ands: 9485 (170ms) ors: 180 (0ms) minofs: 72 (0ms) reads: 9467 (15575ms) |
files: 12 ands: 6622 (73ms) ors: 180 (0ms) minofs: 15 (0ms) reads: 6613 (147ms) |
files: 12 ands: 6622 (73ms) ors: 180 (0ms) minofs: 15 (0ms) reads: 3894 (61ms) |
| apt_stuxshop.yar | files: 1 ands: 14705 (491ms) ors: 747 (0ms) minofs: 36 (0ms) reads: 13716 (1843ms) |
files: 1 ands: 6033 (215ms) ors: 162 (0ms) minofs: 36 (0ms) reads: 5907 (12373ms) |
files: 1 ands: 4566 (102ms) ors: 132 (0ms) minofs: 1 (0ms) reads: 4476 (160ms) |
files: 1 ands: 4566 (102ms) ors: 132 (0ms) minofs: 1 (0ms) reads: 3444 (79ms) |
| apt_suckfly.yar | degenerate | degenerate | degenerate | degenerate |
| apt_sunspot.yar | files: 0 ands: 10002 (133ms) ors: 909 (0ms) minofs: 27 (0ms) reads: 9407 (731ms) |
files: 0 ands: 2546 (12ms) ors: 72 (0ms) minofs: 27 (0ms) reads: 2546 (1559ms) |
files: 0 ands: 2446 (7ms) ors: 72 (0ms) minofs: 0 (0ms) reads: 2446 (11ms) |
files: 0 ands: 2446 (7ms) ors: 72 (0ms) minofs: 0 (0ms) reads: 487 (4ms) |
| apt_sysscan.yar | files: 1 ands: 14773 (365ms) ors: 5068 (13ms) minofs: 27 (0ms) reads: 12423 (892ms) |
files: 3216 ands: 2399 (38ms) ors: 162 (0ms) minofs: 27 (0ms) reads: 2399 (1608ms) |
files: 3216 ands: 2032 (23ms) ors: 137 (0ms) minofs: 10 (0ms) reads: 2032 (36ms) |
files: 3216 ands: 2032 (23ms) ors: 137 (0ms) minofs: 10 (0ms) reads: 1784 (27ms) |
| apt_ta17_293A.yar | degenerate | degenerate | degenerate | degenerate |
| apt_ta17_318A.yar | degenerate | degenerate | degenerate | degenerate |
| apt_ta17_318B.yar | degenerate | degenerate | degenerate | degenerate |
| apt_ta18_074A.yar | files: 1 ands: 31680 (551ms) ors: 18729 (31ms) minofs: 36 (0ms) reads: 21821 (1125ms) |
degenerate | degenerate | degenerate |
| apt_ta18_149A.yar | degenerate | degenerate | degenerate | degenerate |
| apt_ta459.yar | files: 0 ands: 3591 (93ms) ors: 180 (0ms) minofs: 27 (0ms) reads: 3356 (306ms) |
files: 0 ands: 490 (4ms) ors: 18 (0ms) minofs: 27 (0ms) reads: 472 (896ms) |
files: 0 ands: 85 (0ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 76 (0ms) |
files: 0 ands: 85 (0ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 76 (0ms) |
| apt_telebots.yar | files: 165 ands: 35365 (795ms) ors: 2088 (0ms) minofs: 117 (0ms) reads: 32948 (1425ms) |
files: 165 ands: 11222 (172ms) ors: 216 (0ms) minofs: 117 (0ms) reads: 11222 (7959ms) |
files: 165 ands: 7484 (62ms) ors: 216 (0ms) minofs: 12 (0ms) reads: 7484 (97ms) |
files: 165 ands: 7484 (62ms) ors: 216 (0ms) minofs: 12 (0ms) reads: 3691 (48ms) |
| apt_terracotta.yar | files: 0 ands: 7952 (151ms) ors: 558 (0ms) minofs: 45 (0ms) reads: 7672 (634ms) |
files: 0 ands: 2185 (21ms) ors: 72 (0ms) minofs: 45 (0ms) reads: 2185 (2956ms) |
files: 0 ands: 1343 (14ms) ors: 72 (0ms) minofs: 1 (0ms) reads: 1343 (21ms) |
files: 0 ands: 1343 (14ms) ors: 72 (0ms) minofs: 1 (0ms) reads: 1149 (20ms) |
| apt_terracotta_liudoor.yar | files: 0 ands: 1105 (39ms) ors: 234 (1ms) minofs: 9 (0ms) reads: 1015 (114ms) |
files: 0 ands: 327 (4ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 327 (1081ms) |
files: 0 ands: 158 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 158 (2ms) |
files: 0 ands: 158 (1ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 158 (2ms) |
| apt_tetris.yar | files: 18 ands: 28126 (435ms) ors: 2358 (0ms) minofs: 81 (0ms) reads: 26491 (1250ms) |
files: 18 ands: 6907 (91ms) ors: 162 (0ms) minofs: 81 (0ms) reads: 6871 (10866ms) |
files: 18 ands: 3567 (36ms) ors: 144 (0ms) minofs: 6 (0ms) reads: 3558 (51ms) |
files: 18 ands: 3567 (37ms) ors: 144 (0ms) minofs: 6 (0ms) reads: 3077 (42ms) |
| apt_threatgroup_3390.yar | files: 85 ands: 42216 (698ms) ors: 3870 (0ms) minofs: 90 (0ms) reads: 39470 (3050ms) |
files: 85 ands: 15975 (200ms) ors: 126 (0ms) minofs: 90 (0ms) reads: 15921 (24432ms) |
files: 85 ands: 13166 (84ms) ors: 126 (0ms) minofs: 9 (0ms) reads: 13139 (146ms) |
files: 85 ands: 13166 (84ms) ors: 126 (0ms) minofs: 9 (0ms) reads: 7814 (73ms) |
| apt_thrip.yar | degenerate | degenerate | degenerate | degenerate |
| apt_tick_datper.yar | degenerate | degenerate | degenerate | degenerate |
| apt_tick_weaponized_usb.yar | degenerate | degenerate | degenerate | degenerate |
| apt_tidepool.yar | files: 0 ands: 11610 (290ms) ors: 315 (0ms) minofs: 18 (0ms) reads: 10933 (687ms) |
files: 0 ands: 3878 (105ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 3878 (2005ms) |
files: 0 ands: 2262 (36ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 2262 (37ms) |
files: 0 ands: 2262 (36ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 985 (15ms) |
| apt_tophat.yar | degenerate | degenerate | degenerate | degenerate |
| apt_triton.yar | files: 92 ands: 146945 (2462ms) ors: 128347 (476ms) minofs: 27 (7ms) reads: 97818 (4309ms) |
degenerate | degenerate | degenerate |
| apt_triton_mal_sshdoor.yar | files: 7 ands: 21474 (323ms) ors: 2529 (3ms) minofs: 153 (0ms) reads: 19094 (1167ms) |
files: 7 ands: 8983 (94ms) ors: 378 (0ms) minofs: 153 (0ms) reads: 8533 (11488ms) |
files: 7 ands: 2413 (20ms) ors: 46 (0ms) minofs: 2 (0ms) reads: 2344 (27ms) |
files: 7 ands: 2413 (20ms) ors: 46 (0ms) minofs: 2 (0ms) reads: 1681 (17ms) |
| apt_turbo_campaign.yar | files: 80 ands: 62550 (1452ms) ors: 13971 (18ms) minofs: 144 (1ms) reads: 54369 (2700ms) |
files: 1722 ands: 21438 (442ms) ors: 918 (2ms) minofs: 144 (2ms) reads: 21114 (17556ms) |
files: 1722 ands: 10090 (119ms) ors: 497 (0ms) minofs: 49 (1ms) reads: 9793 (232ms) |
files: 1722 ands: 10090 (134ms) ors: 497 (0ms) minofs: 49 (1ms) reads: 4241 (70ms) |
| apt_turla.yar | degenerate | degenerate | degenerate | degenerate |
| apt_turla_gazer.yar | degenerate | degenerate | degenerate | degenerate |
| apt_turla_kazuar.yar | degenerate | degenerate | degenerate | degenerate |
| apt_turla_mosquito.yar | degenerate | degenerate | degenerate | degenerate |
| apt_turla_neuron.yar | files: 117 ands: 24437 (557ms) ors: 1233 (0ms) minofs: 45 (0ms) reads: 23494 (2890ms) |
files: 117 ands: 3343 (42ms) ors: 108 (0ms) minofs: 45 (0ms) reads: 3325 (7257ms) |
files: 117 ands: 2265 (12ms) ors: 108 (0ms) minofs: 3 (0ms) reads: 2247 (16ms) |
files: 117 ands: 2265 (12ms) ors: 108 (0ms) minofs: 3 (0ms) reads: 1960 (14ms) |
| apt_turla_penquin.yar | files: 0 ands: 3749 (85ms) ors: 441 (0ms) minofs: 18 (0ms) reads: 3479 (599ms) |
files: 0 ands: 1276 (30ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 1276 (2940ms) |
files: 0 ands: 1032 (28ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 1032 (21ms) |
files: 0 ands: 1032 (25ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 1019 (18ms) |
| apt_turla_png_dropper_nov18.yar | files: 0 ands: 5434 (179ms) ors: 306 (0ms) minofs: 27 (0ms) reads: 5057 (415ms) |
files: 0 ands: 1261 (16ms) ors: 18 (0ms) minofs: 27 (0ms) reads: 1243 (3085ms) |
files: 0 ands: 1201 (11ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 1183 (14ms) |
files: 0 ands: 1201 (11ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 994 (13ms) |
| apt_ua_caddywiper.yar | files: 0 ands: 1604 (48ms) ors: 162 (0ms) minofs: 18 (0ms) reads: 1460 (65ms) |
files: 0 ands: 952 (39ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 952 (4863ms) |
files: 0 ands: 297 (8ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 297 (6ms) |
files: 0 ands: 297 (11ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 218 (6ms) |
| apt_ua_hermetic_wiper.yar | files: 0 ands: 35331 (842ms) ors: 1431 (0ms) minofs: 45 (0ms) reads: 33416 (2231ms) |
files: 0 ands: 8148 (152ms) ors: 360 (0ms) minofs: 45 (0ms) reads: 8130 (6176ms) |
files: 0 ands: 6212 (87ms) ors: 276 (0ms) minofs: 9 (0ms) reads: 6202 (245ms) |
files: 0 ands: 6212 (70ms) ors: 276 (0ms) minofs: 9 (0ms) reads: 4074 (76ms) |
| apt_ua_isaacwiper.yar | degenerate | degenerate | degenerate | degenerate |
| apt_ua_wiper_whispergate.yar | files: 0 ands: 20652 (555ms) ors: 1134 (0ms) minofs: 81 (0ms) reads: 19547 (1299ms) |
files: 0 ands: 4146 (121ms) ors: 144 (0ms) minofs: 81 (0ms) reads: 4146 (10488ms) |
files: 0 ands: 1903 (23ms) ors: 144 (0ms) minofs: 0 (0ms) reads: 1903 (31ms) |
files: 0 ands: 1903 (23ms) ors: 144 (0ms) minofs: 0 (0ms) reads: 1274 (22ms) |
| apt_uboat_rat.yar | files: 0 ands: 4787 (338ms) ors: 360 (2ms) minofs: 18 (0ms) reads: 4616 (653ms) |
files: 0 ands: 2195 (251ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 2159 (4753ms) |
files: 0 ands: 897 (67ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 878 (255ms) |
files: 0 ands: 897 (44ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 808 (30ms) |
| apt_unc1151_ua.yar | files: 0 ands: 1434 (48ms) ors: 99 (0ms) minofs: 9 (0ms) reads: 1347 (158ms) |
files: 0 ands: 491 (9ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 473 (1310ms) |
files: 0 ands: 144 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 126 (0ms) |
files: 0 ands: 144 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 126 (0ms) |
| apt_unc2447_sombrat.yar | files: 1 ands: 25096 (703ms) ors: 1620 (0ms) minofs: 99 (0ms) reads: 23195 (1817ms) |
files: 1 ands: 8190 (264ms) ors: 216 (0ms) minofs: 99 (0ms) reads: 8046 (14770ms) |
files: 1 ands: 6283 (129ms) ors: 198 (0ms) minofs: 2 (0ms) reads: 6176 (225ms) |
files: 1 ands: 6283 (128ms) ors: 198 (0ms) minofs: 2 (0ms) reads: 3813 (86ms) |
| apt_unc2546_dewmode.yar | files: 0 ands: 5401 (63ms) ors: 522 (0ms) minofs: 27 (0ms) reads: 5010 (118ms) |
files: 0 ands: 1963 (14ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 1963 (3856ms) |
files: 0 ands: 1778 (6ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 1778 (12ms) |
files: 0 ands: 1778 (6ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 790 (5ms) |
| apt_unc3886_virtualpita.yar | files: 27533 ands: 6901 (171ms) ors: 783 (6ms) minofs: 45 (0ms) reads: 2734 (352ms) |
files: 27533 ands: 3130 (120ms) ors: 72 (0ms) minofs: 45 (0ms) reads: 1636 (3627ms) |
files: 27533 ands: 1828 (52ms) ors: 72 (0ms) minofs: 26 (0ms) reads: 781 (37ms) |
files: 27533 ands: 1828 (51ms) ors: 72 (0ms) minofs: 26 (0ms) reads: 642 (26ms) |
| apt_unit78020_malware.yar | files: 5 ands: 39641 (1059ms) ors: 1620 (0ms) minofs: 63 (0ms) reads: 36734 (2408ms) |
files: 5 ands: 12599 (228ms) ors: 108 (0ms) minofs: 63 (0ms) reads: 12599 (7599ms) |
files: 5 ands: 12231 (134ms) ors: 108 (0ms) minofs: 24 (0ms) reads: 12231 (238ms) |
files: 5 ands: 12231 (123ms) ors: 108 (0ms) minofs: 24 (0ms) reads: 7641 (109ms) |
| apt_uscert_ta17-1117a.yar | files: 0 ands: 21977 (338ms) ors: 15292 (32ms) minofs: 36 (0ms) reads: 14783 (1082ms) |
degenerate | degenerate | degenerate |
| apt_venom_linux_rootkit.yar | files: 0 ands: 3703 (89ms) ors: 297 (0ms) minofs: 9 (0ms) reads: 3586 (402ms) |
files: 0 ands: 983 (17ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 983 (717ms) |
files: 0 ands: 977 (10ms) ors: 0 (0ms) minofs: 5 (0ms) reads: 977 (20ms) |
files: 0 ands: 977 (10ms) ors: 0 (0ms) minofs: 5 (0ms) reads: 548 (9ms) |
| apt_volatile_cedar.yar | files: 172 ands: 14730 (302ms) ors: 927 (0ms) minofs: 45 (0ms) reads: 13757 (1040ms) |
files: 172 ands: 5732 (83ms) ors: 90 (0ms) minofs: 45 (0ms) reads: 5732 (6242ms) |
files: 172 ands: 3271 (45ms) ors: 90 (0ms) minofs: 2 (0ms) reads: 3271 (47ms) |
files: 172 ands: 3271 (41ms) ors: 90 (0ms) minofs: 2 (0ms) reads: 2329 (32ms) |
| apt_vpnfilter.yar | files: 0 ands: 11152 (189ms) ors: 747 (0ms) minofs: 54 (0ms) reads: 10651 (500ms) |
files: 0 ands: 3932 (62ms) ors: 90 (0ms) minofs: 54 (0ms) reads: 3932 (1929ms) |
files: 0 ands: 2842 (26ms) ors: 90 (0ms) minofs: 1 (0ms) reads: 2842 (27ms) |
files: 0 ands: 2842 (26ms) ors: 90 (0ms) minofs: 1 (0ms) reads: 1894 (19ms) |
| apt_waterbear.yar | files: 10 ands: 20636 (526ms) ors: 1827 (0ms) minofs: 135 (0ms) reads: 19401 (1319ms) |
files: 10 ands: 7565 (134ms) ors: 252 (0ms) minofs: 135 (0ms) reads: 7547 (7222ms) |
files: 10 ands: 5962 (63ms) ors: 236 (0ms) minofs: 40 (0ms) reads: 5952 (83ms) |
files: 10 ands: 5962 (62ms) ors: 236 (0ms) minofs: 40 (0ms) reads: 4959 (63ms) |
| apt_waterbug.yar | files: 0 ands: 6778 (193ms) ors: 720 (0ms) minofs: 27 (0ms) reads: 5895 (1585ms) |
files: 0 ands: 3699 (47ms) ors: 162 (0ms) minofs: 27 (0ms) reads: 3483 (13091ms) |
files: 0 ands: 1908 (37ms) ors: 162 (0ms) minofs: 0 (0ms) reads: 1763 (297ms) |
files: 0 ands: 1908 (19ms) ors: 162 (0ms) minofs: 0 (0ms) reads: 1634 (29ms) |
| apt_webmonitor_rat.yar | files: 4 ands: 32162 (1139ms) ors: 792 (0ms) minofs: 36 (0ms) reads: 28992 (1971ms) |
files: 4 ands: 5734 (100ms) ors: 36 (0ms) minofs: 36 (0ms) reads: 5716 (2206ms) |
files: 4 ands: 5689 (53ms) ors: 36 (0ms) minofs: 18 (0ms) reads: 5671 (90ms) |
files: 4 ands: 5689 (52ms) ors: 36 (0ms) minofs: 18 (0ms) reads: 1817 (25ms) |
| apt_webshell_chinachopper.yar | files: 3 ands: 954 (14ms) ors: 171 (0ms) minofs: 9 (0ms) reads: 702 (33ms) |
files: 3 ands: 362 (5ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 254 (180ms) |
files: 3 ands: 326 (3ms) ors: 0 (0ms) minofs: 2 (0ms) reads: 227 (2ms) |
files: 3 ands: 326 (3ms) ors: 0 (0ms) minofs: 2 (0ms) reads: 227 (2ms) |
| apt_wildneutron.yar | files: 15 ands: 73699 (2156ms) ors: 3528 (1ms) minofs: 135 (0ms) reads: 68160 (4371ms) |
files: 15 ands: 24580 (569ms) ors: 252 (0ms) minofs: 135 (0ms) reads: 24544 (13253ms) |
files: 15 ands: 8758 (85ms) ors: 252 (0ms) minofs: 17 (0ms) reads: 8740 (186ms) |
files: 15 ands: 8758 (84ms) ors: 252 (0ms) minofs: 17 (0ms) reads: 4537 (65ms) |
| apt_wilted_tulip.yar | degenerate | degenerate | degenerate | degenerate |
| apt_win_plugx.yar | files: 8 ands: 39470 (952ms) ors: 1512 (0ms) minofs: 45 (0ms) reads: 35950 (2041ms) |
files: 8 ands: 12510 (300ms) ors: 72 (0ms) minofs: 45 (0ms) reads: 12510 (3201ms) |
files: 8 ands: 11410 (153ms) ors: 72 (0ms) minofs: 16 (0ms) reads: 11410 (395ms) |
files: 8 ands: 11410 (152ms) ors: 72 (0ms) minofs: 16 (0ms) reads: 4093 (69ms) |
| apt_winnti.yar | degenerate | degenerate | degenerate | degenerate |
| apt_winnti_br.yar | degenerate | degenerate | degenerate | degenerate |
| apt_winnti_burning_umbrella.yar | degenerate | degenerate | degenerate | degenerate |
| apt_winnti_hdroot.yar | files: 5 ands: 21810 (473ms) ors: 882 (0ms) minofs: 45 (0ms) reads: 20772 (1076ms) |
files: 5 ands: 9854 (191ms) ors: 72 (0ms) minofs: 45 (0ms) reads: 9854 (4123ms) |
files: 5 ands: 7624 (76ms) ors: 72 (0ms) minofs: 7 (0ms) reads: 7624 (83ms) |
files: 5 ands: 7624 (76ms) ors: 72 (0ms) minofs: 7 (0ms) reads: 3485 (40ms) |
| apt_winnti_linux.yar | files: 0 ands: 5692 (83ms) ors: 747 (0ms) minofs: 36 (0ms) reads: 5404 (355ms) |
files: 0 ands: 1547 (12ms) ors: 54 (0ms) minofs: 36 (0ms) reads: 1511 (2029ms) |
files: 0 ands: 566 (4ms) ors: 54 (0ms) minofs: 0 (0ms) reads: 548 (22ms) |
files: 0 ands: 566 (5ms) ors: 54 (0ms) minofs: 0 (0ms) reads: 544 (7ms) |
| apt_winnti_ms_report_201701.yar | files: 12 ands: 1864 (38ms) ors: 297 (0ms) minofs: 36 (0ms) reads: 1765 (117ms) |
files: 12 ands: 585 (4ms) ors: 54 (0ms) minofs: 36 (0ms) reads: 585 (1032ms) |
files: 12 ands: 554 (3ms) ors: 54 (0ms) minofs: 9 (0ms) reads: 554 (9ms) |
files: 12 ands: 554 (3ms) ors: 54 (0ms) minofs: 9 (0ms) reads: 325 (6ms) |
| apt_woolengoldfish.yar | files: 1 ands: 19983 (514ms) ors: 1080 (0ms) minofs: 63 (0ms) reads: 19097 (1203ms) |
files: 1 ands: 7382 (188ms) ors: 90 (0ms) minofs: 63 (0ms) reads: 7364 (3529ms) |
files: 1 ands: 4885 (75ms) ors: 90 (0ms) minofs: 11 (0ms) reads: 4876 (174ms) |
files: 1 ands: 4885 (75ms) ors: 90 (0ms) minofs: 11 (0ms) reads: 3797 (72ms) |
| apt_xrat.yar | files: 0 ands: 16321 (419ms) ors: 477 (0ms) minofs: 18 (0ms) reads: 15253 (906ms) |
files: 0 ands: 3162 (81ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 3162 (1288ms) |
files: 0 ands: 3162 (43ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 3162 (55ms) |
files: 0 ands: 3162 (43ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 2051 (33ms) |
| apt_zxshell.yar | degenerate | degenerate | degenerate | degenerate |
| cn_pentestset_scripts.yar | files: 302 ands: 19977 (643ms) ors: 1872 (1ms) minofs: 189 (0ms) reads: 18632 (11038ms) |
files: 302 ands: 6323 (85ms) ors: 360 (0ms) minofs: 189 (0ms) reads: 6323 (4835ms) |
files: 302 ands: 3445 (43ms) ors: 360 (0ms) minofs: 9 (0ms) reads: 3445 (58ms) |
files: 302 ands: 3445 (32ms) ors: 360 (0ms) minofs: 9 (0ms) reads: 2955 (38ms) |
| cn_pentestset_tools.yar | files: 1431 ands: 211827 (8815ms) ors: 13428 (10ms) minofs: 1224 (1ms) reads: 200130 (85889ms) |
files: 1431 ands: 60865 (1251ms) ors: 2430 (0ms) minofs: 1224 (0ms) reads: 60865 (40930ms) |
files: 1431 ands: 41710 (492ms) ors: 2430 (0ms) minofs: 176 (0ms) reads: 41710 (754ms) |
files: 1431 ands: 41710 (491ms) ors: 2430 (0ms) minofs: 176 (0ms) reads: 26491 (329ms) |
| cn_pentestset_webshells.yar | files: 11 ands: 62950 (1424ms) ors: 5544 (0ms) minofs: 594 (0ms) reads: 58823 (40624ms) |
files: 11 ands: 20750 (201ms) ors: 1170 (0ms) minofs: 594 (0ms) reads: 20750 (17599ms) |
files: 11 ands: 12732 (68ms) ors: 1170 (0ms) minofs: 18 (0ms) reads: 12732 (111ms) |
files: 11 ands: 12732 (67ms) ors: 1170 (0ms) minofs: 18 (0ms) reads: 9174 (74ms) |
| crime_academic_data_centers_camp_may20.yar | files: 0 ands: 778 (36ms) ors: 90 (0ms) minofs: 18 (0ms) reads: 706 (2836ms) |
files: 0 ands: 490 (12ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 490 (1249ms) |
files: 0 ands: 260 (2ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 260 (28ms) |
files: 0 ands: 260 (2ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 255 (5ms) |
| crime_andromeda_jun17.yar | files: 1725 ands: 11548 (476ms) ors: 450 (0ms) minofs: 18 (0ms) reads: 10823 (2751ms) |
files: 1725 ands: 3986 (102ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 3986 (1155ms) |
files: 1725 ands: 3986 (57ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 3986 (109ms) |
files: 1725 ands: 3986 (56ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 1613 (28ms) |
| crime_antifw_installrex.yar | files: 0 ands: 3609 (246ms) ors: 135 (0ms) minofs: 9 (0ms) reads: 3369 (1007ms) |
files: 0 ands: 1228 (55ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 1228 (1073ms) |
files: 0 ands: 276 (5ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 276 (44ms) |
files: 0 ands: 276 (4ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 254 (4ms) |
| crime_atm_dispenserxfs.yar | degenerate | degenerate | degenerate | degenerate |
| crime_atm_javadipcash.yar | files: 0 ands: 4950 (290ms) ors: 432 (0ms) minofs: 9 (0ms) reads: 4590 (1884ms) |
files: 0 ands: 809 (7ms) ors: 108 (0ms) minofs: 9 (0ms) reads: 809 (576ms) |
files: 0 ands: 134 (0ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 134 (1ms) |
files: 0 ands: 134 (0ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 134 (1ms) |
| crime_atm_loup.yar | files: 0 ands: 943 (27ms) ors: 72 (0ms) minofs: 9 (0ms) reads: 872 (1445ms) |
files: 0 ands: 311 (5ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 293 (800ms) |
files: 0 ands: 131 (1ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 122 (1ms) |
files: 0 ands: 131 (1ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 122 (1ms) |
| crime_atm_xfsadm.yar | files: 0 ands: 2485 (119ms) ors: 333 (0ms) minofs: 9 (0ms) reads: 2276 (2300ms) |
files: 0 ands: 871 (27ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 853 (2088ms) |
files: 0 ands: 833 (21ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 815 (55ms) |
files: 0 ands: 833 (18ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 671 (17ms) |
| crime_atm_xfscashncr.yar | files: 0 ands: 53409 (192ms) ors: 47702 (22ms) minofs: 18 (0ms) reads: 31845 (23986ms) |
degenerate | degenerate | degenerate |
| crime_bad_patch.yar | files: 5250 ands: 45092 (1573ms) ors: 1089 (0ms) minofs: 27 (0ms) reads: 41269 (6366ms) |
files: 5250 ands: 7636 (235ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 7636 (2825ms) |
files: 5250 ands: 7636 (127ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 7636 (137ms) |
files: 5250 ands: 7636 (126ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 3421 (45ms) |
| crime_badrabbit.yar | files: 120 ands: 28655 (995ms) ors: 630 (0ms) minofs: 27 (0ms) reads: 26940 (3872ms) |
files: 120 ands: 5336 (113ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 5336 (1753ms) |
files: 120 ands: 5336 (61ms) ors: 36 (0ms) minofs: 12 (0ms) reads: 5336 (91ms) |
files: 120 ands: 5336 (61ms) ors: 36 (0ms) minofs: 12 (0ms) reads: 3054 (40ms) |
| crime_bazarbackdoor.yar | files: 0 ands: 2438 (34ms) ors: 324 (2ms) minofs: 9 (0ms) reads: 872 (2161ms) |
files: 0 ands: 1426 (21ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 832 (3810ms) |
files: 0 ands: 107 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 80 (0ms) |
files: 0 ands: 107 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 80 (0ms) |
| crime_bernhard_pos.yar | files: 157 ands: 2646 (84ms) ors: 306 (1ms) minofs: 9 (0ms) reads: 1762 (4667ms) |
files: 157 ands: 1590 (51ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 1248 (4450ms) |
files: 157 ands: 938 (15ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 669 (37ms) |
files: 157 ands: 938 (15ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 665 (14ms) |
| crime_bluenoroff_pos.yar | files: 0 ands: 46280 (1019ms) ors: 37160 (119ms) minofs: 9 (0ms) reads: 29618 (23271ms) |
degenerate | degenerate | degenerate |
| crime_buzus_softpulse.yar | files: 0 ands: 11984 (565ms) ors: 369 (0ms) minofs: 18 (0ms) reads: 10697 (2337ms) |
files: 0 ands: 3011 (84ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 2993 (393ms) |
files: 0 ands: 773 (8ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 764 (12ms) |
files: 0 ands: 773 (9ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 755 (13ms) |
| crime_cmstar.yar | files: 0 ands: 495 (3ms) ors: 144 (0ms) minofs: 9 (0ms) reads: 387 (1059ms) |
files: 0 ands: 267 (3ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 267 (1485ms) |
files: 0 ands: 125 (1ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 125 (1ms) |
files: 0 ands: 125 (2ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 118 (1ms) |
| crime_cn_campaign_njrat.yar | degenerate | degenerate | degenerate | degenerate |
| crime_cn_group_btc.yar | files: 1 ands: 4771 (129ms) ors: 198 (0ms) minofs: 27 (0ms) reads: 4681 (2610ms) |
files: 1 ands: 1328 (9ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 1328 (1414ms) |
files: 1 ands: 877 (9ms) ors: 36 (0ms) minofs: 2 (0ms) reads: 877 (16ms) |
files: 1 ands: 877 (4ms) ors: 36 (0ms) minofs: 2 (0ms) reads: 840 (8ms) |
| crime_cobalt_gang_pdf.yar | files: 0 ands: 2432 (69ms) ors: 72 (0ms) minofs: 9 (0ms) reads: 2374 (1644ms) |
files: 0 ands: 286 (1ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 286 (1031ms) |
files: 0 ands: 286 (2ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 286 (4ms) |
files: 0 ands: 286 (1ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 286 (4ms) |
| crime_cobaltgang.yar | degenerate | degenerate | degenerate | degenerate |
| crime_corkow_dll.yar | degenerate | degenerate | degenerate | degenerate |
| crime_covid_ransom.yar | files: 0 ands: 829 (58ms) ors: 81 (0ms) minofs: 9 (0ms) reads: 750 (1265ms) |
files: 0 ands: 268 (32ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 268 (774ms) |
files: 0 ands: 268 (31ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 268 (16ms) |
files: 0 ands: 268 (27ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 241 (10ms) |
| crime_credstealer_generic.yar | files: 1 ands: 5571 (239ms) ors: 270 (0ms) minofs: 9 (0ms) reads: 5367 (2701ms) |
files: 1 ands: 1544 (38ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 1544 (700ms) |
files: 1 ands: 1410 (20ms) ors: 0 (0ms) minofs: 1 (0ms) reads: 1410 (21ms) |
files: 1 ands: 1410 (21ms) ors: 0 (0ms) minofs: 1 (0ms) reads: 1192 (18ms) |
| crime_crypto_miner.yar | files: 60 ands: 2745 (117ms) ors: 306 (0ms) minofs: 27 (0ms) reads: 2593 (916ms) |
files: 60 ands: 410 (3ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 410 (250ms) |
files: 60 ands: 296 (1ms) ors: 36 (0ms) minofs: 9 (0ms) reads: 296 (42ms) |
files: 60 ands: 296 (1ms) ors: 36 (0ms) minofs: 9 (0ms) reads: 210 (2ms) |
| crime_cryptowall_svg.yar | files: 0 ands: 7502 (118ms) ors: 7004 (31ms) minofs: 9 (0ms) reads: 4774 (4984ms) |
degenerate | degenerate | degenerate |
| crime_dearcry_ransom.yar | files: 0 ands: 9383 (261ms) ors: 963 (0ms) minofs: 45 (0ms) reads: 8912 (3606ms) |
files: 0 ands: 3581 (40ms) ors: 72 (0ms) minofs: 45 (0ms) reads: 3581 (527ms) |
files: 0 ands: 3297 (23ms) ors: 72 (0ms) minofs: 14 (0ms) reads: 3297 (41ms) |
files: 0 ands: 3297 (20ms) ors: 72 (0ms) minofs: 14 (0ms) reads: 1285 (13ms) |
| crime_dexter_trojan.yar | files: 0 ands: 3582 (138ms) ors: 99 (0ms) minofs: 9 (0ms) reads: 3258 (272ms) |
files: 0 ands: 954 (32ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 954 (154ms) |
files: 0 ands: 68 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 68 (0ms) |
files: 0 ands: 68 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 68 (0ms) |
| crime_dridex_xml.yar | files: 0 ands: 1413 (57ms) ors: 162 (0ms) minofs: 9 (0ms) reads: 1334 (1514ms) |
files: 0 ands: 440 (8ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 440 (1206ms) |
files: 0 ands: 169 (4ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 169 (6ms) |
files: 0 ands: 169 (4ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 169 (3ms) |
| crime_emotet.yar | degenerate | degenerate | degenerate | degenerate |
| crime_enfal.yar | files: 0 ands: 9069 (485ms) ors: 522 (0ms) minofs: 36 (0ms) reads: 8412 (3660ms) |
files: 0 ands: 1496 (16ms) ors: 36 (0ms) minofs: 36 (0ms) reads: 1478 (1656ms) |
files: 0 ands: 587 (4ms) ors: 36 (0ms) minofs: 3 (0ms) reads: 578 (7ms) |
files: 0 ands: 587 (4ms) ors: 36 (0ms) minofs: 3 (0ms) reads: 496 (6ms) |
| crime_envrial.yar | files: 0 ands: 17649 (537ms) ors: 441 (0ms) minofs: 27 (0ms) reads: 16673 (2216ms) |
files: 0 ands: 3086 (64ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 3086 (761ms) |
files: 0 ands: 3086 (34ms) ors: 36 (0ms) minofs: 1 (0ms) reads: 3086 (60ms) |
files: 0 ands: 3086 (35ms) ors: 36 (0ms) minofs: 1 (0ms) reads: 1732 (30ms) |
| crime_eternalrocks.yar | files: 0 ands: 4722 (119ms) ors: 279 (0ms) minofs: 27 (0ms) reads: 4551 (6168ms) |
files: 0 ands: 1076 (3ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 1076 (3117ms) |
files: 0 ands: 568 (4ms) ors: 36 (0ms) minofs: 3 (0ms) reads: 568 (8ms) |
files: 0 ands: 568 (2ms) ors: 36 (0ms) minofs: 3 (0ms) reads: 523 (3ms) |
| crime_evilcorp_dridex_banker.yar | degenerate | degenerate | degenerate | degenerate |
| crime_fareit.yar | files: 37 ands: 558 (50ms) ors: 54 (0ms) minofs: 0 (0ms) reads: 495 (85ms) |
files: 37 ands: 207 (3ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 189 (77ms) |
files: 37 ands: 207 (3ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 189 (13ms) |
files: 37 ands: 207 (3ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 180 (11ms) |
| crime_fireball.yar | files: 170 ands: 36003 (1645ms) ors: 1737 (1ms) minofs: 99 (0ms) reads: 33872 (12571ms) |
files: 170 ands: 8930 (292ms) ors: 216 (0ms) minofs: 99 (0ms) reads: 8930 (3121ms) |
files: 170 ands: 6517 (122ms) ors: 216 (0ms) minofs: 28 (0ms) reads: 6517 (162ms) |
files: 170 ands: 6517 (123ms) ors: 216 (0ms) minofs: 28 (0ms) reads: 4580 (85ms) |
| crime_floxif_flystudio.yar | degenerate | degenerate | degenerate | degenerate |
| crime_gamaredon.yar | files: 0 ands: 226 (1ms) ors: 36 (0ms) minofs: 9 (0ms) reads: 190 (887ms) |
files: 0 ands: 130 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 130 (702ms) |
files: 0 ands: 87 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 87 (0ms) |
files: 0 ands: 87 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 87 (1ms) |
| crime_goldeneye.yar | files: 0 ands: 1279 (28ms) ors: 99 (0ms) minofs: 9 (0ms) reads: 1215 (1095ms) |
files: 0 ands: 387 (2ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 387 (256ms) |
files: 0 ands: 387 (1ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 387 (4ms) |
files: 0 ands: 387 (1ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 387 (4ms) |
| crime_gozi_crypter.yar | files: 31710 ands: 252 (16ms) ors: 36 (2ms) minofs: 9 (0ms) reads: 90 (114ms) |
files: 31710 ands: 144 (16ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 90 (130ms) |
files: 31710 ands: 144 (9ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 90 (7ms) |
files: 31710 ands: 144 (9ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 72 (5ms) |
| crime_guloader.yar | files: 0 ands: 2185 (5ms) ors: 261 (0ms) minofs: 9 (0ms) reads: 970 (3945ms) |
files: 0 ands: 1002 (2ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 534 (3330ms) |
files: 0 ands: 98 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 71 (1ms) |
files: 0 ands: 98 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 71 (2ms) |
| crime_h2miner_kinsing.yar | files: 0 ands: 1945 (55ms) ors: 243 (0ms) minofs: 9 (0ms) reads: 1789 (2045ms) |
files: 0 ands: 640 (8ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 640 (848ms) |
files: 0 ands: 45 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 45 (0ms) |
files: 0 ands: 45 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 45 (0ms) |
| crime_hermes_ransom.yar | files: 0 ands: 3731 (99ms) ors: 324 (0ms) minofs: 27 (0ms) reads: 3560 (6876ms) |
files: 0 ands: 922 (15ms) ors: 0 (0ms) minofs: 27 (0ms) reads: 886 (950ms) |
files: 0 ands: 526 (11ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 508 (11ms) |
files: 0 ands: 526 (8ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 472 (7ms) |
| crime_icedid.yar | files: 4 ands: 16875 (1167ms) ors: 1926 (9ms) minofs: 54 (20ms) reads: 15945 (4960ms) |
files: 4 ands: 6965 (341ms) ors: 144 (0ms) minofs: 54 (21ms) reads: 6947 (2325ms) |
files: 4 ands: 2278 (43ms) ors: 144 (0ms) minofs: 8 (0ms) reads: 2269 (64ms) |
files: 4 ands: 2278 (41ms) ors: 144 (0ms) minofs: 8 (0ms) reads: 1737 (43ms) |
| crime_kasper_oct17.yar | degenerate | degenerate | degenerate | degenerate |
| crime_kins_dropper.yar | files: 0 ands: 8974 (232ms) ors: 675 (0ms) minofs: 45 (0ms) reads: 8058 (6608ms) |
files: 0 ands: 2948 (20ms) ors: 72 (0ms) minofs: 45 (0ms) reads: 2858 (4626ms) |
files: 0 ands: 715 (4ms) ors: 18 (0ms) minofs: 7 (0ms) reads: 685 (8ms) |
files: 0 ands: 715 (3ms) ors: 18 (0ms) minofs: 7 (0ms) reads: 543 (5ms) |
| crime_kr_malware.yar | files: 0 ands: 2451 (80ms) ors: 135 (0ms) minofs: 9 (0ms) reads: 2268 (3674ms) |
files: 0 ands: 180 (1ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 180 (812ms) |
files: 0 ands: 180 (1ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 180 (2ms) |
files: 0 ands: 180 (2ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 180 (4ms) |
| crime_kraken_bot1.yar | files: 0 ands: 918 (5ms) ors: 135 (0ms) minofs: 9 (0ms) reads: 873 (2486ms) |
files: 0 ands: 186 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 186 (819ms) |
files: 0 ands: 41 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 41 (0ms) |
files: 0 ands: 41 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 41 (0ms) |
| crime_kriskynote.yar | files: 0 ands: 4010 (208ms) ors: 288 (0ms) minofs: 27 (0ms) reads: 3803 (5726ms) |
files: 0 ands: 1933 (53ms) ors: 54 (0ms) minofs: 27 (0ms) reads: 1915 (4095ms) |
files: 0 ands: 1299 (35ms) ors: 36 (0ms) minofs: 9 (0ms) reads: 1290 (29ms) |
files: 0 ands: 1299 (27ms) ors: 36 (0ms) minofs: 9 (0ms) reads: 1290 (23ms) |
| crime_locky.yar | files: 20 ands: 358 (2ms) ors: 36 (0ms) minofs: 9 (0ms) reads: 322 (1503ms) |
files: 20 ands: 320 (1ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 320 (1478ms) |
files: 20 ands: 320 (2ms) ors: 0 (0ms) minofs: 8 (0ms) reads: 320 (5ms) |
files: 20 ands: 320 (1ms) ors: 0 (0ms) minofs: 8 (0ms) reads: 320 (3ms) |
| crime_loki_bot.yar | files: 2052 ands: 5374 (352ms) ors: 198 (0ms) minofs: 18 (0ms) reads: 5045 (2717ms) |
files: 2052 ands: 1877 (54ms) ors: 36 (0ms) minofs: 18 (0ms) reads: 1859 (1062ms) |
files: 2052 ands: 1877 (30ms) ors: 36 (0ms) minofs: 18 (0ms) reads: 1859 (65ms) |
files: 2052 ands: 1877 (29ms) ors: 36 (0ms) minofs: 18 (0ms) reads: 1022 (21ms) |
| crime_mal_grandcrab.yar | degenerate | degenerate | degenerate | degenerate |
| crime_mal_nitol.yar | degenerate | degenerate | degenerate | degenerate |
| crime_mal_ransom_wadharma.yar | degenerate | degenerate | degenerate | degenerate |
| crime_malumpos.yar | files: 0 ands: 2033 (54ms) ors: 135 (0ms) minofs: 9 (0ms) reads: 1898 (2826ms) |
files: 0 ands: 984 (17ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 966 (2587ms) |
files: 0 ands: 350 (12ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 350 (7ms) |
files: 0 ands: 350 (12ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 350 (7ms) |
| crime_malware_generic.yar | files: 0 ands: 12522 (1300ms) ors: 1035 (16ms) minofs: 36 (10ms) reads: 11976 (7330ms) |
files: 0 ands: 4357 (353ms) ors: 54 (0ms) minofs: 36 (10ms) reads: 4321 (2718ms) |
files: 0 ands: 2063 (27ms) ors: 54 (0ms) minofs: 1 (0ms) reads: 2036 (30ms) |
files: 0 ands: 2063 (28ms) ors: 54 (0ms) minofs: 1 (0ms) reads: 1949 (29ms) |
| crime_malware_set_oct16.yar | files: 5470 ands: 21556 (750ms) ors: 1593 (1ms) minofs: 99 (0ms) reads: 20593 (16373ms) |
files: 5470 ands: 10743 (217ms) ors: 180 (0ms) minofs: 99 (0ms) reads: 10743 (7575ms) |
files: 5470 ands: 9750 (125ms) ors: 180 (0ms) minofs: 45 (0ms) reads: 9750 (267ms) |
files: 5470 ands: 9750 (128ms) ors: 180 (0ms) minofs: 45 (0ms) reads: 4909 (75ms) |
| crime_maze_ransomware.yar | files: 0 ands: 6328 (184ms) ors: 612 (2ms) minofs: 18 (0ms) reads: 4186 (2793ms) |
files: 0 ands: 1910 (12ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 1154 (1063ms) |
files: 0 ands: 271 (2ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 256 (3ms) |
files: 0 ands: 271 (2ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 226 (3ms) |
| crime_mikey_trojan.yar | files: 0 ands: 4740 (105ms) ors: 144 (0ms) minofs: 9 (0ms) reads: 4515 (3099ms) |
files: 0 ands: 2508 (24ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 2490 (2090ms) |
files: 0 ands: 2508 (27ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 2490 (39ms) |
files: 0 ands: 2508 (21ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 1815 (20ms) |
| crime_mirai.yar | files: 0 ands: 12215 (236ms) ors: 1458 (0ms) minofs: 108 (0ms) reads: 11422 (8376ms) |
files: 0 ands: 3282 (28ms) ors: 162 (0ms) minofs: 108 (0ms) reads: 3246 (2355ms) |
files: 0 ands: 2262 (25ms) ors: 162 (0ms) minofs: 0 (0ms) reads: 2244 (28ms) |
files: 0 ands: 2262 (23ms) ors: 162 (0ms) minofs: 0 (0ms) reads: 1827 (23ms) |
| crime_mywscript_dropper.yar | files: 1 ands: 1494 (57ms) ors: 126 (0ms) minofs: 9 (0ms) reads: 1404 (648ms) |
files: 1 ands: 372 (8ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 372 (262ms) |
files: 1 ands: 358 (4ms) ors: 18 (0ms) minofs: 1 (0ms) reads: 358 (3ms) |
files: 1 ands: 358 (5ms) ors: 18 (0ms) minofs: 1 (0ms) reads: 192 (2ms) |
| crime_nansh0u.yar | degenerate | degenerate | degenerate | degenerate |
| crime_nkminer.yar | files: 4 ands: 12583 (659ms) ors: 504 (0ms) minofs: 9 (0ms) reads: 11738 (9508ms) |
files: 4 ands: 2126 (57ms) ors: 72 (0ms) minofs: 9 (0ms) reads: 2126 (1586ms) |
files: 4 ands: 2126 (32ms) ors: 72 (0ms) minofs: 3 (0ms) reads: 2126 (32ms) |
files: 4 ands: 2126 (32ms) ors: 72 (0ms) minofs: 3 (0ms) reads: 1430 (17ms) |
| crime_nopetya_jun17.yar | files: 6 ands: 29650 (907ms) ors: 621 (0ms) minofs: 18 (0ms) reads: 27950 (3283ms) |
files: 6 ands: 5352 (134ms) ors: 54 (0ms) minofs: 18 (0ms) reads: 5352 (809ms) |
files: 6 ands: 5232 (80ms) ors: 54 (0ms) minofs: 6 (0ms) reads: 5232 (150ms) |
files: 6 ands: 5232 (80ms) ors: 54 (0ms) minofs: 6 (0ms) reads: 2177 (47ms) |
| crime_ole_loadswf_cve_2018_4878.yar | files: 0 ands: 6943 (321ms) ors: 846 (0ms) minofs: 54 (0ms) reads: 6404 (2626ms) |
files: 0 ands: 1495 (19ms) ors: 234 (0ms) minofs: 54 (0ms) reads: 1423 (1319ms) |
files: 0 ands: 736 (7ms) ors: 72 (0ms) minofs: 14 (0ms) reads: 691 (11ms) |
files: 0 ands: 736 (6ms) ors: 72 (0ms) minofs: 14 (0ms) reads: 666 (9ms) |
| crime_parallax_rat.yar | files: 0 ands: 8112 (238ms) ors: 810 (7ms) minofs: 18 (0ms) reads: 2676 (6563ms) |
files: 0 ands: 4367 (142ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 2351 (8316ms) |
files: 0 ands: 1118 (48ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 757 (107ms) |
files: 0 ands: 1118 (42ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 550 (27ms) |
| crime_phish_gina_dec15.yar | files: 0 ands: 7694 (620ms) ors: 495 (1ms) minofs: 27 (0ms) reads: 7256 (3097ms) |
files: 0 ands: 1575 (51ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 1575 (1115ms) |
files: 0 ands: 1060 (23ms) ors: 36 (0ms) minofs: 6 (0ms) reads: 1060 (29ms) |
files: 0 ands: 1060 (23ms) ors: 36 (0ms) minofs: 6 (0ms) reads: 936 (25ms) |
| crime_ransom_conti.yar | files: 0 ands: 1442 (56ms) ors: 135 (2ms) minofs: 18 (0ms) reads: 713 (1109ms) |
files: 0 ands: 874 (39ms) ors: 0 (0ms) minofs: 18 (0ms) reads: 622 (1191ms) |
files: 0 ands: 811 (46ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 586 (166ms) |
files: 0 ands: 811 (24ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 487 (15ms) |
| crime_ransom_darkside.yar | files: 695732 ands: 13652 (645ms) ors: 1089 (25ms) minofs: 72 (5ms) reads: 12482 (9764ms) |
files: 695732 ands: 6254 (305ms) ors: 126 (2ms) minofs: 72 (6ms) reads: 5966 (5615ms) |
files: 695732 ands: 5391 (179ms) ors: 108 (1ms) minofs: 27 (3ms) reads: 5115 (269ms) |
files: 695732 ands: 5391 (166ms) ors: 108 (1ms) minofs: 27 (3ms) reads: 3084 (69ms) |
| crime_ransom_generic.yar | files: 571 ands: 16380 (804ms) ors: 1224 (0ms) minofs: 9 (0ms) reads: 15199 (3988ms) |
files: 571 ands: 3018 (31ms) ors: 306 (0ms) minofs: 9 (0ms) reads: 3018 (1293ms) |
files: 571 ands: 3018 (20ms) ors: 306 (0ms) minofs: 9 (0ms) reads: 3018 (37ms) |
files: 571 ands: 3018 (29ms) ors: 306 (0ms) minofs: 9 (0ms) reads: 1091 (20ms) |
| crime_ransom_germanwiper.yar | files: 0 ands: 3132 (59ms) ors: 324 (0ms) minofs: 18 (0ms) reads: 2906 (3673ms) |
files: 0 ands: 734 (8ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 698 (1412ms) |
files: 0 ands: 663 (10ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 627 (12ms) |
files: 0 ands: 663 (8ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 576 (11ms) |
| crime_ransom_lockergoga.yar | files: 34 ands: 8440 (468ms) ors: 180 (0ms) minofs: 9 (0ms) reads: 8086 (2939ms) |
files: 34 ands: 1746 (72ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 1746 (1549ms) |
files: 34 ands: 1746 (64ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 1746 (147ms) |
files: 34 ands: 1746 (41ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 1503 (36ms) |
| crime_ransom_prolock.yar | files: 0 ands: 31862 (147ms) ors: 30472 (31ms) minofs: 9 (0ms) reads: 18021 (32453ms) |
files: 0 ands: 278 (0ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 224 (1332ms) |
files: 0 ands: 188 (0ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 152 (0ms) |
files: 0 ands: 188 (0ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 152 (1ms) |
| crime_ransom_ragna_locker.yar | files: 0 ands: 15318 (799ms) ors: 855 (0ms) minofs: 63 (0ms) reads: 14064 (5887ms) |
files: 0 ands: 5107 (153ms) ors: 36 (0ms) minofs: 63 (0ms) reads: 5035 (3443ms) |
files: 0 ands: 2522 (52ms) ors: 36 (0ms) minofs: 6 (0ms) reads: 2485 (201ms) |
files: 0 ands: 2522 (47ms) ors: 36 (0ms) minofs: 6 (0ms) reads: 1100 (34ms) |
| crime_ransom_revil.yar | files: 136 ands: 2346 (184ms) ors: 216 (0ms) minofs: 18 (0ms) reads: 2184 (3793ms) |
files: 136 ands: 2088 (132ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 2088 (923ms) |
files: 136 ands: 2088 (71ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 2088 (82ms) |
files: 136 ands: 2088 (71ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 819 (25ms) |
| crime_ransom_robinhood.yar | files: 0 ands: 35683 (227ms) ors: 34603 (58ms) minofs: 9 (0ms) reads: 20420 (13940ms) |
degenerate | degenerate | degenerate |
| crime_ransom_stealbit_lockbit.yar | files: 0 ands: 294 (2ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 186 (742ms) |
files: 0 ands: 170 (1ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 134 (740ms) |
files: 0 ands: 123 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 105 (1ms) |
files: 0 ands: 123 (1ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 105 (1ms) |
| crime_ransom_venus.yar | degenerate | degenerate | degenerate | degenerate |
| crime_rat_parallax.yar | files: 0 ands: 11540 (213ms) ors: 1116 (4ms) minofs: 18 (0ms) reads: 5078 (9478ms) |
files: 0 ands: 6606 (129ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 4158 (3470ms) |
files: 0 ands: 1389 (45ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 966 (103ms) |
files: 0 ands: 1389 (24ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 647 (20ms) |
| crime_revil_general.yar | degenerate | degenerate | degenerate | degenerate |
| crime_rombertik_carbongrabber.yar | files: 0 ands: 11128 (402ms) ors: 1035 (1ms) minofs: 45 (0ms) reads: 10230 (5584ms) |
files: 0 ands: 3677 (93ms) ors: 72 (0ms) minofs: 45 (0ms) reads: 3677 (3298ms) |
files: 0 ands: 2667 (57ms) ors: 72 (0ms) minofs: 18 (0ms) reads: 2667 (91ms) |
files: 0 ands: 2667 (43ms) ors: 72 (0ms) minofs: 18 (0ms) reads: 2460 (41ms) |
| crime_ryuk_ransomware.yar | degenerate | degenerate | degenerate | degenerate |
| crime_shifu_trojan.yar | files: 0 ands: 4966 (324ms) ors: 378 (0ms) minofs: 18 (0ms) reads: 4654 (2908ms) |
files: 0 ands: 1247 (34ms) ors: 54 (0ms) minofs: 18 (0ms) reads: 1247 (1262ms) |
files: 0 ands: 439 (3ms) ors: 54 (0ms) minofs: 0 (0ms) reads: 439 (5ms) |
files: 0 ands: 439 (3ms) ors: 54 (0ms) minofs: 0 (0ms) reads: 430 (4ms) |
| crime_snarasite.yar | degenerate | degenerate | degenerate | degenerate |
| crime_socgholish.yar | files: 6237 ands: 4857 (172ms) ors: 522 (1ms) minofs: 36 (1ms) reads: 4463 (2610ms) |
files: 6237 ands: 1553 (16ms) ors: 54 (0ms) minofs: 36 (1ms) reads: 1517 (1974ms) |
files: 6237 ands: 686 (4ms) ors: 54 (0ms) minofs: 18 (0ms) reads: 650 (8ms) |
files: 6237 ands: 686 (4ms) ors: 54 (0ms) minofs: 18 (0ms) reads: 635 (6ms) |
| crime_stealer_exfil_zip.yar | files: 2 ands: 1849 (60ms) ors: 234 (0ms) minofs: 18 (0ms) reads: 1759 (474ms) |
files: 2 ands: 639 (7ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 639 (228ms) |
files: 2 ands: 639 (6ms) ors: 18 (0ms) minofs: 7 (0ms) reads: 639 (6ms) |
files: 2 ands: 639 (7ms) ors: 18 (0ms) minofs: 7 (0ms) reads: 385 (4ms) |
| crime_teledoor.yar | files: 0 ands: 786 (7ms) ors: 81 (0ms) minofs: 9 (0ms) reads: 742 (1230ms) |
files: 0 ands: 151 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 151 (582ms) |
files: 0 ands: 123 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 123 (2ms) |
files: 0 ands: 123 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 123 (2ms) |
| crime_trickbot.yar | degenerate | degenerate | degenerate | degenerate |
| crime_upatre_oct15.yar | files: 0 ands: 2915 (147ms) ors: 216 (0ms) minofs: 9 (0ms) reads: 2798 (2542ms) |
files: 0 ands: 1215 (31ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 1197 (1672ms) |
files: 0 ands: 185 (1ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 167 (4ms) |
files: 0 ands: 185 (1ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 158 (3ms) |
| crime_wannacry.yar | files: 0 ands: 12319 (307ms) ors: 1017 (0ms) minofs: 72 (0ms) reads: 11701 (11814ms) |
files: 0 ands: 5450 (85ms) ors: 108 (0ms) minofs: 72 (0ms) reads: 5432 (7793ms) |
files: 0 ands: 1946 (23ms) ors: 108 (0ms) minofs: 4 (0ms) reads: 1935 (33ms) |
files: 0 ands: 1946 (16ms) ors: 108 (0ms) minofs: 4 (0ms) reads: 1705 (18ms) |
| crime_wsh_rat.yar | files: 0 ands: 635 (9ms) ors: 108 (0ms) minofs: 9 (0ms) reads: 527 (1993ms) |
files: 0 ands: 381 (5ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 381 (2141ms) |
files: 0 ands: 381 (4ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 381 (22ms) |
files: 0 ands: 381 (4ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 381 (9ms) |
| crime_xbash.yar | files: 0 ands: 3125 (77ms) ors: 387 (0ms) minofs: 27 (0ms) reads: 2902 (2319ms) |
files: 0 ands: 1060 (11ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 1060 (1838ms) |
files: 0 ands: 584 (1ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 584 (4ms) |
files: 0 ands: 584 (1ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 545 (4ms) |
| crime_zeus_panda.yar | files: 520 ands: 3198 (172ms) ors: 324 (2ms) minofs: 18 (7ms) reads: 2991 (1839ms) |
files: 520 ands: 1710 (88ms) ors: 18 (0ms) minofs: 18 (6ms) reads: 1710 (1178ms) |
files: 520 ands: 1710 (58ms) ors: 18 (0ms) minofs: 18 (4ms) reads: 1710 (63ms) |
files: 520 ands: 1710 (47ms) ors: 18 (0ms) minofs: 18 (3ms) reads: 1044 (19ms) |
| crime_zloader_maldocs.yar | files: 0 ands: 282 (0ms) ors: 72 (0ms) minofs: 9 (0ms) reads: 246 (1220ms) |
files: 0 ands: 115 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 115 (896ms) |
files: 0 ands: 37 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 37 (0ms) |
files: 0 ands: 37 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 37 (0ms) |
| expl_adselfservice_cve_2021_40539.yar | files: 0 ands: 7915 (333ms) ors: 234 (0ms) minofs: 18 (0ms) reads: 7742 (1957ms) |
files: 0 ands: 339 (5ms) ors: 72 (0ms) minofs: 18 (0ms) reads: 339 (288ms) |
files: 0 ands: 339 (3ms) ors: 72 (0ms) minofs: 0 (0ms) reads: 339 (3ms) |
files: 0 ands: 339 (3ms) ors: 72 (0ms) minofs: 0 (0ms) reads: 216 (2ms) |
| expl_cve_2021_1647.yar | files: 0 ands: 7489 (64ms) ors: 1278 (0ms) minofs: 9 (0ms) reads: 4915 (5660ms) |
files: 0 ands: 4111 (22ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 2851 (2335ms) |
files: 0 ands: 87 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 78 (0ms) |
files: 0 ands: 87 (1ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 78 (1ms) |
| expl_cve_2021_26084_confluence_log.yar | files: 0 ands: 5163 (183ms) ors: 396 (0ms) minofs: 27 (0ms) reads: 4789 (3099ms) |
files: 0 ands: 802 (8ms) ors: 54 (0ms) minofs: 27 (0ms) reads: 712 (1179ms) |
files: 0 ands: 422 (6ms) ors: 54 (0ms) minofs: 0 (0ms) reads: 386 (6ms) |
files: 0 ands: 422 (6ms) ors: 54 (0ms) minofs: 0 (0ms) reads: 379 (5ms) |
| expl_cve_2021_40444.yar | files: 48 ands: 19548 (455ms) ors: 12050 (30ms) minofs: 54 (0ms) reads: 14393 (10319ms) |
files: 48 ands: 4106 (71ms) ors: 288 (1ms) minofs: 54 (0ms) reads: 3962 (1443ms) |
files: 48 ands: 3959 (45ms) ors: 261 (0ms) minofs: 26 (0ms) reads: 3840 (89ms) |
files: 48 ands: 3959 (37ms) ors: 261 (0ms) minofs: 26 (0ms) reads: 1344 (21ms) |
| expl_cve_2022_41040_proxynoshell.yar | files: 0 ands: 12790 (65ms) ors: 12530 (8ms) minofs: 9 (0ms) reads: 7200 (4428ms) |
files: 11181 ands: 72 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 36 (0ms) |
files: 11181 ands: 72 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 36 (0ms) |
files: 11181 ands: 72 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 36 (0ms) |
| expl_log4j_cve_2021_44228.yar | files: 67590 ands: 22563 (535ms) ors: 3042 (23ms) minofs: 90 (0ms) reads: 20487 (15450ms) |
files: 67590 ands: 4896 (43ms) ors: 720 (20ms) minofs: 90 (0ms) reads: 4608 (3768ms) |
files: 67590 ands: 4577 (22ms) ors: 720 (10ms) minofs: 9 (0ms) reads: 4403 (37ms) |
files: 67590 ands: 4577 (22ms) ors: 720 (10ms) minofs: 9 (0ms) reads: 1862 (15ms) |
| expl_proxyshell.yar | files: 6073 ands: 92443 (1038ms) ors: 74235 (63ms) minofs: 144 (0ms) reads: 59570 (16237ms) |
degenerate | degenerate | degenerate |
| expl_spring4shell.yar | files: 0 ands: 4579 (127ms) ors: 333 (0ms) minofs: 27 (0ms) reads: 4308 (1873ms) |
files: 0 ands: 1132 (11ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 1132 (559ms) |
files: 0 ands: 1132 (7ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 1132 (12ms) |
files: 0 ands: 1132 (6ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 946 (10ms) |
| exploit_cve_2014_4076.yar | files: 0 ands: 1074 (16ms) ors: 108 (0ms) minofs: 9 (0ms) reads: 1038 (702ms) |
files: 0 ands: 316 (1ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 316 (149ms) |
files: 0 ands: 316 (2ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 316 (6ms) |
files: 0 ands: 316 (2ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 261 (6ms) |
| exploit_cve_2015_1674.yar | files: 118 ands: 1323 (107ms) ors: 135 (3ms) minofs: 9 (0ms) reads: 1260 (185ms) |
files: 118 ands: 585 (72ms) ors: 0 (0ms) minofs: 9 (1ms) reads: 585 (267ms) |
files: 118 ands: 585 (38ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 585 (58ms) |
files: 118 ands: 585 (38ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 558 (29ms) |
| exploit_cve_2015_1701.yar | files: 0 ands: 2501 (255ms) ors: 216 (2ms) minofs: 18 (2ms) reads: 2384 (1577ms) |
files: 0 ands: 818 (51ms) ors: 0 (0ms) minofs: 18 (2ms) reads: 800 (769ms) |
files: 0 ands: 620 (35ms) ors: 0 (0ms) minofs: 8 (1ms) reads: 611 (32ms) |
files: 0 ands: 620 (25ms) ors: 0 (0ms) minofs: 8 (1ms) reads: 566 (20ms) |
| exploit_cve_2015_2426.yar | files: 0 ands: 4830 (262ms) ors: 432 (1ms) minofs: 27 (0ms) reads: 4568 (3207ms) |
files: 0 ands: 1663 (57ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 1663 (2002ms) |
files: 0 ands: 856 (20ms) ors: 36 (0ms) minofs: 8 (0ms) reads: 856 (18ms) |
files: 0 ands: 856 (21ms) ors: 36 (0ms) minofs: 8 (0ms) reads: 818 (17ms) |
| exploit_cve_2015_2545.yar | files: 0 ands: 465 (6ms) ors: 45 (0ms) minofs: 0 (0ms) reads: 402 (662ms) |
files: 0 ands: 197 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 179 (493ms) |
files: 0 ands: 150 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 141 (1ms) |
files: 0 ands: 150 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 141 (1ms) |
| exploit_cve_2015_5119.yar | files: 0 ands: 1475 (23ms) ors: 189 (0ms) minofs: 9 (0ms) reads: 1376 (1221ms) |
files: 0 ands: 366 (1ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 366 (910ms) |
files: 0 ands: 366 (1ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 366 (26ms) |
files: 0 ands: 366 (2ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 354 (4ms) |
| exploit_cve_2017_8759.yar | files: 0 ands: 56890 (1265ms) ors: 35167 (107ms) minofs: 54 (0ms) reads: 40521 (15244ms) |
degenerate | degenerate | degenerate |
| exploit_cve_2017_9800.yar | files: 0 ands: 932 (14ms) ors: 81 (0ms) minofs: 9 (0ms) reads: 905 (311ms) |
files: 0 ands: 239 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 239 (109ms) |
files: 0 ands: 239 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 239 (1ms) |
files: 0 ands: 239 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 117 (1ms) |
| exploit_cve_2017_11882.yar | files: 42 ands: 12751 (422ms) ors: 1035 (4ms) minofs: 63 (4ms) reads: 11991 (4660ms) |
files: 42 ands: 3498 (59ms) ors: 126 (0ms) minofs: 63 (5ms) reads: 3354 (2036ms) |
files: 42 ands: 3228 (57ms) ors: 126 (0ms) minofs: 30 (4ms) reads: 3109 (121ms) |
files: 42 ands: 3228 (48ms) ors: 126 (0ms) minofs: 30 (4ms) reads: 1877 (31ms) |
| exploit_cve_2018_0802.yar | files: 0 ands: 324 (13ms) ors: 81 (0ms) minofs: 9 (0ms) reads: 279 (22ms) |
files: 0 ands: 114 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 96 (1ms) |
files: 0 ands: 79 (1ms) ors: 0 (0ms) minofs: 2 (0ms) reads: 75 (2ms) |
files: 0 ands: 79 (0ms) ors: 0 (0ms) minofs: 2 (0ms) reads: 75 (1ms) |
| exploit_cve_2018_16858.yar | files: 0 ands: 8802 (37ms) ors: 8241 (5ms) minofs: 9 (0ms) reads: 5262 (7587ms) |
files: 0 ands: 67 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 49 (146ms) |
files: 0 ands: 58 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 49 (0ms) |
files: 0 ands: 58 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 49 (0ms) |
| exploit_cve_2021_31166.yar | yaramod_error | yaramod_error | yaramod_error | yaramod_error |
| exploit_cve_2021_33766_proxytoken.yar | files: 0 ands: 1074 (38ms) ors: 162 (0ms) minofs: 27 (0ms) reads: 983 (960ms) |
files: 0 ands: 318 (5ms) ors: 18 (0ms) minofs: 27 (0ms) reads: 300 (446ms) |
files: 0 ands: 72 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 63 (0ms) |
files: 0 ands: 72 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 63 (0ms) |
| exploit_cve_2022_22954_vmware_workspace_one.yar | files: 0 ands: 901 (4ms) ors: 45 (0ms) minofs: 9 (0ms) reads: 854 (836ms) |
files: 0 ands: 308 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 308 (415ms) |
files: 0 ands: 308 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 308 (3ms) |
files: 0 ands: 308 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 245 (2ms) |
| exploit_f5_bigip_cve_2021_22986_log.yar | files: 0 ands: 564 (8ms) ors: 54 (0ms) minofs: 9 (0ms) reads: 493 (323ms) |
files: 0 ands: 103 (1ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 103 (96ms) |
files: 0 ands: 103 (1ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 103 (1ms) |
files: 0 ands: 103 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 103 (1ms) |
| exploit_gitlab_cve_2021_22205.yar | files: 0 ands: 2898 (12ms) ors: 324 (0ms) minofs: 27 (0ms) reads: 2646 (6438ms) |
files: 0 ands: 607 (0ms) ors: 18 (0ms) minofs: 27 (0ms) reads: 517 (789ms) |
files: 0 ands: 215 (0ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 188 (0ms) |
files: 0 ands: 215 (0ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 188 (0ms) |
| exploit_rtf_ole2link.yar | files: 0 ands: 7824 (82ms) ors: 4510 (3ms) minofs: 18 (0ms) reads: 6307 (5827ms) |
degenerate | degenerate | degenerate |
| exploit_shitrix.yar | files: 0 ands: 6575 (94ms) ors: 3570 (22ms) minofs: 18 (0ms) reads: 5455 (5663ms) |
files: 9388 ands: 823 (6ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 823 (874ms) |
files: 9388 ands: 823 (7ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 823 (10ms) |
files: 9388 ands: 823 (3ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 508 (3ms) |
| exploit_tlb_scripts.yar | files: 5111 ands: 8744 (103ms) ors: 9644 (32ms) minofs: 9 (0ms) reads: 5866 (5504ms) |
degenerate | degenerate | degenerate |
| exploit_uac_elevators.yar | files: 1 ands: 75008 (3072ms) ors: 2412 (7ms) minofs: 108 (0ms) reads: 70452 (14312ms) |
files: 1 ands: 16202 (560ms) ors: 198 (0ms) minofs: 108 (0ms) reads: 16184 (5896ms) |
files: 1 ands: 10738 (226ms) ors: 198 (0ms) minofs: 9 (0ms) reads: 10729 (402ms) |
files: 1 ands: 10738 (219ms) ors: 198 (0ms) minofs: 9 (0ms) reads: 6668 (125ms) |
| gen_ace_with_exe.yar | files: 35 ands: 99 (0ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 81 (248ms) |
files: 35 ands: 81 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 81 (373ms) |
files: 35 ands: 81 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 81 (0ms) |
files: 35 ands: 81 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 81 (0ms) |
| gen_anomalies_keyword_combos.yar | files: 46 ands: 3807 (218ms) ors: 153 (0ms) minofs: 9 (0ms) reads: 3321 (605ms) |
files: 46 ands: 756 (10ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 738 (330ms) |
files: 46 ands: 756 (7ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 738 (9ms) |
files: 46 ands: 756 (7ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 720 (9ms) |
| gen_armitage.yar | files: 0 ands: 3383 (125ms) ors: 306 (0ms) minofs: 27 (0ms) reads: 3228 (2174ms) |
files: 0 ands: 797 (10ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 797 (847ms) |
files: 0 ands: 767 (6ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 767 (8ms) |
files: 0 ands: 767 (6ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 562 (5ms) |
| gen_autocad_lsp_malware.yar | files: 141 ands: 16770 (171ms) ors: 16909 (124ms) minofs: 27 (0ms) reads: 11119 (14319ms) |
degenerate | degenerate | degenerate |
| gen_b374k_extra.yar | files: 0 ands: 697 (32ms) ors: 81 (0ms) minofs: 9 (0ms) reads: 661 (607ms) |
files: 0 ands: 229 (4ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 229 (633ms) |
files: 0 ands: 110 (2ms) ors: 0 (0ms) minofs: 2 (0ms) reads: 110 (2ms) |
files: 0 ands: 110 (2ms) ors: 0 (0ms) minofs: 2 (0ms) reads: 110 (2ms) |
| gen_bad_pdf.yar | files: 0 ands: 666 (37ms) ors: 72 (0ms) minofs: 9 (0ms) reads: 621 (496ms) |
files: 0 ands: 251 (13ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 251 (217ms) |
files: 0 ands: 251 (15ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 251 (70ms) |
files: 0 ands: 251 (15ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 101 (2ms) |
| gen_case_anomalies.yar | files: 855 ands: 26036 (657ms) ors: 22523 (82ms) minofs: 0 (0ms) reads: 16140 (6745ms) |
degenerate | degenerate | degenerate |
| gen_cert_payloads.yar | files: 43 ands: 576 (11ms) ors: 27 (0ms) minofs: 0 (0ms) reads: 567 (439ms) |
files: 43 ands: 306 (7ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 306 (555ms) |
files: 43 ands: 306 (9ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 306 (43ms) |
files: 43 ands: 306 (5ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 234 (3ms) |
| gen_chaos_payload.yar | files: 0 ands: 182 (0ms) ors: 27 (0ms) minofs: 9 (0ms) reads: 155 (324ms) |
files: 0 ands: 33 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 33 (219ms) |
files: 0 ands: 33 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 33 (0ms) |
files: 0 ands: 33 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 33 (0ms) |
| gen_cmd_script_obfuscated.yar | files: 0 ands: 471 (4ms) ors: 54 (0ms) minofs: 0 (0ms) reads: 426 (1006ms) |
files: 0 ands: 226 (1ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 208 (959ms) |
files: 0 ands: 226 (1ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 208 (1ms) |
files: 0 ands: 226 (1ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 204 (1ms) |
| gen_cn_hacktool_scripts.yar | files: 5 ands: 7450 (218ms) ors: 792 (0ms) minofs: 72 (0ms) reads: 6978 (4215ms) |
files: 5 ands: 2677 (25ms) ors: 126 (0ms) minofs: 72 (0ms) reads: 2677 (1842ms) |
files: 5 ands: 1718 (20ms) ors: 126 (0ms) minofs: 3 (0ms) reads: 1718 (50ms) |
files: 5 ands: 1718 (19ms) ors: 126 (0ms) minofs: 3 (0ms) reads: 1408 (20ms) |
| gen_cn_hacktools.yar | files: 3688 ands: 337713 (15106ms) ors: 20574 (53ms) minofs: 1179 (21ms) reads: 317267 (115859ms) |
files: 3688 ands: 99402 (2946ms) ors: 2340 (0ms) minofs: 1179 (31ms) reads: 99366 (56289ms) |
files: 3688 ands: 76693 (1364ms) ors: 2340 (0ms) minofs: 258 (16ms) reads: 76658 (1870ms) |
files: 3688 ands: 76693 (1369ms) ors: 2340 (0ms) minofs: 258 (13ms) reads: 40996 (502ms) |
| gen_cn_webshells.yar | files: 9 ands: 50799 (1454ms) ors: 4698 (1ms) minofs: 360 (0ms) reads: 47292 (23801ms) |
files: 9 ands: 14655 (197ms) ors: 702 (0ms) minofs: 360 (0ms) reads: 14655 (9445ms) |
files: 9 ands: 6688 (61ms) ors: 702 (0ms) minofs: 10 (0ms) reads: 6688 (85ms) |
files: 9 ands: 6688 (62ms) ors: 702 (0ms) minofs: 10 (0ms) reads: 5114 (63ms) |
| gen_cobaltstrike.yar | files: 0 ands: 403 (1ms) ors: 27 (0ms) minofs: 0 (0ms) reads: 394 (1941ms) |
files: 0 ands: 305 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 305 (1128ms) |
files: 0 ands: 305 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 305 (2ms) |
files: 0 ands: 305 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 305 (2ms) |
| gen_cobaltstrike_by_avast.yar | degenerate | degenerate | degenerate | degenerate |
| gen_crime_bitpaymer.yar | files: 0 ands: 323 (8ms) ors: 54 (0ms) minofs: 0 (0ms) reads: 233 (937ms) |
files: 0 ands: 137 (5ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 119 (608ms) |
files: 0 ands: 137 (3ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 119 (35ms) |
files: 0 ands: 137 (3ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 119 (3ms) |
| gen_crimson_rat.yar | files: 198 ands: 10556 (424ms) ors: 315 (0ms) minofs: 18 (0ms) reads: 9641 (2210ms) |
files: 198 ands: 2566 (73ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 2566 (723ms) |
files: 198 ands: 2566 (56ms) ors: 18 (0ms) minofs: 10 (0ms) reads: 2566 (107ms) |
files: 198 ands: 2566 (53ms) ors: 18 (0ms) minofs: 10 (0ms) reads: 2023 (52ms) |
| gen_crunchrat.yar | files: 0 ands: 6597 (271ms) ors: 297 (0ms) minofs: 18 (0ms) reads: 6041 (1262ms) |
files: 0 ands: 1972 (47ms) ors: 0 (0ms) minofs: 18 (0ms) reads: 1954 (433ms) |
files: 0 ands: 375 (11ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 366 (11ms) |
files: 0 ands: 375 (10ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 285 (8ms) |
| gen_dde_in_office_docs.yar | files: 226278 ands: 2212 (29ms) ors: 2482 (11ms) minofs: 0 (0ms) reads: 1448 (1205ms) |
degenerate | degenerate | degenerate |
| gen_deviceguard_evasion.yar | files: 0 ands: 411 (3ms) ors: 63 (0ms) minofs: 9 (0ms) reads: 366 (575ms) |
files: 0 ands: 156 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 156 (299ms) |
files: 0 ands: 43 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 43 (0ms) |
files: 0 ands: 43 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 43 (0ms) |
| gen_doc_follina.yar | files: 0 ands: 34972 (498ms) ors: 5231 (3ms) minofs: 162 (0ms) reads: 32756 (33023ms) |
files: 110 ands: 8297 (53ms) ors: 342 (0ms) minofs: 162 (0ms) reads: 8027 (14027ms) |
files: 110 ands: 3382 (28ms) ors: 252 (0ms) minofs: 39 (0ms) reads: 3190 (39ms) |
files: 110 ands: 3382 (28ms) ors: 252 (0ms) minofs: 39 (0ms) reads: 1975 (30ms) |
| gen_dropper_pdb.yar | files: 1 ands: 1286 (39ms) ors: 108 (0ms) minofs: 9 (0ms) reads: 1214 (418ms) |
files: 1 ands: 425 (6ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 425 (302ms) |
files: 1 ands: 425 (8ms) ors: 0 (0ms) minofs: 1 (0ms) reads: 425 (9ms) |
files: 1 ands: 425 (7ms) ors: 0 (0ms) minofs: 1 (0ms) reads: 286 (5ms) |
| gen_elf_file_anomalies.yar | files: 1609 ands: 1928 (51ms) ors: 81 (0ms) minofs: 9 (0ms) reads: 1865 (1116ms) |
files: 1609 ands: 690 (6ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 690 (619ms) |
files: 1609 ands: 690 (9ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 690 (16ms) |
files: 1609 ands: 690 (9ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 654 (15ms) |
| gen_empire.yar | files: 6 ands: 46483 (1195ms) ors: 5211 (0ms) minofs: 603 (0ms) reads: 43087 (18504ms) |
files: 6 ands: 9242 (127ms) ors: 1188 (0ms) minofs: 603 (0ms) reads: 9224 (2038ms) |
files: 6 ands: 6540 (44ms) ors: 1188 (0ms) minofs: 5 (0ms) reads: 6531 (65ms) |
files: 6 ands: 6540 (44ms) ors: 1188 (0ms) minofs: 5 (0ms) reads: 3856 (40ms) |
| gen_enigma_protector.yar | files: 8 ands: 1518 (32ms) ors: 198 (0ms) minofs: 27 (0ms) reads: 1383 (5675ms) |
files: 8 ands: 873 (8ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 873 (4630ms) |
files: 8 ands: 733 (9ms) ors: 36 (0ms) minofs: 13 (0ms) reads: 733 (90ms) |
files: 8 ands: 733 (5ms) ors: 36 (0ms) minofs: 13 (0ms) reads: 667 (11ms) |
| gen_event_mute_hook.yar | files: 0 ands: 145 (0ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 73 (376ms) |
files: 0 ands: 58 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 40 (339ms) |
files: 0 ands: 58 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 40 (0ms) |
files: 0 ands: 58 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 40 (0ms) |
| gen_Excel4Macro_Sharpshooter.yar | files: 1 ands: 2890 (274ms) ors: 315 (1ms) minofs: 18 (3ms) reads: 2550 (1471ms) |
files: 1 ands: 1591 (97ms) ors: 18 (0ms) minofs: 18 (3ms) reads: 1465 (1062ms) |
files: 1 ands: 1130 (35ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 1046 (97ms) |
files: 1 ands: 1130 (40ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 386 (18ms) |
| gen_excel_auto_open_evasion.yar | files: 712806 ands: 63 (2ms) ors: 18 (1ms) minofs: 0 (0ms) reads: 45 (10ms) |
files: 712806 ands: 45 (2ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 45 (5ms) |
files: 712806 ands: 45 (3ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 45 (5ms) |
files: 712806 ands: 45 (3ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 36 (4ms) |
| gen_excel_xll_addin_suspicious.yar | degenerate | degenerate | degenerate | degenerate |
| gen_excel_xor_obfuscation_velvetsweatshop.yar | files: 0 ands: 339 (11ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 285 (671ms) |
files: 0 ands: 277 (6ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 259 (391ms) |
files: 0 ands: 277 (8ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 259 (19ms) |
files: 0 ands: 277 (8ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 250 (12ms) |
| gen_exploit_cve_2017_10271_weblogic.yar | files: 0 ands: 5368 (40ms) ors: 4770 (7ms) minofs: 9 (0ms) reads: 3416 (4481ms) |
files: 0 ands: 303 (2ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 303 (695ms) |
files: 0 ands: 74 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 74 (0ms) |
files: 0 ands: 74 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 74 (0ms) |
| gen_faked_versions.yar | empty | empty | empty | empty |
| gen_file_anomalies.yar | degenerate | degenerate | degenerate | degenerate |
| gen_fireeye_redteam_tools.yar | degenerate | degenerate | degenerate | degenerate |
| gen_floxif.yar | files: 0 ands: 395 (3ms) ors: 54 (0ms) minofs: 9 (0ms) reads: 341 (1384ms) |
files: 0 ands: 177 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 177 (1199ms) |
files: 0 ands: 48 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 48 (0ms) |
files: 0 ands: 48 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 48 (0ms) |
| gen_frp_proxy.yar | files: 0 ands: 2031 (80ms) ors: 261 (0ms) minofs: 18 (0ms) reads: 1886 (966ms) |
files: 0 ands: 739 (12ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 721 (678ms) |
files: 0 ands: 404 (5ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 388 (6ms) |
files: 0 ands: 404 (5ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 339 (5ms) |
| gen_gcti_cobaltstrike.yar | degenerate | degenerate | degenerate | degenerate |
| gen_gcti_sliver.yar | files: 122259 ands: 2022 (21ms) ors: 261 (2ms) minofs: 18 (1ms) reads: 537 (410ms) |
files: 122259 ands: 582 (1ms) ors: 18 (0ms) minofs: 18 (1ms) reads: 150 (429ms) |
files: 122259 ands: 540 (0ms) ors: 18 (0ms) minofs: 16 (0ms) reads: 146 (1ms) |
files: 122259 ands: 540 (1ms) ors: 18 (0ms) minofs: 16 (0ms) reads: 112 (1ms) |
| gen_gen_cactustorch.yar | files: 0 ands: 9614 (227ms) ors: 738 (0ms) minofs: 36 (0ms) reads: 9148 (2388ms) |
files: 0 ands: 2076 (19ms) ors: 36 (0ms) minofs: 36 (0ms) reads: 2058 (525ms) |
files: 0 ands: 1694 (9ms) ors: 36 (0ms) minofs: 4 (0ms) reads: 1681 (14ms) |
files: 0 ands: 1694 (10ms) ors: 36 (0ms) minofs: 4 (0ms) reads: 823 (7ms) |
| gen_github_net_redteam_tools_guids.yar | files: 3 ands: 2453770 (42155ms) ors: 983625 (1201ms) minofs: 2493 (0ms) reads: 1892342 (1007565ms) |
degenerate | degenerate | degenerate |
| gen_github_net_redteam_tools_names.yar | files: 53 ands: 97487 (5623ms) ors: 8469 (9ms) minofs: 468 (0ms) reads: 90196 (19604ms) |
files: 53 ands: 14317 (269ms) ors: 2772 (2ms) minofs: 468 (0ms) reads: 14299 (6024ms) |
files: 53 ands: 6465 (60ms) ors: 1970 (0ms) minofs: 58 (0ms) reads: 6456 (71ms) |
files: 53 ands: 6465 (48ms) ors: 1970 (0ms) minofs: 58 (0ms) reads: 4586 (41ms) |
| gen_github_repo_compromise_myjino_ru.yar | files: 0 ands: 3846 (157ms) ors: 144 (0ms) minofs: 9 (0ms) reads: 3733 (1437ms) |
files: 0 ands: 376 (4ms) ors: 36 (0ms) minofs: 9 (0ms) reads: 376 (245ms) |
files: 0 ands: 376 (5ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 376 (10ms) |
files: 0 ands: 376 (5ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 349 (9ms) |
| gen_gobfuscate.yar | files: 13 ands: 513 (0ms) ors: 72 (0ms) minofs: 9 (0ms) reads: 135 (414ms) |
files: 13 ands: 261 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 135 (482ms) |
files: 13 ands: 261 (0ms) ors: 0 (0ms) minofs: 7 (0ms) reads: 135 (1ms) |
files: 13 ands: 261 (0ms) ors: 0 (0ms) minofs: 7 (0ms) reads: 135 (0ms) |
| gen_google_anomaly.yar | files: 169 ands: 1539 (115ms) ors: 27 (0ms) minofs: 0 (0ms) reads: 1341 (178ms) |
files: 169 ands: 423 (20ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 423 (67ms) |
files: 169 ands: 423 (21ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 423 (16ms) |
files: 169 ands: 423 (22ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 423 (16ms) |
| gen_gpp_cpassword.yar | files: 0 ands: 1006 (45ms) ors: 108 (0ms) minofs: 9 (0ms) reads: 970 (477ms) |
files: 0 ands: 244 (5ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 244 (71ms) |
files: 0 ands: 53 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 53 (0ms) |
files: 0 ands: 53 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 52 (0ms) |
| gen_hawkeye.yar | files: 0 ands: 2925 (129ms) ors: 171 (0ms) minofs: 18 (0ms) reads: 2711 (797ms) |
files: 0 ands: 783 (25ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 783 (364ms) |
files: 0 ands: 650 (23ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 650 (26ms) |
files: 0 ands: 650 (21ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 626 (20ms) |
| gen_hktl_koh_tokenstealer.yar | files: 0 ands: 4414 (106ms) ors: 153 (0ms) minofs: 18 (0ms) reads: 4222 (1409ms) |
files: 0 ands: 2486 (33ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 2486 (1097ms) |
files: 0 ands: 2435 (23ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 2435 (62ms) |
files: 0 ands: 2435 (25ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 1240 (27ms) |
| gen_hktl_roothelper.yar | files: 0 ands: 7537 (227ms) ors: 1629 (16ms) minofs: 99 (0ms) reads: 5090 (3506ms) |
files: 0 ands: 3842 (167ms) ors: 144 (0ms) minofs: 99 (0ms) reads: 3068 (3298ms) |
files: 0 ands: 2131 (65ms) ors: 126 (0ms) minofs: 27 (0ms) reads: 1829 (146ms) |
files: 0 ands: 2131 (52ms) ors: 126 (0ms) minofs: 27 (0ms) reads: 1086 (22ms) |
| gen_hta_anomalies.yar | files: 0 ands: 1530 (48ms) ors: 99 (0ms) minofs: 9 (0ms) reads: 1451 (667ms) |
files: 0 ands: 417 (1ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 417 (631ms) |
files: 0 ands: 206 (0ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 206 (3ms) |
files: 0 ands: 206 (0ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 103 (1ms) |
| gen_hunting_susp_rar.yar | files: 3769 ands: 45 (0ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 27 (82ms) |
files: 3769 ands: 27 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 27 (82ms) |
files: 3769 ands: 27 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 27 (0ms) |
files: 3769 ands: 27 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 27 (0ms) |
| gen_icon_anomalies.yar | files: 29 ands: 8559 (244ms) ors: 72 (0ms) minofs: 9 (0ms) reads: 8505 (10685ms) |
files: 29 ands: 8505 (138ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 8505 (11198ms) |
files: 29 ands: 8505 (154ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 8505 (645ms) |
files: 29 ands: 8505 (102ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 3204 (60ms) |
| gen_impacket_tools.yar | files: 1 ands: 15525 (351ms) ors: 2286 (0ms) minofs: 234 (0ms) reads: 14683 (8844ms) |
files: 1 ands: 3484 (15ms) ors: 450 (0ms) minofs: 234 (0ms) reads: 3484 (2558ms) |
files: 1 ands: 2230 (11ms) ors: 450 (0ms) minofs: 2 (0ms) reads: 2230 (27ms) |
files: 1 ands: 2230 (10ms) ors: 450 (0ms) minofs: 2 (0ms) reads: 972 (9ms) |
| gen_invoke_mimikatz.yar | files: 153 ands: 3288 (97ms) ors: 54 (0ms) minofs: 9 (0ms) reads: 3248 (3547ms) |
files: 153 ands: 1095 (5ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 1095 (2385ms) |
files: 153 ands: 1095 (4ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 1095 (9ms) |
files: 153 ands: 1095 (7ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 618 (5ms) |
| gen_invoke_psimage.yar | files: 0 ands: 5074 (226ms) ors: 171 (0ms) minofs: 9 (0ms) reads: 4694 (2588ms) |
files: 0 ands: 1261 (26ms) ors: 36 (0ms) minofs: 9 (0ms) reads: 1261 (2364ms) |
files: 0 ands: 1261 (18ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 1261 (54ms) |
files: 0 ands: 1261 (18ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 1172 (21ms) |
| gen_invoke_thehash.yar | files: 0 ands: 6458 (174ms) ors: 513 (0ms) minofs: 36 (0ms) reads: 5789 (3250ms) |
files: 0 ands: 1129 (11ms) ors: 54 (0ms) minofs: 36 (0ms) reads: 1129 (957ms) |
files: 0 ands: 896 (13ms) ors: 54 (0ms) minofs: 0 (0ms) reads: 896 (20ms) |
files: 0 ands: 896 (11ms) ors: 54 (0ms) minofs: 0 (0ms) reads: 619 (14ms) |
| gen_javascript_powershell.yar | files: 0 ands: 144 (1ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 126 (277ms) |
files: 0 ands: 70 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 70 (191ms) |
files: 0 ands: 70 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 70 (69ms) |
files: 0 ands: 70 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 70 (2ms) |
| gen_kerberoast.yar | files: 0 ands: 3951 (85ms) ors: 333 (0ms) minofs: 27 (0ms) reads: 3719 (1611ms) |
files: 0 ands: 664 (4ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 664 (853ms) |
files: 0 ands: 529 (3ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 529 (5ms) |
files: 0 ands: 529 (3ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 431 (4ms) |
| gen_khepri.yar | files: 0 ands: 8032 (191ms) ors: 909 (0ms) minofs: 54 (0ms) reads: 7591 (6772ms) |
files: 0 ands: 2235 (37ms) ors: 90 (0ms) minofs: 54 (0ms) reads: 2235 (2070ms) |
files: 0 ands: 1885 (30ms) ors: 90 (0ms) minofs: 4 (0ms) reads: 1885 (68ms) |
files: 0 ands: 1885 (15ms) ors: 90 (0ms) minofs: 4 (0ms) reads: 970 (10ms) |
| gen_kirbi_mimkatz.yar | files: 0 ands: 588 (9ms) ors: 54 (0ms) minofs: 0 (0ms) reads: 336 (824ms) |
files: 0 ands: 276 (5ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 204 (1020ms) |
files: 0 ands: 276 (7ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 204 (81ms) |
files: 0 ands: 276 (4ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 170 (5ms) |
| gen_lnx_malware_indicators.yar | files: 0 ands: 599 (6ms) ors: 126 (0ms) minofs: 9 (0ms) reads: 545 (217ms) |
files: 0 ands: 220 (1ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 220 (380ms) |
files: 0 ands: 199 (1ms) ors: 0 (0ms) minofs: 2 (0ms) reads: 199 (1ms) |
files: 0 ands: 199 (1ms) ors: 0 (0ms) minofs: 2 (0ms) reads: 199 (1ms) |
| gen_loaders.yar | degenerate | degenerate | degenerate | degenerate |
| gen_macro_builders.yar | files: 0 ands: 2650 (119ms) ors: 162 (1ms) minofs: 9 (0ms) reads: 1903 (376ms) |
files: 0 ands: 802 (16ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 586 (314ms) |
files: 0 ands: 271 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 73 (1ms) |
files: 0 ands: 271 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 73 (1ms) |
| gen_macro_ShellExecute_action.yar | files: 17 ands: 1287 (72ms) ors: 180 (1ms) minofs: 27 (1ms) reads: 1215 (1008ms) |
files: 17 ands: 405 (14ms) ors: 18 (0ms) minofs: 27 (1ms) reads: 387 (1033ms) |
files: 17 ands: 405 (11ms) ors: 18 (0ms) minofs: 27 (1ms) reads: 387 (7ms) |
files: 17 ands: 405 (15ms) ors: 18 (0ms) minofs: 27 (1ms) reads: 360 (9ms) |
| gen_macro_staroffice_suspicious.yar | files: 0 ands: 10771 (122ms) ors: 11158 (49ms) minofs: 18 (1ms) reads: 6722 (4722ms) |
files: 1 ands: 185 (1ms) ors: 0 (0ms) minofs: 18 (0ms) reads: 167 (316ms) |
files: 1 ands: 134 (1ms) ors: 0 (0ms) minofs: 1 (0ms) reads: 124 (2ms) |
files: 1 ands: 134 (1ms) ors: 0 (0ms) minofs: 1 (0ms) reads: 124 (3ms) |
| gen_mal_backnet.yar | files: 0 ands: 7097 (338ms) ors: 189 (0ms) minofs: 9 (0ms) reads: 6433 (1498ms) |
files: 0 ands: 1250 (20ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 1250 (689ms) |
files: 0 ands: 1250 (19ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 1250 (51ms) |
files: 0 ands: 1250 (12ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 1060 (14ms) |
| gen_mal_link.yar | files: 582 ands: 9099 (286ms) ors: 5538 (11ms) minofs: 9 (0ms) reads: 6864 (4441ms) |
files: 941 ands: 1248 (44ms) ors: 54 (0ms) minofs: 9 (0ms) reads: 1230 (253ms) |
files: 941 ands: 891 (23ms) ors: 27 (0ms) minofs: 0 (0ms) reads: 873 (30ms) |
files: 941 ands: 891 (28ms) ors: 27 (0ms) minofs: 0 (0ms) reads: 846 (34ms) |
| gen_mal_scripts.yar | files: 0 ands: 21946 (635ms) ors: 7869 (4ms) minofs: 81 (0ms) reads: 18169 (10528ms) |
degenerate | degenerate | degenerate |
| gen_maldoc.yar | files: 0 ands: 1144 (78ms) ors: 81 (0ms) minofs: 9 (0ms) reads: 1108 (238ms) |
files: 0 ands: 335 (15ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 335 (135ms) |
files: 0 ands: 155 (5ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 155 (6ms) |
files: 0 ands: 155 (5ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 143 (5ms) |
| gen_malware_MacOS_plist_suspicious.yar | files: 17 ands: 9162 (87ms) ors: 1071 (0ms) minofs: 27 (0ms) reads: 8802 (19207ms) |
files: 17 ands: 2207 (7ms) ors: 288 (0ms) minofs: 27 (0ms) reads: 2153 (4391ms) |
files: 17 ands: 2207 (5ms) ors: 288 (0ms) minofs: 18 (0ms) reads: 2153 (10ms) |
files: 17 ands: 2207 (8ms) ors: 288 (0ms) minofs: 18 (0ms) reads: 1985 (11ms) |
| gen_malware_set_qa.yar | files: 857 ands: 72726 (2385ms) ors: 3024 (1ms) minofs: 144 (0ms) reads: 69890 (14542ms) |
files: 857 ands: 22202 (327ms) ors: 270 (0ms) minofs: 144 (0ms) reads: 22202 (5319ms) |
files: 857 ands: 18709 (167ms) ors: 270 (0ms) minofs: 22 (0ms) reads: 18709 (317ms) |
files: 857 ands: 18709 (154ms) ors: 270 (0ms) minofs: 22 (0ms) reads: 7973 (98ms) |
| gen_merlin_agent.yar | files: 0 ands: 6979 (188ms) ors: 585 (0ms) minofs: 18 (0ms) reads: 6742 (2233ms) |
files: 0 ands: 1518 (15ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 1518 (1559ms) |
files: 0 ands: 1464 (23ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 1464 (25ms) |
files: 0 ands: 1464 (20ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 825 (13ms) |
| gen_metasploit_loader_rsmudge.yar | files: 0 ands: 5884 (157ms) ors: 288 (0ms) minofs: 18 (0ms) reads: 5776 (643ms) |
files: 0 ands: 1974 (48ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 1974 (236ms) |
files: 0 ands: 1445 (18ms) ors: 18 (0ms) minofs: 1 (0ms) reads: 1445 (78ms) |
files: 0 ands: 1445 (27ms) ors: 18 (0ms) minofs: 1 (0ms) reads: 888 (21ms) |
| gen_metasploit_payloads.yar | files: 123 ands: 35842 (1574ms) ors: 2538 (1ms) minofs: 171 (0ms) reads: 33831 (17565ms) |
files: 123 ands: 11740 (293ms) ors: 360 (0ms) minofs: 171 (0ms) reads: 11740 (10038ms) |
files: 123 ands: 6620 (101ms) ors: 360 (0ms) minofs: 23 (0ms) reads: 6620 (219ms) |
files: 123 ands: 6620 (95ms) ors: 360 (0ms) minofs: 23 (0ms) reads: 4937 (65ms) |
| gen_mimikatz.yar | files: 39033 ands: 58674 (1985ms) ors: 3447 (3ms) minofs: 99 (0ms) reads: 54757 (18475ms) |
files: 39033 ands: 8656 (233ms) ors: 648 (0ms) minofs: 99 (0ms) reads: 8314 (11596ms) |
files: 39033 ands: 7842 (220ms) ors: 648 (0ms) minofs: 27 (0ms) reads: 7530 (909ms) |
files: 39033 ands: 7842 (143ms) ors: 648 (0ms) minofs: 27 (0ms) reads: 4267 (99ms) |
| gen_mimikittenz.yar | files: 0 ands: 2928 (81ms) ors: 180 (0ms) minofs: 9 (0ms) reads: 2773 (1402ms) |
files: 0 ands: 791 (5ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 791 (993ms) |
files: 0 ands: 438 (3ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 438 (7ms) |
files: 0 ands: 438 (3ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 387 (8ms) |
| gen_mimipenguin.yar | files: 0 ands: 3361 (102ms) ors: 360 (0ms) minofs: 27 (0ms) reads: 3026 (2419ms) |
files: 0 ands: 606 (8ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 606 (1252ms) |
files: 0 ands: 606 (7ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 606 (6ms) |
files: 0 ands: 606 (7ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 509 (4ms) |
| gen_nighthawk_c2.yar | degenerate | degenerate | degenerate | degenerate |
| gen_nimpackt.yar | files: 0 ands: 963 (26ms) ors: 180 (0ms) minofs: 18 (0ms) reads: 891 (975ms) |
files: 0 ands: 299 (2ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 281 (724ms) |
files: 0 ands: 252 (2ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 234 (64ms) |
files: 0 ands: 252 (1ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 228 (4ms) |
| gen_nopowershell.yar | files: 0 ands: 4342 (150ms) ors: 126 (0ms) minofs: 18 (0ms) reads: 4196 (911ms) |
files: 0 ands: 788 (14ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 788 (212ms) |
files: 0 ands: 673 (26ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 673 (27ms) |
files: 0 ands: 673 (18ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 385 (10ms) |
| gen_nvidia_leaked_cert.yar | degenerate | degenerate | degenerate | degenerate |
| gen_osx_backdoor_bella.yar | files: 0 ands: 2886 (83ms) ors: 324 (0ms) minofs: 27 (0ms) reads: 2697 (2283ms) |
files: 0 ands: 865 (8ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 847 (961ms) |
files: 0 ands: 338 (1ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 328 (3ms) |
files: 0 ands: 338 (1ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 328 (3ms) |
| gen_osx_evilosx.yar | files: 12 ands: 7393 (37ms) ors: 648 (0ms) minofs: 27 (0ms) reads: 7177 (10939ms) |
files: 12 ands: 1674 (3ms) ors: 198 (0ms) minofs: 27 (0ms) reads: 1638 (3801ms) |
files: 12 ands: 1423 (0ms) ors: 198 (0ms) minofs: 8 (0ms) reads: 1404 (2ms) |
files: 12 ands: 1423 (0ms) ors: 198 (0ms) minofs: 8 (0ms) reads: 1353 (3ms) |
| gen_osx_pyagent_persistence.yar | files: 0 ands: 14042 (119ms) ors: 1440 (2ms) minofs: 36 (0ms) reads: 13664 (17018ms) |
files: 0 ands: 4191 (17ms) ors: 468 (0ms) minofs: 36 (0ms) reads: 4137 (6943ms) |
files: 0 ands: 178 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 169 (1ms) |
files: 0 ands: 178 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 169 (1ms) |
| gen_p0wnshell.yar | files: 126 ands: 37637 (1211ms) ors: 1674 (0ms) minofs: 90 (0ms) reads: 36114 (37535ms) |
files: 126 ands: 4896 (123ms) ors: 162 (0ms) minofs: 90 (0ms) reads: 4896 (3597ms) |
files: 126 ands: 4722 (65ms) ors: 162 (0ms) minofs: 15 (0ms) reads: 4722 (72ms) |
files: 126 ands: 4722 (63ms) ors: 162 (0ms) minofs: 15 (0ms) reads: 2989 (45ms) |
| gen_phish_attachments.yar | files: 9823 ands: 20335 (142ms) ors: 2502 (0ms) minofs: 36 (0ms) reads: 19357 (27997ms) |
files: 9823 ands: 4397 (18ms) ors: 54 (0ms) minofs: 36 (0ms) reads: 4379 (10281ms) |
files: 9823 ands: 4313 (11ms) ors: 54 (0ms) minofs: 6 (0ms) reads: 4304 (20ms) |
files: 9823 ands: 4313 (11ms) ors: 54 (0ms) minofs: 6 (0ms) reads: 2993 (10ms) |
| gen_pirpi.yar | files: 855 ands: 9104 (254ms) ors: 1053 (0ms) minofs: 45 (0ms) reads: 8477 (5061ms) |
files: 855 ands: 3430 (36ms) ors: 90 (0ms) minofs: 45 (0ms) reads: 3430 (5272ms) |
files: 855 ands: 2602 (18ms) ors: 90 (0ms) minofs: 14 (0ms) reads: 2602 (23ms) |
files: 855 ands: 2602 (18ms) ors: 90 (0ms) minofs: 14 (0ms) reads: 1775 (15ms) |
| gen_powerkatz.yar | files: 0 ands: 16026 (427ms) ors: 342 (0ms) minofs: 18 (0ms) reads: 15704 (2134ms) |
files: 0 ands: 1378 (26ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 1378 (541ms) |
files: 0 ands: 1344 (24ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 1344 (44ms) |
files: 0 ands: 1344 (26ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 600 (19ms) |
| gen_powershdll.yar | files: 0 ands: 2796 (128ms) ors: 81 (0ms) minofs: 9 (0ms) reads: 2659 (565ms) |
files: 0 ands: 190 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 190 (42ms) |
files: 0 ands: 190 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 190 (1ms) |
files: 0 ands: 190 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 126 (0ms) |
| gen_powershell_empire.yar | files: 0 ands: 11871 (384ms) ors: 999 (0ms) minofs: 90 (0ms) reads: 11112 (5637ms) |
files: 0 ands: 2427 (48ms) ors: 162 (0ms) minofs: 90 (0ms) reads: 2427 (2224ms) |
files: 0 ands: 1651 (31ms) ors: 162 (0ms) minofs: 0 (0ms) reads: 1651 (75ms) |
files: 0 ands: 1651 (23ms) ors: 162 (0ms) minofs: 0 (0ms) reads: 1244 (27ms) |
| gen_powershell_invocation.yar | files: 17 ands: 152394 (2303ms) ors: 120200 (144ms) minofs: 9 (0ms) reads: 96213 (29158ms) |
degenerate | degenerate | degenerate |
| gen_powershell_obfuscation.yar | files: 50553 ands: 6584 (34ms) ors: 2710 (4ms) minofs: 27 (0ms) reads: 3834 (5809ms) |
degenerate | degenerate | degenerate |
| gen_powershell_suite.yar | files: 0 ands: 6621 (182ms) ors: 666 (0ms) minofs: 18 (0ms) reads: 6244 (3080ms) |
files: 0 ands: 1368 (9ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 1368 (1309ms) |
files: 0 ands: 1368 (11ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 1368 (18ms) |
files: 0 ands: 1368 (13ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 1053 (19ms) |
| gen_powershell_susp.yar | files: 20 ands: 141965 (2567ms) ors: 77151 (281ms) minofs: 108 (0ms) reads: 105446 (19973ms) |
degenerate | degenerate | degenerate |
| gen_powershell_toolkit.yar | files: 2 ands: 61862 (1638ms) ors: 4320 (0ms) minofs: 198 (0ms) reads: 58560 (11863ms) |
files: 2 ands: 12708 (216ms) ors: 378 (0ms) minofs: 198 (0ms) reads: 12708 (4134ms) |
files: 2 ands: 8978 (101ms) ors: 378 (0ms) minofs: 2 (0ms) reads: 8978 (198ms) |
files: 2 ands: 8978 (103ms) ors: 378 (0ms) minofs: 2 (0ms) reads: 2832 (41ms) |
| gen_powersploit_dropper.yar | files: 0 ands: 9178 (401ms) ors: 4652 (42ms) minofs: 9 (0ms) reads: 7096 (1628ms) |
files: 0 ands: 1363 (69ms) ors: 54 (0ms) minofs: 9 (0ms) reads: 1363 (450ms) |
files: 0 ands: 1363 (38ms) ors: 45 (0ms) minofs: 9 (0ms) reads: 1363 (34ms) |
files: 0 ands: 1363 (38ms) ors: 45 (0ms) minofs: 9 (0ms) reads: 1318 (32ms) |
| gen_ps1_shellcode.yar | files: 0 ands: 699 (14ms) ors: 81 (0ms) minofs: 9 (0ms) reads: 654 (908ms) |
files: 0 ands: 158 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 140 (796ms) |
files: 0 ands: 51 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 42 (0ms) |
files: 0 ands: 51 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 42 (0ms) |
| gen_ps_empire_eval.yar | files: 0 ands: 1256 (68ms) ors: 126 (0ms) minofs: 18 (0ms) reads: 1166 (350ms) |
files: 0 ands: 486 (4ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 486 (394ms) |
files: 0 ands: 475 (2ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 475 (5ms) |
files: 0 ands: 475 (2ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 475 (6ms) |
| gen_ps_osiris.yar | files: 0 ands: 1425 (34ms) ors: 162 (0ms) minofs: 9 (0ms) reads: 1320 (934ms) |
files: 0 ands: 324 (4ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 324 (707ms) |
files: 0 ands: 324 (3ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 324 (3ms) |
files: 0 ands: 324 (3ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 270 (2ms) |
| gen_pua.yar | files: 0 ands: 2529 (114ms) ors: 81 (0ms) minofs: 9 (0ms) reads: 2483 (1365ms) |
files: 0 ands: 82 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 82 (169ms) |
files: 0 ands: 82 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 82 (0ms) |
files: 0 ands: 82 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 55 (0ms) |
| gen_pupy_rat.yar | degenerate | degenerate | degenerate | degenerate |
| gen_python_encoded_adware.yar | files: 0 ands: 597 (10ms) ors: 90 (1ms) minofs: 9 (0ms) reads: 516 (434ms) |
files: 0 ands: 184 (5ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 184 (671ms) |
files: 0 ands: 58 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 58 (0ms) |
files: 0 ands: 58 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 58 (0ms) |
| gen_python_pty_shell.yar | files: 0 ands: 1123 (23ms) ors: 108 (0ms) minofs: 9 (0ms) reads: 1012 (875ms) |
files: 0 ands: 327 (3ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 327 (333ms) |
files: 0 ands: 161 (1ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 161 (1ms) |
files: 0 ands: 161 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 152 (1ms) |
| gen_python_pyminifier_encoded_payload.yar | files: 0 ands: 420 (9ms) ors: 81 (0ms) minofs: 9 (0ms) reads: 357 (270ms) |
files: 0 ands: 81 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 81 (278ms) |
files: 0 ands: 45 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 45 (0ms) |
files: 0 ands: 45 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 45 (0ms) |
| gen_rar_exfil.yar | files: 0 ands: 345 (2ms) ors: 81 (0ms) minofs: 9 (0ms) reads: 309 (956ms) |
files: 0 ands: 78 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 78 (272ms) |
files: 0 ands: 78 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 78 (0ms) |
files: 0 ands: 78 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 78 (0ms) |
| gen_rats_malwareconfig.yar | files: 2739 ands: 149908 (5839ms) ors: 38001 (102ms) minofs: 513 (0ms) reads: 130288 (62678ms) |
degenerate | degenerate | degenerate |
| gen_recon_indicators.yar | files: 153 ands: 13252 (303ms) ors: 5289 (3ms) minofs: 18 (0ms) reads: 10972 (4734ms) |
files: 193 ands: 2827 (27ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 2827 (2069ms) |
files: 193 ands: 2410 (14ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 2410 (23ms) |
files: 193 ands: 2410 (15ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 2008 (20ms) |
| gen_redmimicry.yar | files: 0 ands: 4176 (215ms) ors: 369 (0ms) minofs: 18 (0ms) reads: 3798 (1837ms) |
files: 0 ands: 1762 (36ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 1762 (1993ms) |
files: 0 ands: 1387 (17ms) ors: 18 (0ms) minofs: 1 (0ms) reads: 1387 (15ms) |
files: 0 ands: 1387 (16ms) ors: 18 (0ms) minofs: 1 (0ms) reads: 1157 (13ms) |
| gen_redsails.yar | files: 1 ands: 3461 (91ms) ors: 207 (0ms) minofs: 18 (0ms) reads: 3398 (798ms) |
files: 1 ands: 797 (8ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 797 (219ms) |
files: 1 ands: 761 (9ms) ors: 18 (0ms) minofs: 1 (0ms) reads: 761 (15ms) |
files: 1 ands: 761 (9ms) ors: 18 (0ms) minofs: 1 (0ms) reads: 661 (14ms) |
| gen_regsrv32_issue.yar | empty | empty | empty | empty |
| gen_remote_potato0.yar | files: 0 ands: 10678 (335ms) ors: 2123 (0ms) minofs: 9 (0ms) reads: 8980 (2747ms) |
files: 0 ands: 1626 (23ms) ors: 54 (0ms) minofs: 9 (0ms) reads: 1572 (1575ms) |
files: 0 ands: 682 (5ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 646 (31ms) |
files: 0 ands: 682 (5ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 436 (6ms) |
| gen_rottenpotato.yar | files: 0 ands: 24915 (698ms) ors: 477 (0ms) minofs: 18 (0ms) reads: 23609 (2576ms) |
files: 0 ands: 2868 (56ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 2868 (910ms) |
files: 0 ands: 2112 (18ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 2112 (29ms) |
files: 0 ands: 2112 (18ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 867 (11ms) |
| gen_rtf_malver_objects.yar | files: 3 ands: 913 (13ms) ors: 162 (0ms) minofs: 9 (0ms) reads: 859 (708ms) |
files: 3 ands: 216 (1ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 216 (124ms) |
files: 3 ands: 216 (1ms) ors: 0 (0ms) minofs: 2 (0ms) reads: 216 (1ms) |
files: 3 ands: 216 (1ms) ors: 0 (0ms) minofs: 2 (0ms) reads: 126 (0ms) |
| gen_sfx_with_microsoft_copyright.yar | files: 10 ands: 9423 (636ms) ors: 207 (0ms) minofs: 18 (0ms) reads: 8136 (2597ms) |
files: 10 ands: 2457 (110ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 2421 (1430ms) |
files: 10 ands: 2457 (72ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 2421 (60ms) |
files: 10 ands: 2457 (81ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 1710 (41ms) |
| gen_sharpcat.yar | files: 0 ands: 1584 (112ms) ors: 81 (0ms) minofs: 9 (0ms) reads: 1485 (422ms) |
files: 0 ands: 711 (29ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 711 (244ms) |
files: 0 ands: 36 (1ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 36 (1ms) |
files: 0 ands: 36 (1ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 36 (1ms) |
| gen_shikataganai.yar | files: 1338 ands: 1836 (1ms) ors: 216 (0ms) minofs: 9 (0ms) reads: 324 (86ms) |
files: 1338 ands: 756 (1ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 324 (244ms) |
files: 1338 ands: 756 (1ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 324 (1ms) |
files: 1338 ands: 756 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 27 (0ms) |
| gen_sign_anomalies.yar | files: 0 ands: 3023 (175ms) ors: 27 (0ms) minofs: 0 (0ms) reads: 2749 (252ms) |
files: 0 ands: 409 (53ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 409 (104ms) |
files: 0 ands: 409 (47ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 409 (27ms) |
files: 0 ands: 409 (48ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 382 (20ms) |
| gen_solarwinds_credential_stealer.yar | files: 0 ands: 135525 (2828ms) ors: 117348 (353ms) minofs: 18 (0ms) reads: 80002 (34239ms) |
degenerate | degenerate | degenerate |
| gen_susp_bat2exe.yar | files: 6 ands: 1847 (68ms) ors: 162 (0ms) minofs: 9 (0ms) reads: 1748 (835ms) |
files: 6 ands: 1260 (48ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 1260 (525ms) |
files: 6 ands: 1152 (24ms) ors: 0 (0ms) minofs: 5 (0ms) reads: 1152 (15ms) |
files: 6 ands: 1152 (24ms) ors: 0 (0ms) minofs: 5 (0ms) reads: 338 (4ms) |
| gen_susp_bat_aux.yar | files: 0 ands: 1138 (28ms) ors: 126 (0ms) minofs: 9 (0ms) reads: 1048 (313ms) |
files: 0 ands: 599 (8ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 599 (78ms) |
files: 0 ands: 130 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 130 (0ms) |
files: 0 ands: 130 (1ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 130 (1ms) |
| gen_susp_cmd_var_expansion.yar | files: 414 ands: 267 (8ms) ors: 54 (0ms) minofs: 0 (0ms) reads: 231 (244ms) |
files: 414 ands: 210 (5ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 210 (205ms) |
files: 414 ands: 210 (6ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 210 (9ms) |
files: 414 ands: 210 (6ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 210 (9ms) |
| gen_susp_hacktool.yar | files: 6 ands: 405 (32ms) ors: 54 (0ms) minofs: 9 (0ms) reads: 387 (162ms) |
files: 6 ands: 171 (14ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 171 (127ms) |
files: 6 ands: 171 (9ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 171 (11ms) |
files: 6 ands: 171 (8ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 171 (11ms) |
| gen_susp_js_obfuscatorio.yar | degenerate | degenerate | degenerate | degenerate |
| gen_susp_lnk.yar | degenerate | degenerate | degenerate | degenerate |
| gen_susp_lnk_files.yar | files: 16316 ands: 18430 (438ms) ors: 8589 (16ms) minofs: 27 (0ms) reads: 14613 (1765ms) |
degenerate | degenerate | degenerate |
| gen_susp_obfuscation.yar | files: 1188 ands: 17503 (435ms) ors: 2277 (1ms) minofs: 54 (0ms) reads: 16427 (20553ms) |
files: 1188 ands: 2408 (7ms) ors: 558 (0ms) minofs: 54 (0ms) reads: 2336 (4117ms) |
files: 1188 ands: 2408 (4ms) ors: 558 (0ms) minofs: 26 (0ms) reads: 2336 (7ms) |
files: 1188 ands: 2408 (4ms) ors: 558 (0ms) minofs: 26 (0ms) reads: 2027 (6ms) |
| gen_susp_office_dropper.yar | files: 123353 ands: 10793 (564ms) ors: 1044 (2ms) minofs: 63 (0ms) reads: 9839 (2543ms) |
files: 123353 ands: 3545 (123ms) ors: 180 (1ms) minofs: 63 (0ms) reads: 3401 (1702ms) |
files: 123353 ands: 3238 (70ms) ors: 180 (0ms) minofs: 44 (0ms) reads: 3128 (63ms) |
files: 123353 ands: 3238 (67ms) ors: 180 (0ms) minofs: 44 (0ms) reads: 1984 (35ms) |
| gen_susp_ps_jab.yar | files: 3313 ands: 1020 (52ms) ors: 153 (0ms) minofs: 9 (0ms) reads: 774 (426ms) |
files: 3313 ands: 447 (15ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 375 (1283ms) |
files: 3313 ands: 447 (9ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 375 (8ms) |
files: 3313 ands: 447 (9ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 285 (5ms) |
| gen_susp_sfx.yar | files: 0 ands: 302 (16ms) ors: 27 (0ms) minofs: 9 (0ms) reads: 284 (287ms) |
files: 0 ands: 107 (2ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 107 (105ms) |
files: 0 ands: 107 (3ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 107 (6ms) |
files: 0 ands: 107 (3ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 107 (6ms) |
| gen_susp_strings_in_ole.yar | files: 41 ands: 4543 (113ms) ors: 162 (0ms) minofs: 9 (0ms) reads: 4489 (1479ms) |
files: 41 ands: 1144 (2ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 1144 (1980ms) |
files: 41 ands: 1144 (2ms) ors: 0 (0ms) minofs: 7 (0ms) reads: 1144 (8ms) |
files: 41 ands: 1144 (2ms) ors: 0 (0ms) minofs: 7 (0ms) reads: 956 (4ms) |
| gen_susp_wer_files.yar | files: 0 ands: 5561 (268ms) ors: 1486 (10ms) minofs: 18 (0ms) reads: 4515 (1149ms) |
files: 0 ands: 578 (8ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 578 (624ms) |
files: 0 ands: 470 (3ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 470 (6ms) |
files: 0 ands: 470 (4ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 228 (3ms) |
| gen_susp_xor.yar | files: 119016 ands: 106898 (2361ms) ors: 38502 (66ms) minofs: 0 (0ms) reads: 90122 (8787ms) |
files: 119016 ands: 73348 (976ms) ors: 18378 (11ms) minofs: 0 (0ms) reads: 73312 (100243ms) |
files: 119016 ands: 73348 (609ms) ors: 18378 (6ms) minofs: 0 (0ms) reads: 73312 (830ms) |
files: 119016 ands: 73348 (606ms) ors: 18378 (6ms) minofs: 0 (0ms) reads: 15320 (74ms) |
| gen_suspicious_InPage_dropper.yar | files: 0 ands: 529 (16ms) ors: 63 (0ms) minofs: 9 (0ms) reads: 466 (701ms) |
files: 0 ands: 243 (29ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 225 (838ms) |
files: 0 ands: 54 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 45 (0ms) |
files: 0 ands: 54 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 45 (0ms) |
| gen_suspicious_strings.yar | files: 11697 ands: 88125 (2218ms) ors: 30240 (36ms) minofs: 207 (0ms) reads: 73666 (33821ms) |
degenerate | degenerate | degenerate |
| gen_sysinternals_anomaly.yar | files: 21 ands: 530 (26ms) ors: 27 (0ms) minofs: 0 (0ms) reads: 512 (178ms) |
files: 21 ands: 235 (4ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 235 (210ms) |
files: 21 ands: 235 (5ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 235 (6ms) |
files: 21 ands: 235 (5ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 235 (6ms) |
| gen_tempracer.yar | files: 2 ands: 9594 (271ms) ors: 288 (0ms) minofs: 18 (0ms) reads: 8514 (980ms) |
files: 2 ands: 2012 (25ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 2012 (437ms) |
files: 2 ands: 1332 (17ms) ors: 18 (0ms) minofs: 2 (0ms) reads: 1332 (33ms) |
files: 2 ands: 1332 (14ms) ors: 18 (0ms) minofs: 2 (0ms) reads: 795 (14ms) |
| gen_thumbs_cloaking.yar | empty | empty | empty | empty |
| gen_transformed_strings.yar | files: 8021 ands: 6712 (240ms) ors: 612 (0ms) minofs: 9 (0ms) reads: 6376 (6459ms) |
files: 8021 ands: 2171 (16ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 2171 (4575ms) |
files: 8021 ands: 2171 (9ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 2171 (11ms) |
files: 8021 ands: 2171 (10ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 1691 (9ms) |
| gen_tscookie_rat.yar | degenerate | degenerate | degenerate | degenerate |
| gen_unicorn_obfuscated_powershell.yar | files: 0 ands: 1218 (31ms) ors: 135 (0ms) minofs: 18 (0ms) reads: 1119 (812ms) |
files: 0 ands: 524 (4ms) ors: 0 (0ms) minofs: 18 (0ms) reads: 488 (709ms) |
files: 0 ands: 458 (2ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 431 (6ms) |
files: 0 ands: 458 (2ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 259 (3ms) |
| gen_unspecified_malware.yar | files: 0 ands: 13588 (529ms) ors: 522 (0ms) minofs: 27 (0ms) reads: 12862 (1790ms) |
files: 0 ands: 4014 (103ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 4014 (1152ms) |
files: 0 ands: 2193 (29ms) ors: 36 (0ms) minofs: 7 (0ms) reads: 2193 (30ms) |
files: 0 ands: 2193 (31ms) ors: 36 (0ms) minofs: 7 (0ms) reads: 1786 (23ms) |
| gen_url_persitence.yar | yaramod_error | yaramod_error | yaramod_error | yaramod_error |
| gen_url_to_local_exe.yar | files: 0 ands: 1420 (75ms) ors: 117 (0ms) minofs: 9 (0ms) reads: 1249 (349ms) |
files: 0 ands: 433 (8ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 415 (434ms) |
files: 0 ands: 397 (7ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 388 (11ms) |
files: 0 ands: 397 (7ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 388 (12ms) |
| gen_vhd_anomaly.yar | files: 127 ands: 153 (10ms) ors: 27 (0ms) minofs: 0 (0ms) reads: 144 (217ms) |
files: 127 ands: 45 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 45 (38ms) |
files: 127 ands: 45 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 45 (1ms) |
files: 127 ands: 45 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 45 (0ms) |
| gen_webshells.yar | degenerate | degenerate | degenerate | degenerate |
| gen_webshells_ext_vars.yar | yaramod_error | yaramod_error | yaramod_error | yaramod_error |
| gen_win_privesc.yar | files: 0 ands: 6352 (167ms) ors: 378 (0ms) minofs: 36 (0ms) reads: 6163 (1647ms) |
files: 0 ands: 1516 (19ms) ors: 54 (0ms) minofs: 36 (0ms) reads: 1516 (927ms) |
files: 0 ands: 1155 (12ms) ors: 54 (0ms) minofs: 0 (0ms) reads: 1155 (15ms) |
files: 0 ands: 1155 (12ms) ors: 54 (0ms) minofs: 0 (0ms) reads: 680 (8ms) |
| gen_winpayloads.yar | files: 0 ands: 7554 (71ms) ors: 5469 (6ms) minofs: 18 (0ms) reads: 5296 (1848ms) |
degenerate | degenerate | degenerate |
| gen_winshells.yar | files: 3 ands: 34598 (790ms) ors: 2016 (0ms) minofs: 90 (0ms) reads: 33364 (4116ms) |
files: 3 ands: 6596 (92ms) ors: 162 (0ms) minofs: 90 (0ms) reads: 6596 (1045ms) |
files: 3 ands: 4854 (36ms) ors: 162 (0ms) minofs: 6 (0ms) reads: 4854 (83ms) |
files: 3 ands: 4854 (36ms) ors: 162 (0ms) minofs: 6 (0ms) reads: 1195 (12ms) |
| gen_wmi_implant.yar | files: 0 ands: 1932 (53ms) ors: 162 (0ms) minofs: 9 (0ms) reads: 1770 (690ms) |
files: 0 ands: 382 (4ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 382 (377ms) |
files: 0 ands: 382 (5ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 382 (8ms) |
files: 0 ands: 382 (4ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 337 (7ms) |
| gen_xor_hunting.yar | files: 662770 ands: 1081801 (52613ms) ors: 78759 (203ms) minofs: 9 (5ms) reads: 1045083 (132854ms) |
files: 662770 ands: 415553 (7343ms) ors: 36828 (16ms) minofs: 9 (5ms) reads: 415553 (652294ms) |
files: 662770 ands: 415553 (5748ms) ors: 36828 (8ms) minofs: 9 (5ms) reads: 415553 (19712ms) |
files: 662770 ands: 415553 (5654ms) ors: 36828 (9ms) minofs: 9 (6ms) reads: 109298 (611ms) |
| gen_xored_pe.yar | degenerate | degenerate | degenerate | degenerate |
| gen_xtreme_rat.yar | degenerate | degenerate | degenerate | degenerate |
| gen_ysoserial_payloads.yar | files: 2 ands: 4040 (131ms) ors: 486 (0ms) minofs: 45 (0ms) reads: 3889 (1833ms) |
files: 2 ands: 986 (8ms) ors: 108 (0ms) minofs: 45 (0ms) reads: 986 (1290ms) |
files: 2 ands: 373 (1ms) ors: 108 (0ms) minofs: 0 (0ms) reads: 373 (3ms) |
files: 2 ands: 373 (1ms) ors: 108 (0ms) minofs: 0 (0ms) reads: 155 (2ms) |
| gen_zoho_rcef_logs.yar | files: 0 ands: 1054 (37ms) ors: 126 (0ms) minofs: 9 (0ms) reads: 982 (598ms) |
files: 0 ands: 254 (3ms) ors: 18 (0ms) minofs: 9 (0ms) reads: 236 (607ms) |
files: 0 ands: 129 (2ms) ors: 8 (0ms) minofs: 0 (0ms) reads: 116 (2ms) |
files: 0 ands: 129 (1ms) ors: 8 (0ms) minofs: 0 (0ms) reads: 88 (2ms) |
| general_cloaking.yar | yaramod_error | yaramod_error | yaramod_error | yaramod_error |
| general_officemacros.yar | files: 23 ands: 2949 (145ms) ors: 306 (0ms) minofs: 36 (0ms) reads: 2760 (2625ms) |
files: 23 ands: 1152 (25ms) ors: 36 (0ms) minofs: 36 (0ms) reads: 1116 (2538ms) |
files: 23 ands: 871 (13ms) ors: 36 (0ms) minofs: 10 (0ms) reads: 850 (11ms) |
files: 23 ands: 871 (13ms) ors: 36 (0ms) minofs: 10 (0ms) reads: 778 (10ms) |
| generic_anomalies.yar | yaramod_error | yaramod_error | yaramod_error | yaramod_error |
| generic_cryptors.yar | files: 0 ands: 183 (0ms) ors: 27 (0ms) minofs: 0 (0ms) reads: 174 (355ms) |
files: 0 ands: 44 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 44 (55ms) |
files: 0 ands: 44 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 44 (0ms) |
files: 0 ands: 44 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 44 (0ms) |
| generic_dumps.yar | files: 0 ands: 1741 (30ms) ors: 144 (0ms) minofs: 9 (0ms) reads: 1696 (726ms) |
files: 0 ands: 301 (5ms) ors: 36 (0ms) minofs: 9 (0ms) reads: 301 (422ms) |
files: 0 ands: 301 (5ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 301 (3ms) |
files: 0 ands: 301 (5ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 274 (3ms) |
| generic_exe2hex_payload.yar | files: 0 ands: 1590 (27ms) ors: 270 (0ms) minofs: 36 (0ms) reads: 1483 (1498ms) |
files: 0 ands: 430 (2ms) ors: 54 (0ms) minofs: 36 (0ms) reads: 430 (552ms) |
files: 0 ands: 183 (1ms) ors: 54 (0ms) minofs: 0 (0ms) reads: 183 (1ms) |
files: 0 ands: 183 (1ms) ors: 54 (0ms) minofs: 0 (0ms) reads: 174 (1ms) |
| hktl_bruteratel_c4.yar | files: 0 ands: 51297 (1271ms) ors: 6705 (7ms) minofs: 36 (3ms) reads: 47871 (27247ms) |
files: 0 ands: 22578 (430ms) ors: 54 (0ms) minofs: 36 (2ms) reads: 22542 (21493ms) |
files: 0 ands: 22239 (266ms) ors: 54 (0ms) minofs: 25 (1ms) reads: 22221 (520ms) |
files: 0 ands: 22239 (269ms) ors: 54 (0ms) minofs: 25 (1ms) reads: 8290 (71ms) |
| hktl_bruteratel_c4_badger.yar | files: 0 ands: 180 (0ms) ors: 72 (0ms) minofs: 9 (0ms) reads: 108 (210ms) |
files: 0 ands: 108 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 108 (704ms) |
files: 0 ands: 108 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 108 (0ms) |
files: 0 ands: 108 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 108 (0ms) |
| mal_avemaria_rat.yar | files: 0 ands: 699 (33ms) ors: 81 (0ms) minofs: 9 (0ms) reads: 663 (955ms) |
files: 0 ands: 231 (6ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 231 (452ms) |
files: 0 ands: 97 (6ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 97 (2ms) |
files: 0 ands: 97 (5ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 97 (2ms) |
| mal_codecov_hack.yar | files: 0 ands: 864 (21ms) ors: 54 (0ms) minofs: 9 (0ms) reads: 837 (229ms) |
files: 0 ands: 192 (1ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 192 (84ms) |
files: 0 ands: 160 (1ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 160 (2ms) |
files: 0 ands: 160 (1ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 160 (2ms) |
| mal_crime_unknown.yar | files: 68 ands: 15390 (240ms) ors: 144 (0ms) minofs: 27 (0ms) reads: 14994 (2516ms) |
files: 68 ands: 4488 (11ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 4488 (3702ms) |
files: 68 ands: 4470 (19ms) ors: 36 (0ms) minofs: 9 (0ms) reads: 4470 (43ms) |
files: 68 ands: 4470 (9ms) ors: 36 (0ms) minofs: 9 (0ms) reads: 2442 (9ms) |
| mal_cryp_rat.yar | degenerate | degenerate | degenerate | degenerate |
| mal_lnx_implant_may22.yar | files: 6 ands: 16559 (467ms) ors: 2115 (3ms) minofs: 90 (0ms) reads: 13876 (10143ms) |
files: 6 ands: 7557 (192ms) ors: 162 (0ms) minofs: 90 (0ms) reads: 6783 (6117ms) |
files: 6 ands: 3929 (48ms) ors: 162 (0ms) minofs: 9 (0ms) reads: 3704 (112ms) |
files: 6 ands: 3929 (52ms) ors: 162 (0ms) minofs: 9 (0ms) reads: 2000 (33ms) |
| mal_netsha.yar | degenerate | degenerate | degenerate | degenerate |
| mal_passwordstate_backdoor.yar | files: 0 ands: 11350 (339ms) ors: 234 (0ms) minofs: 18 (0ms) reads: 10742 (1411ms) |
files: 0 ands: 1397 (34ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 1397 (717ms) |
files: 0 ands: 1226 (11ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 1226 (21ms) |
files: 0 ands: 1226 (11ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 839 (15ms) |
| mal_qbot_payloads.yar | files: 0 ands: 8905 (68ms) ors: 720 (0ms) minofs: 18 (0ms) reads: 8617 (22317ms) |
files: 0 ands: 1201 (8ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 1165 (5336ms) |
files: 0 ands: 956 (1ms) ors: 18 (0ms) minofs: 4 (0ms) reads: 934 (2ms) |
files: 0 ands: 956 (1ms) ors: 18 (0ms) minofs: 4 (0ms) reads: 928 (2ms) |
| mal_ransom_lorenz.yar | files: 0 ands: 4453 (187ms) ors: 342 (0ms) minofs: 27 (0ms) reads: 3988 (2910ms) |
files: 0 ands: 1727 (63ms) ors: 36 (0ms) minofs: 27 (0ms) reads: 1619 (1796ms) |
files: 0 ands: 1116 (39ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 1107 (39ms) |
files: 0 ands: 1116 (45ms) ors: 36 (0ms) minofs: 0 (0ms) reads: 484 (14ms) |
| pua_cryptocoin_miner.yar | files: 0 ands: 6396 (109ms) ors: 702 (0ms) minofs: 36 (0ms) reads: 6113 (8796ms) |
files: 0 ands: 1461 (15ms) ors: 54 (0ms) minofs: 36 (0ms) reads: 1461 (2287ms) |
files: 0 ands: 1461 (15ms) ors: 54 (0ms) minofs: 0 (0ms) reads: 1461 (14ms) |
files: 0 ands: 1461 (15ms) ors: 54 (0ms) minofs: 0 (0ms) reads: 1152 (13ms) |
| pua_xmrig_monero_miner.yar | files: 0 ands: 5038 (132ms) ors: 450 (0ms) minofs: 45 (0ms) reads: 4858 (2280ms) |
files: 0 ands: 1039 (10ms) ors: 72 (0ms) minofs: 45 (0ms) reads: 1039 (1520ms) |
files: 0 ands: 999 (8ms) ors: 72 (0ms) minofs: 0 (0ms) reads: 999 (11ms) |
files: 0 ands: 999 (8ms) ors: 72 (0ms) minofs: 0 (0ms) reads: 777 (9ms) |
| pup_lightftp.yar | files: 0 ands: 4041 (197ms) ors: 315 (0ms) minofs: 18 (0ms) reads: 3816 (1793ms) |
files: 0 ands: 730 (6ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 730 (1954ms) |
files: 0 ands: 148 (0ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 148 (2ms) |
files: 0 ands: 148 (0ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 148 (2ms) |
| spy_equation_fiveeyes.yar | files: 140 ands: 121251 (4565ms) ors: 6408 (8ms) minofs: 333 (0ms) reads: 111307 (23471ms) |
files: 140 ands: 35204 (933ms) ors: 594 (0ms) minofs: 333 (0ms) reads: 35024 (18308ms) |
files: 140 ands: 18558 (266ms) ors: 594 (0ms) minofs: 50 (0ms) reads: 18441 (464ms) |
files: 140 ands: 18558 (271ms) ors: 594 (0ms) minofs: 50 (0ms) reads: 8251 (127ms) |
| spy_querty_fiveeyes.yar | files: 0 ands: 70486 (2108ms) ors: 3519 (1ms) minofs: 81 (0ms) reads: 66757 (15689ms) |
files: 0 ands: 12736 (202ms) ors: 144 (0ms) minofs: 81 (0ms) reads: 12736 (7361ms) |
files: 0 ands: 6523 (74ms) ors: 144 (0ms) minofs: 2 (0ms) reads: 6523 (115ms) |
files: 0 ands: 6523 (74ms) ors: 144 (0ms) minofs: 2 (0ms) reads: 3785 (49ms) |
| spy_regin_fiveeyes.yar | files: 2043 ands: 97649 (4095ms) ors: 5094 (29ms) minofs: 180 (2ms) reads: 91162 (22604ms) |
files: 2055 ands: 34834 (1219ms) ors: 306 (0ms) minofs: 180 (2ms) reads: 34654 (18405ms) |
files: 2055 ands: 21202 (551ms) ors: 290 (0ms) minofs: 83 (1ms) reads: 21039 (904ms) |
files: 2055 ands: 21202 (520ms) ors: 290 (0ms) minofs: 83 (1ms) reads: 10249 (270ms) |
| thor-hacktools.yar | degenerate | degenerate | degenerate | degenerate |
| thor-webshells.yar | files: 2682 ands: 770031 (18075ms) ors: 72029 (73ms) minofs: 5724 (1ms) reads: 717589 (388162ms) |
degenerate | degenerate | degenerate |
| thor_inverse_matches.yar | yaramod_error | yaramod_error | yaramod_error | yaramod_error |
| threat_lenovo_superfish.yar | files: 0 ands: 1849 (74ms) ors: 108 (0ms) minofs: 9 (0ms) reads: 1813 (770ms) |
files: 0 ands: 407 (7ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 407 (302ms) |
files: 0 ands: 297 (3ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 297 (4ms) |
files: 0 ands: 297 (3ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 297 (5ms) |
| vul_backdoor_antitheftweb.yar | files: 0 ands: 1011 (36ms) ors: 72 (0ms) minofs: 0 (0ms) reads: 917 (140ms) |
files: 0 ands: 363 (5ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 363 (204ms) |
files: 0 ands: 363 (3ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 363 (5ms) |
files: 0 ands: 363 (4ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 362 (5ms) |
| vul_confluence_questions_plugin_cve_2022_26138.yar | files: 0 ands: 2052 (58ms) ors: 135 (0ms) minofs: 18 (0ms) reads: 1838 (501ms) |
files: 0 ands: 572 (6ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 518 (406ms) |
files: 0 ands: 187 (0ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 178 (1ms) |
files: 0 ands: 187 (0ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 178 (1ms) |
| vul_cve_2020_0688.yar | files: 0 ands: 2716 (72ms) ors: 99 (0ms) minofs: 0 (0ms) reads: 2604 (533ms) |
files: 0 ands: 203 (2ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 185 (130ms) |
files: 0 ands: 203 (1ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 185 (2ms) |
files: 0 ands: 203 (1ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 185 (2ms) |
| vul_cve_2020_1938.yar | files: 0 ands: 1018 (34ms) ors: 81 (0ms) minofs: 0 (0ms) reads: 928 (239ms) |
files: 0 ands: 338 (4ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 302 (131ms) |
files: 0 ands: 201 (2ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 174 (5ms) |
files: 0 ands: 201 (2ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 174 (5ms) |
| vul_cve_2021_3438_printdriver.yar | files: 0 ands: 1572 (75ms) ors: 54 (0ms) minofs: 9 (0ms) reads: 1470 (363ms) |
files: 0 ands: 406 (10ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 406 (84ms) |
files: 0 ands: 196 (2ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 196 (5ms) |
files: 0 ands: 196 (3ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 196 (5ms) |
| vul_cve_2021_386471_omi.yar | files: 0 ands: 3131 (14ms) ors: 369 (0ms) minofs: 9 (0ms) reads: 2762 (1409ms) |
files: 0 ands: 965 (3ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 947 (338ms) |
files: 0 ands: 139 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 130 (1ms) |
files: 0 ands: 139 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 130 (1ms) |
| vul_dell_bios_upd_driver.yar | files: 0 ands: 528 (3ms) ors: 81 (0ms) minofs: 9 (0ms) reads: 501 (730ms) |
files: 0 ands: 113 (0ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 113 (507ms) |
files: 0 ands: 42 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 42 (0ms) |
files: 0 ands: 42 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 42 (0ms) |
| vul_drivecrypt.yar | files: 0 ands: 2680 (85ms) ors: 270 (0ms) minofs: 18 (0ms) reads: 2502 (1260ms) |
files: 0 ands: 865 (14ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 865 (1135ms) |
files: 0 ands: 492 (3ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 492 (5ms) |
files: 0 ands: 492 (3ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 464 (4ms) |
| vul_jquery_fileupload_cve_2018_9206.yar | files: 0 ands: 1156 (42ms) ors: 81 (0ms) minofs: 9 (0ms) reads: 1075 (392ms) |
files: 0 ands: 324 (6ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 324 (494ms) |
files: 0 ands: 185 (3ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 185 (2ms) |
files: 0 ands: 185 (3ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 185 (2ms) |
| vul_php_zlib_backdoor.yar | files: 0 ands: 555 (9ms) ors: 54 (0ms) minofs: 9 (0ms) reads: 518 (465ms) |
files: 0 ands: 219 (1ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 219 (464ms) |
files: 0 ands: 48 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 48 (0ms) |
files: 0 ands: 48 (0ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 48 (0ms) |
| vuln_gigabyte_driver.yar | files: 0 ands: 10468 (233ms) ors: 108 (0ms) minofs: 9 (0ms) reads: 10333 (6470ms) |
files: 0 ands: 1658 (55ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 1658 (1734ms) |
files: 0 ands: 1658 (43ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 1658 (28ms) |
files: 0 ands: 1658 (48ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 1459 (24ms) |
| vuln_proxynotshell_cve_2022_41040.yar | files: 0 ands: 3715 (140ms) ors: 360 (0ms) minofs: 18 (0ms) reads: 3387 (540ms) |
files: 0 ands: 479 (5ms) ors: 90 (0ms) minofs: 18 (0ms) reads: 443 (177ms) |
files: 0 ands: 479 (5ms) ors: 90 (0ms) minofs: 9 (0ms) reads: 443 (6ms) |
files: 0 ands: 479 (5ms) ors: 90 (0ms) minofs: 9 (0ms) reads: 295 (4ms) |
| webshell_regeorg.yar | files: 0 ands: 2975 (143ms) ors: 216 (0ms) minofs: 9 (0ms) reads: 2822 (773ms) |
files: 0 ands: 935 (23ms) ors: 0 (0ms) minofs: 9 (0ms) reads: 935 (1125ms) |
files: 0 ands: 295 (5ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 295 (5ms) |
files: 0 ands: 295 (3ms) ors: 0 (0ms) minofs: 0 (0ms) reads: 294 (3ms) |
| webshell_xsl_transform.yar | files: 0 ands: 5127 (90ms) ors: 3541 (16ms) minofs: 18 (0ms) reads: 3694 (1915ms) |
files: 0 ands: 354 (4ms) ors: 18 (0ms) minofs: 18 (0ms) reads: 336 (720ms) |
files: 0 ands: 143 (1ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 125 (45ms) |
files: 0 ands: 143 (1ms) ors: 18 (0ms) minofs: 0 (0ms) reads: 125 (2ms) |
| yara_mixed_ext_vars.yar | yaramod_error | yaramod_error | yaramod_error | yaramod_error |
| total | files: 3286702 ands: 13904148 (367369ms) ors: 3733074 (6817ms) minofs: 34515 (124ms) reads: 11791518 (3732914ms) |
files: 3504073 ands: 2409095 (45238ms) ors: 120942 (62ms) minofs: 23850 (124ms) reads: 2362727 (1994155ms) |
files: 3504073 ands: 1870613 (25080ms) ors: 116661 (25ms) minofs: 3779 (56ms) reads: 1839234 (53297ms) |
files: 3504073 ands: 1870613 (24210ms) ors: 116661 (27ms) minofs: 3779 (52ms) reads: 899306 (11575ms) |