Windows
Analysis Report
hesaphareketi-01.pdf.SCR.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- hesaphareketi-01.pdf.SCR.exe (PID: 3212 cmdline:
"C:\Users\ user\Deskt op\hesapha reketi-01. pdf.SCR.ex e" MD5: FB5090CA9F961F02946EF0D3D5B8646F) - RegAsm.exe (PID: 6908 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13) - WerFault.exe (PID: 2840 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 908 -s 162 0 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
XWorm | Malware with wide range of capabilities ranging from RAT to ransomware. | No Attribution |
{"C2 url": ["204.44.127.158"], "Port": "7000", "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V3.1"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
Click to see the 3 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
Click to see the 5 entries |
Timestamp: | 04/18/24-21:18:27.506838 |
SID: | 2853193 |
Source Port: | 49717 |
Destination Port: | 7000 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/18/24-21:17:04.745694 |
SID: | 2855924 |
Source Port: | 49717 |
Destination Port: | 7000 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/18/24-21:20:35.646088 |
SID: | 2852870 |
Source Port: | 7000 |
Destination Port: | 49717 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/18/24-21:20:35.646088 |
SID: | 2852874 |
Source Port: | 7000 |
Destination Port: | 49717 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Process Stats: |
Source: | Code function: | 0_2_00C0CD3C | |
Source: | Code function: | 0_2_00C0F5A8 | |
Source: | Code function: | 0_2_00C0F5B8 | |
Source: | Code function: | 2_2_02F653E8 | |
Source: | Code function: | 2_2_02F68FC0 | |
Source: | Code function: | 2_2_02F65CB8 | |
Source: | Code function: | 2_2_02F650A0 |
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Static PE information: |
Source: | Code function: | 0_2_074E395D | |
Source: | Code function: | 2_2_02F67251 |
Source: | Static PE information: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File source: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior |
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 12 Process Injection | 11 Masquerading | OS Credential Dumping | 21 Security Software Discovery | Remote Services | 11 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 31 Virtualization/Sandbox Evasion | Security Account Manager | 31 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 12 Process Injection | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 13 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 12 Obfuscated Files or Information | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 22 Software Packing | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 Timestomp | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 1 DLL Side-Loading | /etc/passwd and /etc/shadow | Network Sniffing | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
29% | ReversingLabs | Win32.Trojan.Generic | ||
100% | Avira | HEUR/AGEN.1311129 | ||
100% | Joe Sandbox ML |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
204.44.127.158 | unknown | United States | 8100 | ASN-QUADRANET-GLOBALUS | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428353 |
Start date and time: | 2024-04-18 21:15:45 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 8m 6s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 16 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | hesaphareketi-01.pdf.SCR.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@4/6@0/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.42.73.29
- Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target RegAsm.exe, PID 6908 because it is empty
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: hesaphareketi-01.pdf.SCR.exe
Time | Type | Description |
---|---|---|
21:16:51 | API Interceptor | |
21:20:45 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ASN-QUADRANET-GLOBALUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_RegAsm.exe_753d7a9c15ccceb1d7e13a593b195ae629227ad_fcf0f5bb_bed3a14f-1e03-41fc-a65d-1a376281afbf\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.2248867408680266 |
Encrypted: | false |
SSDEEP: | 192:r1/eFy/BzZCp0BU/qaU5tWyhw/dzuiFRZ24IO8V:ZhBzZPBU/qaUayWFzuiFRY4IO8V |
MD5: | 30BC943952DDA4E343D1B8C630046DCE |
SHA1: | 566B0E899F9C5E54049C09875C2BC637A2DED32F |
SHA-256: | 31BCFEBC03325A8CB318C208927816C1FAAFDC9F1F36AE4672B8C06057E70D74 |
SHA-512: | 05F6DA4E74B092219F03019CAEBF13CC5305EBA3C9B51C8A7E5CE5E11656C0A7A2143531263E8F03689DD8E5162F7724ED500781C34F3DF781C1A18CD69CB75B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4721 |
Entropy (8bit): | 4.442524157620423 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsJJg77aI9jRyWpW8VY/Ym8M4JfufbFNU+q8vZfBQgLuOLu/rd:uIjfbI7lx7VzJfuvUKZZBuku/rd |
MD5: | 19BB5BF49E8EE780924621008F0BDF84 |
SHA1: | CFEF61507476D6E068B4A244CDC6BCE3C0516B5E |
SHA-256: | 11E24F5F82EA101A07F01697BC258D45DE81DEC30732126E2275DBA2A04437B0 |
SHA-512: | 26C972DF96D501CEA120AC84D0F5FF9473E16A32E03D181E84187AA1B155E2B53A078968CFBF2D75C6EF611CA1DA5319EEFEA8F0FB145686B3C605AD3EDCA2D8 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 329103 |
Entropy (8bit): | 3.5515383607913122 |
Encrypted: | false |
SSDEEP: | 3072:q1Yt0CKotmxdVm4uEqWkclEXIlyjLTgRpl:mYt01og5m4DTlyXTg |
MD5: | F47031AB16EACF99564A73E74865C688 |
SHA1: | 62B36D31E901BD2C5C7E5420160503A7629C964E |
SHA-256: | B7CC24AD2CF338C5A850C814E644AA5633D7009F882157E89CA84EE6F3E1AA20 |
SHA-512: | 15225592A4B3DC47B0DA1162A25A7D07D261B2B8CBA0ABAE8B658EC0DCF01A17DAE8E146D15D0C560A4DBA09082F77A233EB36E79FEE74B1278971DEB09B6E56 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6378 |
Entropy (8bit): | 3.7165813907335488 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJpn6+JXorYZ8Hprq89bnAsfwNm:R6lXJZ6GX0YeJnTfn |
MD5: | 456CC33FDE630E3D2948F2A455938F30 |
SHA1: | 9CD6B0D8669A783D7D623C029B825C755FEC23E6 |
SHA-256: | 86D456DEFA71817AC705635EE6523EB74C625D602FEBEF31F433EDA2AF4D6C0C |
SHA-512: | 9DD99A8615D3DFF936FF11C0DE4AEB5CE11F0AAA6CBA2BC84DF5E3F903261CB7B455F5F86DC405E0CDBDA06A3FAFD33B6661C37E8A2B40192AB6CF0F92B40384 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\hesaphareketi-01.pdf.SCR.exe.log
Download File
Process: | C:\Users\user\Desktop\hesaphareketi-01.pdf.SCR.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1119 |
Entropy (8bit): | 5.345080863654519 |
Encrypted: | false |
SSDEEP: | 24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0Hj |
MD5: | 88593431AEF401417595E7A00FE86E5F |
SHA1: | 1714B8F6F6DCAAB3F3853EDABA7687F16DD331F4 |
SHA-256: | ED5E60336FB00579E0867B9615CBD0C560BB667FE3CEE0674F690766579F1032 |
SHA-512: | 1D442441F96E69D8A6D5FB7E8CF01F13AF88CA2C2D0960120151B15505DD1CADC607EF9983373BA8E422C65FADAB04A615968F335A875B5C075BB9A6D0F346C9 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.469496460235543 |
Encrypted: | false |
SSDEEP: | 6144:IzZfpi6ceLPx9skLmb0fYZWSP3aJG8nAgeiJRMMhA2zX4WABluuNqjDH5S:eZHtYZWOKnMM6bFpQj4 |
MD5: | E12236A4F467175E60CB5AEFD608888F |
SHA1: | E6EFDD82A5F7DCA11A5F73989FC0A9E74882AE63 |
SHA-256: | F4819D5F686DE8A7813299533F4BD3F3FC785148104C79431065BDDA717A00C9 |
SHA-512: | 379EC16E848F7DD9E65049F4DFFE41BBA68EC8733188BF093CB5D8F9B9F55EFA52D1A168B4530C1082AAAF38AD73F781E03BBD2A7F7F2FB0892FEA7C2EB89A91 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.786208215917898 |
TrID: |
|
File name: | hesaphareketi-01.pdf.SCR.exe |
File size: | 132'096 bytes |
MD5: | fb5090ca9f961f02946ef0d3d5b8646f |
SHA1: | eca31336c606d655506c7d382d882ca5edc70c79 |
SHA256: | 01f12f8f773c8b1b9aceaa069f261d2f1a768e969664e206fe8d84d06f028a27 |
SHA512: | 7ffd92a98b06de39b2299fb7717e62f60355cbcf922bbc435adbba0fe2dacf6abda459e7a64dc2d672d32f998bb090f46d300bdbb648996b175941d31d736ef0 |
SSDEEP: | 1536:keNuXrNMfAUWFMN9QrzY4M+d8iQTWd0uj9/SbSFCSsWmfqM3TT3Ru35M:keeNM5zN9gY4M5TFIcmHs3CsXUm |
TLSH: | 46D34D04FFAE4F1CDB04B1BC709106922BD88E668D777700A2DF6396AB332D6416275B |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...i.................0.................. ... ....@.. .......................`............@................................ |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x42192e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0xF7E2BC69 [Sat Oct 15 15:02:01 2101 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x218d8 | 0x53 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x22000 | 0x596 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x24000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x1f934 | 0x1fa00 | a45291d7b4156261c21095d6ad0b0efd | False | 0.7851176506916996 | data | 7.82816444087756 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x22000 | 0x596 | 0x600 | 9fd4216ac77341d0b6fbba7c12d92bb8 | False | 0.4127604166666667 | data | 4.023399333344362 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x24000 | 0xc | 0x200 | 98d980f87244042ce916e7c369155c06 | False | 0.044921875 | data | 0.10191042566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x220a0 | 0x30c | data | 0.4269230769230769 | ||
RT_MANIFEST | 0x223ac | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5489795918367347 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/18/24-21:18:27.506838 | TCP | 2853193 | ETPRO TROJAN Win32/XWorm V3 CnC Command - PING Outbound | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
04/18/24-21:17:04.745694 | TCP | 2855924 | ETPRO TROJAN Win32/XWorm V3 CnC Command - PING Outbound | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
04/18/24-21:20:35.646088 | TCP | 2852870 | ETPRO TROJAN Win32/XWorm CnC Checkin - Generic Prefix Bytes | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
04/18/24-21:20:35.646088 | TCP | 2852874 | ETPRO TROJAN Win32/XWorm CnC PING Command Inbound M2 | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 18, 2024 21:16:51.685770035 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:16:51.813210011 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:16:51.813584089 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:16:52.209707975 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:16:52.397197962 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:17:04.745693922 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:17:04.926453114 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:17:05.661227942 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:17:05.710455894 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:17:18.409749985 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:17:18.582700968 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:17:30.947493076 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:17:31.129282951 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:17:35.662568092 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:17:35.710520983 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:17:43.492079973 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:17:43.663395882 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:17:56.039016962 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:17:56.223094940 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:05.284401894 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:05.473345995 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:05.473416090 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:05.660985947 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:05.661211014 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:05.712153912 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:08.935916901 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:09.113827944 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:09.122421026 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:09.301398993 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:09.339629889 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:09.520142078 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:09.664474010 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:09.848436117 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:10.201885939 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:10.379614115 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:16.150680065 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:16.332882881 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:18.493870020 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:18.676896095 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:20.216828108 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:20.395034075 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:23.561522007 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:23.738989115 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:26.836702108 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:27.020267963 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:27.020323992 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:27.192991018 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:27.193243027 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:27.379481077 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:27.506838083 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:27.692106009 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:27.692240000 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:27.864414930 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:33.170784950 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:33.348372936 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:33.640429020 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:33.816992998 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:34.717633963 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:34.895136118 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:35.645272017 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:35.820204020 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:37.672364950 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:37.848242998 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:38.042829037 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:38.223464012 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:38.223519087 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:38.410739899 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:38.764468908 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:38.942343950 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:40.476615906 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:40.660959005 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:44.441792965 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:44.629276037 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:44.629350901 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:44.801271915 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:45.434815884 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:45.629626989 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:47.460990906 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:47.645546913 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:49.476452112 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:49.660770893 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:51.729756117 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:51.910864115 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:52.157732010 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:52.348274946 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:55.231641054 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:55.410717010 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:18:57.033931971 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:18:57.223817110 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:01.815879107 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:02.005052090 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:02.005135059 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:02.191925049 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:02.192040920 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:02.363965034 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:03.981406927 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:04.161076069 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:04.612457991 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:04.785769939 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:05.427290916 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:05.613858938 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:05.645241976 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:05.819977999 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:06.298130989 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:06.488877058 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:06.488955975 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:06.676589012 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:06.728741884 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:06.910741091 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:07.829437971 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:08.004477978 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:08.004551888 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:08.192114115 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:08.192176104 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:08.363884926 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:08.363955021 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:08.551419020 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:08.551502943 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:08.739103079 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:08.739217997 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:08.910882950 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:10.256918907 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:10.442203999 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:10.442270994 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:10.614861965 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:10.759208918 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:10.942121983 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:11.828551054 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:12.004636049 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:12.212902069 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:12.396878958 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:12.396949053 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:12.582631111 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:14.177146912 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:14.363816023 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:15.898067951 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:16.082717896 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:16.223676920 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:16.410676003 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:17.974139929 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:18.161725998 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:18.161817074 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:18.332967043 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:18.333102942 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:18.520087957 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:18.640908003 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:18.817101955 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:18.820411921 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:19.004673004 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:19.004862070 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:19.192217112 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:20.454087973 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:20.645214081 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:20.645315886 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:20.832679987 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:20.836316109 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:21.020637989 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:21.752238989 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:21.926907063 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:21.926970005 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:22.114916086 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:22.271348000 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:22.441943884 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:22.442017078 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:22.614319086 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:24.329168081 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:24.505160093 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:26.021569967 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:26.208205938 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:26.208276033 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:26.395251989 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:27.846236944 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:28.021136045 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:28.021223068 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:28.192121029 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:31.644562960 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:31.832672119 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:34.800715923 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:34.973165035 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:35.018474102 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:35.191915035 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:35.192374945 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:35.364149094 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:35.645539045 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:35.819998980 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:36.666362047 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:36.848155975 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:36.972507000 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:37.145056963 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:37.460513115 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:37.645153046 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:38.797178030 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:38.988928080 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:40.218708992 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:40.395217896 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:41.237528086 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:41.426501036 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:41.888345003 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:42.067537069 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:42.167112112 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:42.348387003 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:43.168507099 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:43.348165989 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:43.596781969 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:43.785746098 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:43.785832882 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:43.973588943 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:43.973659992 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:44.161211967 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:44.748397112 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:44.926485062 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:45.797997952 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:45.973336935 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:46.309406042 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:46.489001036 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:47.913162947 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:48.098617077 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:48.098690987 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:48.285764933 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:48.978677988 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:49.161068916 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:50.346853971 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:50.536135912 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:51.975138903 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:52.161295891 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:52.161361933 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:52.332761049 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:52.332823038 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:52.520334959 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:53.833204985 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:54.020425081 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:54.081299067 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:54.254570007 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:54.254746914 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:54.442323923 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:54.442492008 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:54.613888025 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:55.949276924 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:56.130048037 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:56.130165100 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:56.301542997 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:56.301655054 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:56.473432064 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:56.661339045 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:56.832741022 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:57.988142967 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:58.176429033 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:19:58.176491022 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:19:58.364068985 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:00.019517899 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:00.192184925 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:00.192250967 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:00.363919020 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:00.364041090 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:00.551774025 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:02.085442066 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:02.271425962 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:02.271502018 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:02.442337990 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:02.442584991 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:02.629473925 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:02.629661083 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:02.801439047 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:02.801625013 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:02.973896027 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:03.945537090 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:04.129456997 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:04.129519939 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:04.301619053 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:04.310877085 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:04.488991976 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:04.489059925 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:04.660737991 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:05.645692110 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:05.827352047 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:08.478580952 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:08.661266088 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:09.590753078 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:09.770138025 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:11.558480978 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:11.738873005 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:12.569920063 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:12.754762888 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:12.926145077 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:13.113981962 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:16.118155003 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:16.301554918 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:16.301624060 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:16.488945007 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:16.489013910 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:16.676451921 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:16.676512957 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:16.863986969 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:18.227391005 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:18.410789967 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:19.992727041 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:20.176495075 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:20.176575899 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:20.363930941 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:20.569514990 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:20.754931927 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:21.523435116 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:21.708318949 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:21.896764040 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:22.082699060 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:22.082762003 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:22.270387888 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:24.891172886 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:25.067152023 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:25.068345070 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:25.255108118 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:27.842871904 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:28.020236015 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:28.235987902 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:28.426672935 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:28.751168013 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:28.927113056 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:29.199836016 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:29.379448891 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:31.195509911 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:31.379769087 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:32.790719986 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:32.973417044 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:33.720197916 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:33.895430088 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:34.517623901 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:34.692065001 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:35.226557970 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:35.411115885 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:35.625349998 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:35.646087885 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:35.817312002 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:35.820075035 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:36.018524885 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:36.192195892 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:38.158585072 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:38.348233938 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:38.348285913 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:38.535923958 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:38.536091089 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:38.723309040 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:40.003401995 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:40.193722010 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:40.193783998 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:40.379576921 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:40.379652977 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:40.551919937 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:42.104847908 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:42.285984993 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:42.286055088 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:42.473450899 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:42.473565102 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Apr 18, 2024 21:20:42.660811901 CEST | 7000 | 49717 | 204.44.127.158 | 192.168.2.6 |
Apr 18, 2024 21:20:46.444855928 CEST | 49717 | 7000 | 192.168.2.6 | 204.44.127.158 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 21:16:44 |
Start date: | 18/04/2024 |
Path: | C:\Users\user\Desktop\hesaphareketi-01.pdf.SCR.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x4c0000 |
File size: | 132'096 bytes |
MD5 hash: | FB5090CA9F961F02946EF0D3D5B8646F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 21:16:44 |
Start date: | 18/04/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe20000 |
File size: | 65'440 bytes |
MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Target ID: | 14 |
Start time: | 21:20:42 |
Start date: | 18/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf10000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 8.1% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 41 |
Total number of Limit Nodes: | 6 |
Graph
Function 00C0A528 Relevance: 1.7, APIs: 1, Instructions: 193COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C0C9FC Relevance: 1.6, APIs: 1, Instructions: 65COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C0CE09 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C0A998 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C098B0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 074E0D58 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 074E1870 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 074E0D64 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 074E68BA Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C0A718 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 074E5554 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A6D4A0 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A7D01C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A6D49B Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A7D017 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C0F5B8 Relevance: .3, Instructions: 315COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C0CD3C Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C0F5A8 Relevance: .2, Instructions: 225COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F68FC0 Relevance: .7, Instructions: 694COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F653E8 Relevance: .3, Instructions: 281COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F65CB8 Relevance: .3, Instructions: 266COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F61B70 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F67C40 Relevance: 1.5, Strings: 1, Instructions: 223COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F62E18 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F69BCF Relevance: .4, Instructions: 393COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F653DC Relevance: .3, Instructions: 275COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F65CAD Relevance: .3, Instructions: 261COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F608D0 Relevance: .2, Instructions: 182COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F65A30 Relevance: .2, Instructions: 180COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F65A25 Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F62B91 Relevance: .2, Instructions: 177COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F62BA0 Relevance: .2, Instructions: 171COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F61917 Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F66878 Relevance: .1, Instructions: 143COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F67070 Relevance: .1, Instructions: 137COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F67064 Relevance: .1, Instructions: 125COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F62EF0 Relevance: .1, Instructions: 120COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F668FC Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F66574 Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F608BF Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F638FD Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F63908 Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F60A69 Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F66E8A Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F62200 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F61010 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F60EF8 Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F67F90 Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F61A80 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F69B28 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F67820 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F667D1 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F6099B Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F61370 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F62EE1 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F67848 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F679A2 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F612D5 Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F61780 Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F665A8 Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F61AC1 Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F679A8 Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F6790C Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F66750 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F618A8 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F61770 Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F61297 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F61AFE Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F618B8 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F68208 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F61660 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F68218 Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F681E1 Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F61B4B Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F61751 Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |