Windows Analysis Report calc.exe
Overview
General Information
Detection
Score: | 72 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_Encoded_Discord_Attachment_Oct21_1 | Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth |
|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_Encoded_Discord_Attachment_Oct21_1 | Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth |
| |
SUSP_Encoded_Discord_Attachment_Oct21_1 | Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth |
| |
SUSP_Encoded_Discord_Attachment_Oct21_1 | Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth |
| |
SUSP_Encoded_Discord_Attachment_Oct21_1 | Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth |
| |
SUSP_Encoded_Discord_Attachment_Oct21_1 | Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth |
| |
Click to see the 13 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_Encoded_Discord_Attachment_Oct21_1 | Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth |
| |
SUSP_Encoded_Discord_Attachment_Oct21_1 | Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth |
| |
SUSP_Encoded_Discord_Attachment_Oct21_1 | Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth |
| |
SUSP_Encoded_Discord_Attachment_Oct21_1 | Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth |
|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Antivirus / Scanner detection for submitted sample | Show sources |
Source: | Avira: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_0643A56C | |
Source: | Code function: | 0_2_0643B3C8 | |
Source: | Code function: | 0_2_07E6CB98 | |
Source: | Code function: | 0_2_07E64B20 |
Networking: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior |
Source: | JA3 fingerprint: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Binary or memory string: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process created: |
Source: | Code function: | 0_2_06437EC8 | |
Source: | Code function: | 0_2_0643A720 | |
Source: | Code function: | 0_2_0643BB50 | |
Source: | Code function: | 0_2_064381E0 | |
Source: | Code function: | 0_2_06439988 | |
Source: | Code function: | 0_2_06439EE0 | |
Source: | Code function: | 0_2_06436EE9 | |
Source: | Code function: | 0_2_06436EF8 | |
Source: | Code function: | 0_2_064337D8 | |
Source: | Code function: | 0_2_064364D8 | |
Source: | Code function: | 0_2_064364E0 | |
Source: | Code function: | 0_2_0643BB4F | |
Source: | Code function: | 0_2_06438B99 | |
Source: | Code function: | 0_2_06438BA8 | |
Source: | Code function: | 0_2_06432840 | |
Source: | Code function: | 0_2_06431010 | |
Source: | Code function: | 0_2_06431020 | |
Source: | Code function: | 0_2_064328D8 | |
Source: | Code function: | 0_2_064328B0 | |
Source: | Code function: | 0_2_0643997A | |
Source: | Code function: | 0_2_064331F0 | |
Source: | Code function: | 0_2_07950DA8 | |
Source: | Code function: | 0_2_0795DD78 | |
Source: | Code function: | 0_2_07955CD0 | |
Source: | Code function: | 0_2_0795AB58 | |
Source: | Code function: | 0_2_079579A0 | |
Source: | Code function: | 0_2_07953938 | |
Source: | Code function: | 0_2_0795BE58 | |
Source: | Code function: | 0_2_07950D99 | |
Source: | Code function: | 0_2_0795AB48 | |
Source: | Code function: | 0_2_07957990 | |
Source: | Code function: | 0_2_07E60EF0 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Joe Sandbox Cloud Basic: | Perma Link |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation: |
---|
.NET source code contains potential unpacker | Show sources |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_07957824 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Process Injection112 | Virtualization/Sandbox Evasion2 | Input Capture1 | System Time Discovery1 | Remote Services | Input Capture1 | Exfiltration Over Other Network Medium | Encrypted Channel11 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools11 | LSASS Memory | Security Software Discovery21 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Ingress Tool Transfer3 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection112 | Security Account Manager | Virtualization/Sandbox Evasion2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol3 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information1 | NTDS | Process Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol14 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing1 | LSA Secrets | Remote System Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Timestomp1 | Cached Domain Credentials | System Information Discovery12 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
54% | Virustotal | Browse | ||
12% | Metadefender | Browse | ||
27% | ReversingLabs | ByteCode-MSIL.Trojan.Heracles | ||
100% | Avira | TR/Dldr.Agent.gkrrf | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
cdn.discordapp.com | 162.159.129.233 | true | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
Contacted IPs |
---|
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 510683 |
Start date: | 28.10.2021 |
Start time: | 04:46:11 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 37s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | calc.exe |
Cookbook file name: | defaultwindowsfilecookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 21 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal72.evad.winEXE@6/7@1/2 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
04:47:43 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
162.159.129.233 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
cdn.discordapp.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.0687887641148668 |
Encrypted: | false |
SSDEEP: | 192:SKymqCKHBUZMXCaKNx1xV/u7sLS274ItShv:BymqXBUZMXCaubV/u7sLX4ItSh |
MD5: | F245D44CC82F545DC6E484C06F40B920 |
SHA1: | F2B2E22600DFBA8563B3716E23E60E683891158F |
SHA-256: | CE3FF27C0287A6E3B4CDAB1B9515691D37C0EF622313FD82075C4C3EAEBBC10C |
SHA-512: | C94AAF713C82218F06045FF40B7F325C9A118FCFB6C9C2B0E1E3F40C5FCA8324E6CF18EAB1F40A6E0633E5350551DFEDA65B5CAC9AB01C3852FF6AE8BE0F51AE |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 261562 |
Entropy (8bit): | 2.696630646336104 |
Encrypted: | false |
SSDEEP: | 1536:3lqS02xnBMxTX/U6yovATLGNHHCTDX5o1zzT6xE8b3Sbv5+tBG:HnxnBM5vU6yovQLGmDXytTWEgSbv5 |
MD5: | 98D5FA5E6A8954E864AE02B3504DB291 |
SHA1: | C7704D77FCC7F9B33B6E613540F4C4AE939C3C9A |
SHA-256: | AF5921F07E715D12C6B7CBB727D0D0D79DBC498B07C2B036E39E92F107D37CEA |
SHA-512: | 661DEFADA83D2FD7452A43DCB878204E27D5EE8FC31D9C5F7E78AE717A8B99A922FE6CBA29FE6DD4A65022328E7634F12329DF83C5438EE63E3E3D4A3211F473 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8370 |
Entropy (8bit): | 3.6919000940977016 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNi4i6H6YFASUaxgmfZ/S9csCprLQ89bhysfnLm:RrlsNiF6H6YCSUaxgmfhS+/thxfi |
MD5: | F9DA24943765B4983D016EFEBD1DE0B4 |
SHA1: | 2D958CB73FB2DA4B72597856B1B873B003F3C267 |
SHA-256: | 34FE316FE4C82EAA7DF463D8BBEDF39D229AB8BFF23966D69D51F3DF864FD31E |
SHA-512: | ECBA2C8D49A4BF491537FEE14EF23444665007AED1E2677166514E64CADAC07CE0BB4FD342468D4A19D58A38B571A7CA22DA4A61DC158902BD256981EB9EC752 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4701 |
Entropy (8bit): | 4.436262039712038 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsytJgtWI9TjWSC8BnwAb8fm8M4JPNfFg+q8vONqz59hIyjd:uITfyHwSSNKvJPQKOcz59hIyjd |
MD5: | 9DB39AE73B7D1BB792E2CF4B5CB5D7C4 |
SHA1: | E482B880DB6D1036C5319C3A9D6D53DFADF2E284 |
SHA-256: | 976605A6B86B34AFB8E27477570C0D27D738FDC3594E6C2695DBB745559CF15D |
SHA-512: | B281C2A59D9F6CFAB7E3A4B5EBB836733FACABB7B180E1643A3F8428666626EF4D47F6B1E306A1EFAA3C913903499549B08AEF1A957C725EC69E5325AB6D45EA |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1572864 |
Entropy (8bit): | 4.276362519980729 |
Encrypted: | false |
SSDEEP: | 12288:tHDdqqwF9Jexk9Otx+tFDGM/vZXqRtPcASDXFIYayNX3uUQFpjYo/rO:hDdqqwF9Jexk9Oc6 |
MD5: | 182449C5F258C42DA5001BCC9AB94805 |
SHA1: | 73C00A7372A320893AD74BFD831AC8E6ACEF9E23 |
SHA-256: | 02746EF9BF8DF9A436C8CA45EC344BAB17EEFF35685316435AB7257B26C42F07 |
SHA-512: | 86E18C03312C9BE16A802ECA6146F92CC7CD0F8AEE0776FA644CD26DDB537C793FFE305A0A1E5368A4996F04D34295545C2C624AD25E993819747CA4D0A84DBB |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 45056 |
Entropy (8bit): | 4.2449494086132455 |
Encrypted: | false |
SSDEEP: | 768:iyXdC9MwqhSr1C/ZjytcNcaftx1IJ4XNFFm7aBqX3eq5QMVyi6aH4LX0uzY9Bc9v:dfSgTeW/CRapOO |
MD5: | 8D077D354AF18790A0DCEB404ED6CA24 |
SHA1: | 61B93D1F3247659D4C468099276D2510A9870C3F |
SHA-256: | 4B8DDD5AB67C2126666BE9D404FE798E39B1DFD82CE36199D474880C75C5B3F5 |
SHA-512: | 54BA136949ECB458436D00361CA2E716FE437E35832100769BD40208C6C7DA2B6E6681209C1A833967CE4597B2E84ED5BD399DD834DD52000A2ECB37CFDA25EE |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\calc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 535 |
Entropy (8bit): | 4.840369443408386 |
Encrypted: | false |
SSDEEP: | 12:3EU6cTmDslPWUl8/2RdEB2XoQ/j1NiYiiZQhSe:0KIWPWUy/2dEB24abfe |
MD5: | 603AE28A4C3B3266A3A66CBEB32ADEAC |
SHA1: | DA261060E90CB51C90FC6E004433558F776B3A91 |
SHA-256: | 3746AD9375DC9DB19B934CBE8C4034091221508770A5854FDBFFADB4348E19FB |
SHA-512: | 37A4CBC5F6065F7ACAF92C928B0D45E74FA38018CEEAB20B1F1D608130EF1F030974A0DE0A4846ECB5732DB8799B86D4CA2F23F97B3E46B6A71F7CBC9ADE5630 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 4.465233635365889 |
TrID: |
|
File name: | calc.exe |
File size: | 192000 |
MD5: | ce76ae9d476b9c0daa25daf4c6dd4909 |
SHA1: | f574aa3bbe554363a6f6d1d648c31505bf92bfe5 |
SHA256: | 05f3ac7f197b690f306c521b658c935fbf057d737ad6791cee6e2553b87d090b |
SHA512: | b1537873ddbb5a3040220afdcf2159dc805602e7971af04bbb8a9115f771ca0c20dd06ab006aebf9def42cc38763fb5f9920b41011a8ba9ef3471f40eca4fa93 |
SSDEEP: | 768:nJR9+3IvJOAHPv9fJLyhmqGdGgEVXxHtzjSjwoGHHHHHHHHHHHHvHLbchqTWyy65:nJNvTHL4mqGzEBxRjS0oP+qO/M6QO |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0&6..........."...0..............:... ...@....@.. .......................@............`................................ |
File Icon |
---|
Icon Hash: | 70848a8c8c8ac010 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x403aaa |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA |
Time Stamp: | 0xFB362630 [Mon Jul 23 10:32:16 2103 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v4.0.30319 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Entrypoint Preview |
---|
Instruction |
---|
jmp dword ptr [00402000h] |
inc esi |
jne 00007F0BB0BAE4B5h |
imul ecx, dword ptr [ebp+69h], 63h |
jc 00007F0BB0BAE4C1h |
jnc 00007F0BB0BAE4C1h |
je 0000E484h |
xor dh, byte ptr [ebx] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x3a58 | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x4000 | 0x2cdf4 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x32000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x3998 | 0x38 | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x1ac0 | 0x1c00 | False | 0.518136160714 | PGP symmetric key encrypted data - Plaintext or unencrypted data | 5.23611813378 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rsrc | 0x4000 | 0x2cdf4 | 0x2ce00 | False | 0.165226758357 | data | 4.36692229858 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x32000 | 0xc | 0x200 | False | 0.044921875 | data | 0.0815394123432 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x4220 | 0x336b | PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced | ||
RT_ICON | 0x759c | 0x19f9 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | ||
RT_ICON | 0x8fa8 | 0x10828 | dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0 | ||
RT_ICON | 0x197e0 | 0x94a8 | data | ||
RT_ICON | 0x22c98 | 0x5488 | data | ||
RT_ICON | 0x28130 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4177526783, next used block 4294967047 | ||
RT_ICON | 0x2c368 | 0x25a8 | data | ||
RT_ICON | 0x2e920 | 0x10a8 | data | ||
RT_ICON | 0x2f9d8 | 0x988 | data | ||
RT_ICON | 0x30370 | 0x468 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x307e8 | 0x92 | data | ||
RT_VERSION | 0x3088c | 0x368 | data | ||
RT_MANIFEST | 0x30c04 | 0x1ea | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
Imports |
---|
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
LegalCopyright | Copyright 2021 |
Assembly Version | 15.10.2.1 |
InternalName | calc.exe |
FileVersion | 15.10.2.1 |
CompanyName | RepreIP |
LegalTrademarks | SDK9OPS2 |
Comments | DK5 Forensics tool and updater |
ProductName | SDK9OPS |
ProductVersion | 15.10.2.1 |
FileDescription | RepreIP |
OriginalFilename | calc.exe |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 28, 2021 04:47:21.179862976 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:21.179913998 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:21.180020094 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:21.550734043 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:21.550770998 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:21.604721069 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:21.604815006 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:21.623693943 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:21.623720884 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:21.624111891 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:21.666807890 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.238240957 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.280900955 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.669881105 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.669970989 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.670011044 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.670049906 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.670063019 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.670089006 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.670104980 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.670108080 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.670147896 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.670166969 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.670454979 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.670511007 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.670520067 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.670550108 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.670586109 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.670593023 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.670607090 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.670658112 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.671241045 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.671410084 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.671446085 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.671471119 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.671489000 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.671530008 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.672061920 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.672152996 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.672198057 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.672240973 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.672264099 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.672318935 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.672907114 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.672974110 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.673006058 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.673031092 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.673053026 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.673099041 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.673628092 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.673718929 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.673754930 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.673779964 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.673800945 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.673847914 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.674407005 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.686944962 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.687005997 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.687041044 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.687057972 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.687088013 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.687114000 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.687242985 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.687283993 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.687309027 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.687329054 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.687371016 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.688016891 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.688092947 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.688106060 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.688170910 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.688194036 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.688246012 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.688770056 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.689385891 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.689511061 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.689536095 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.690206051 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.690272093 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.690309048 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.690318108 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.690350056 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.690982103 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.691030025 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.691073895 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.691101074 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.691131115 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.691766024 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.691853046 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.691874981 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.691927910 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.692559958 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.692646027 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.693361998 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.693408012 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.693439960 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.693460941 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.693509102 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.694142103 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.694205046 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.704010010 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.704078913 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.704133034 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.704159021 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.704176903 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.704447985 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.704509020 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.704519033 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.704567909 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.705744028 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.705802917 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.705965996 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.706101894 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.706171989 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.706238985 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.706372976 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.706423044 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.706429958 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.706502914 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.706511021 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.706542969 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.707185984 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.707375050 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.707911015 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.708019018 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.742775917 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.742805958 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.742894888 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.850930929 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.850950956 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.850961924 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.850966930 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.851052046 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.851059914 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.851073980 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.851082087 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.851170063 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.851178885 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.851222992 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.851267099 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.890189886 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.890223980 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.890291929 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.891396999 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.891424894 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.891443968 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.891453028 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.891625881 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.891642094 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.891658068 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.891726017 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.909018993 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.909038067 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.909137964 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.910362959 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.910378933 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.910392046 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.910397053 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.910478115 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.910485029 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.910578012 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.927069902 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.927099943 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.927198887 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.929430962 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.929455042 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.929472923 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.929478884 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.929600000 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.929611921 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.929685116 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.941396952 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.941421032 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.941520929 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.942640066 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.942663908 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.942682028 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.942687988 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.942805052 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.942815065 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.942914009 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.951291084 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.951316118 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.951404095 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.952764988 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.952779055 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.952802896 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.952812910 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.952927113 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.952934027 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.953001022 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.960812092 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.960834980 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.960923910 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.961910963 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.961925030 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.961941004 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.961951017 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.962074995 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.962084055 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.962142944 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.969628096 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.969666004 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.969790936 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.971935034 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.971968889 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.971992016 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.972006083 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.972084999 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.972194910 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.979055882 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.979090929 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.979190111 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.981776953 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.981812954 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.981834888 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.981880903 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.981990099 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.982090950 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.988820076 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.988876104 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.989062071 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.991231918 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.991255999 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.991276026 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.991288900 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.991455078 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.991538048 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.998929024 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:22.998953104 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:22.999099970 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:23.001267910 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:23.001296043 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:23.001316071 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:23.001327991 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:23.001441956 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:23.001523018 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:23.008316994 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:23.008358002 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:23.008573055 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:23.011166096 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:23.011188984 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:23.011204958 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:23.011215925 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:23.011307001 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:23.011365891 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:23.018582106 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:23.018618107 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:23.018752098 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:23.020900965 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:23.020925045 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:23.020950079 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:23.020961046 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:23.021063089 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:23.021174908 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:23.028539896 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:23.028565884 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:23.028693914 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:23.031456947 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:23.031471014 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:23.031483889 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:23.031491995 CEST | 443 | 49706 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:23.031579971 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:23.031636000 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:23.038551092 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:23.040967941 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:23.243086100 CEST | 49706 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:25.203448057 CEST | 49707 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:25.203486919 CEST | 443 | 49707 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:25.203583002 CEST | 49707 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:25.210303068 CEST | 49707 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:25.210329056 CEST | 443 | 49707 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:25.248603106 CEST | 443 | 49707 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:25.280934095 CEST | 49707 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:25.324879885 CEST | 443 | 49707 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:25.437561035 CEST | 443 | 49707 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:25.437721014 CEST | 443 | 49707 | 162.159.129.233 | 192.168.2.3 |
Oct 28, 2021 04:47:25.437815905 CEST | 49707 | 443 | 192.168.2.3 | 162.159.129.233 |
Oct 28, 2021 04:47:25.474730968 CEST | 49707 | 443 | 192.168.2.3 | 162.159.129.233 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 28, 2021 04:47:21.000319958 CEST | 57459 | 53 | 192.168.2.3 | 8.8.8.8 |
Oct 28, 2021 04:47:21.024463892 CEST | 53 | 57459 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Oct 28, 2021 04:47:21.000319958 CEST | 192.168.2.3 | 8.8.8.8 | 0x9bb2 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Oct 28, 2021 04:47:21.024463892 CEST | 8.8.8.8 | 192.168.2.3 | 0x9bb2 | No error (0) | 162.159.129.233 | A (IP address) | IN (0x0001) | ||
Oct 28, 2021 04:47:21.024463892 CEST | 8.8.8.8 | 192.168.2.3 | 0x9bb2 | No error (0) | 162.159.133.233 | A (IP address) | IN (0x0001) | ||
Oct 28, 2021 04:47:21.024463892 CEST | 8.8.8.8 | 192.168.2.3 | 0x9bb2 | No error (0) | 162.159.135.233 | A (IP address) | IN (0x0001) | ||
Oct 28, 2021 04:47:21.024463892 CEST | 8.8.8.8 | 192.168.2.3 | 0x9bb2 | No error (0) | 162.159.134.233 | A (IP address) | IN (0x0001) | ||
Oct 28, 2021 04:47:21.024463892 CEST | 8.8.8.8 | 192.168.2.3 | 0x9bb2 | No error (0) | 162.159.130.233 | A (IP address) | IN (0x0001) | ||
Oct 28, 2021 04:47:42.480710030 CEST | 8.8.8.8 | 192.168.2.3 | 0xbf23 | No error (0) | www.tm.a.prd.aadg.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49706 | 162.159.129.233 | 443 | C:\Users\user\Desktop\calc.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-28 02:47:22 UTC | 0 | OUT | |
2021-10-28 02:47:22 UTC | 0 | IN | |
2021-10-28 02:47:22 UTC | 1 | IN | |
2021-10-28 02:47:22 UTC | 1 | IN | |
2021-10-28 02:47:22 UTC | 2 | IN | |
2021-10-28 02:47:22 UTC | 4 | IN | |
2021-10-28 02:47:22 UTC | 5 | IN | |
2021-10-28 02:47:22 UTC | 6 | IN | |
2021-10-28 02:47:22 UTC | 8 | IN | |
2021-10-28 02:47:22 UTC | 9 | IN | |
2021-10-28 02:47:22 UTC | 10 | IN | |
2021-10-28 02:47:22 UTC | 12 | IN | |
2021-10-28 02:47:22 UTC | 13 | IN | |
2021-10-28 02:47:22 UTC | 14 | IN | |
2021-10-28 02:47:22 UTC | 16 | IN | |
2021-10-28 02:47:22 UTC | 17 | IN | |
2021-10-28 02:47:22 UTC | 18 | IN | |
2021-10-28 02:47:22 UTC | 20 | IN | |
2021-10-28 02:47:22 UTC | 21 | IN | |
2021-10-28 02:47:22 UTC | 22 | IN | |
2021-10-28 02:47:22 UTC | 24 | IN | |
2021-10-28 02:47:22 UTC | 25 | IN | |
2021-10-28 02:47:22 UTC | 26 | IN | |
2021-10-28 02:47:22 UTC | 28 | IN | |
2021-10-28 02:47:22 UTC | 29 | IN | |
2021-10-28 02:47:22 UTC | 30 | IN | |
2021-10-28 02:47:22 UTC | 32 | IN | |
2021-10-28 02:47:22 UTC | 33 | IN | |
2021-10-28 02:47:22 UTC | 34 | IN | |
2021-10-28 02:47:22 UTC | 36 | IN | |
2021-10-28 02:47:22 UTC | 37 | IN | |
2021-10-28 02:47:22 UTC | 38 | IN | |
2021-10-28 02:47:22 UTC | 40 | IN | |
2021-10-28 02:47:22 UTC | 41 | IN | |
2021-10-28 02:47:22 UTC | 42 | IN | |
2021-10-28 02:47:22 UTC | 44 | IN | |
2021-10-28 02:47:22 UTC | 45 | IN | |
2021-10-28 02:47:22 UTC | 46 | IN | |
2021-10-28 02:47:22 UTC | 48 | IN | |
2021-10-28 02:47:22 UTC | 49 | IN | |
2021-10-28 02:47:22 UTC | 50 | IN | |
2021-10-28 02:47:22 UTC | 52 | IN | |
2021-10-28 02:47:22 UTC | 53 | IN | |
2021-10-28 02:47:22 UTC | 54 | IN | |
2021-10-28 02:47:22 UTC | 58 | IN | |
2021-10-28 02:47:22 UTC | 63 | IN | |
2021-10-28 02:47:22 UTC | 64 | IN | |
2021-10-28 02:47:22 UTC | 68 | IN | |
2021-10-28 02:47:22 UTC | 72 | IN | |
2021-10-28 02:47:22 UTC | 76 | IN | |
2021-10-28 02:47:22 UTC | 80 | IN | |
2021-10-28 02:47:22 UTC | 84 | IN | |
2021-10-28 02:47:22 UTC | 87 | IN | |
2021-10-28 02:47:22 UTC | 91 | IN | |
2021-10-28 02:47:22 UTC | 95 | IN | |
2021-10-28 02:47:22 UTC | 99 | IN | |
2021-10-28 02:47:22 UTC | 103 | IN | |
2021-10-28 02:47:22 UTC | 107 | IN | |
2021-10-28 02:47:22 UTC | 111 | IN | |
2021-10-28 02:47:22 UTC | 115 | IN | |
2021-10-28 02:47:22 UTC | 119 | IN | |
2021-10-28 02:47:22 UTC | 123 | IN | |
2021-10-28 02:47:22 UTC | 127 | IN | |
2021-10-28 02:47:22 UTC | 131 | IN | |
2021-10-28 02:47:22 UTC | 135 | IN | |
2021-10-28 02:47:22 UTC | 139 | IN | |
2021-10-28 02:47:22 UTC | 143 | IN | |
2021-10-28 02:47:22 UTC | 147 | IN | |
2021-10-28 02:47:22 UTC | 151 | IN | |
2021-10-28 02:47:22 UTC | 155 | IN | |
2021-10-28 02:47:22 UTC | 159 | IN | |
2021-10-28 02:47:22 UTC | 163 | IN | |
2021-10-28 02:47:22 UTC | 167 | IN | |
2021-10-28 02:47:22 UTC | 171 | IN | |
2021-10-28 02:47:22 UTC | 175 | IN | |
2021-10-28 02:47:22 UTC | 179 | IN | |
2021-10-28 02:47:22 UTC | 183 | IN | |
2021-10-28 02:47:22 UTC | 187 | IN | |
2021-10-28 02:47:22 UTC | 191 | IN | |
2021-10-28 02:47:22 UTC | 195 | IN | |
2021-10-28 02:47:22 UTC | 199 | IN | |
2021-10-28 02:47:22 UTC | 203 | IN | |
2021-10-28 02:47:22 UTC | 207 | IN | |
2021-10-28 02:47:22 UTC | 211 | IN | |
2021-10-28 02:47:22 UTC | 227 | IN | |
2021-10-28 02:47:22 UTC | 231 | IN | |
2021-10-28 02:47:22 UTC | 247 | IN | |
2021-10-28 02:47:22 UTC | 263 | IN | |
2021-10-28 02:47:22 UTC | 279 | IN | |
2021-10-28 02:47:22 UTC | 295 | IN | |
2021-10-28 02:47:22 UTC | 311 | IN | |
2021-10-28 02:47:22 UTC | 327 | IN | |
2021-10-28 02:47:22 UTC | 343 | IN | |
2021-10-28 02:47:22 UTC | 359 | IN | |
2021-10-28 02:47:22 UTC | 375 | IN | |
2021-10-28 02:47:22 UTC | 391 | IN | |
2021-10-28 02:47:22 UTC | 407 | IN | |
2021-10-28 02:47:22 UTC | 423 | IN | |
2021-10-28 02:47:22 UTC | 439 | IN | |
2021-10-28 02:47:22 UTC | 455 | IN | |
2021-10-28 02:47:22 UTC | 471 | IN | |
2021-10-28 02:47:22 UTC | 487 | IN | |
2021-10-28 02:47:22 UTC | 503 | IN | |
2021-10-28 02:47:22 UTC | 519 | IN | |
2021-10-28 02:47:22 UTC | 535 | IN | |
2021-10-28 02:47:22 UTC | 551 | IN | |
2021-10-28 02:47:22 UTC | 567 | IN | |
2021-10-28 02:47:22 UTC | 583 | IN | |
2021-10-28 02:47:22 UTC | 599 | IN | |
2021-10-28 02:47:22 UTC | 615 | IN | |
2021-10-28 02:47:22 UTC | 631 | IN | |
2021-10-28 02:47:22 UTC | 647 | IN | |
2021-10-28 02:47:22 UTC | 663 | IN | |
2021-10-28 02:47:22 UTC | 679 | IN | |
2021-10-28 02:47:22 UTC | 691 | IN | |
2021-10-28 02:47:22 UTC | 707 | IN | |
2021-10-28 02:47:22 UTC | 723 | IN | |
2021-10-28 02:47:22 UTC | 739 | IN | |
2021-10-28 02:47:22 UTC | 755 | IN | |
2021-10-28 02:47:22 UTC | 771 | IN | |
2021-10-28 02:47:22 UTC | 787 | IN | |
2021-10-28 02:47:22 UTC | 803 | IN | |
2021-10-28 02:47:22 UTC | 819 | IN | |
2021-10-28 02:47:22 UTC | 835 | IN | |
2021-10-28 02:47:22 UTC | 851 | IN | |
2021-10-28 02:47:22 UTC | 867 | IN | |
2021-10-28 02:47:22 UTC | 883 | IN | |
2021-10-28 02:47:22 UTC | 899 | IN | |
2021-10-28 02:47:22 UTC | 915 | IN | |
2021-10-28 02:47:22 UTC | 931 | IN | |
2021-10-28 02:47:22 UTC | 947 | IN | |
2021-10-28 02:47:22 UTC | 963 | IN | |
2021-10-28 02:47:22 UTC | 979 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.3 | 49707 | 162.159.129.233 | 443 | C:\Users\user\Desktop\calc.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-28 02:47:25 UTC | 994 | OUT | |
2021-10-28 02:47:25 UTC | 994 | IN | |
2021-10-28 02:47:25 UTC | 995 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 04:47:15 |
Start date: | 28/10/2021 |
Path: | C:\Users\user\Desktop\calc.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xaa0000 |
File size: | 192000 bytes |
MD5 hash: | CE76AE9D476B9C0DAA25DAF4C6DD4909 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 04:47:15 |
Start date: | 28/10/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f20f0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 04:47:35 |
Start date: | 28/10/2021 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1130000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 04:47:37 |
Start date: | 28/10/2021 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1130000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage: | 16.4% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 18.8% |
Total number of Nodes: | 96 |
Total number of Limit Nodes: | 2 |
Graph
Executed Functions |
---|
Function 064381E0, Relevance: 14.1, Strings: 11, Instructions: 314COMMON
Control-flow Graph |
---|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07E64B20, Relevance: 1.8, APIs: 1, Instructions: 289COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07957824, Relevance: 1.6, APIs: 1, Instructions: 114timeCOMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06439988, Relevance: 1.5, Strings: 1, Instructions: 298COMMON
Control-flow Graph |
---|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 079579A0, Relevance: 1.5, Strings: 1, Instructions: 294COMMON
Control-flow Graph |
---|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643997A, Relevance: 1.5, Strings: 1, Instructions: 265COMMON
Control-flow Graph |
---|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06437EC8, Relevance: 1.4, Strings: 1, Instructions: 186COMMON
Control-flow Graph |
---|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07955CD0, Relevance: .4, Instructions: 376COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643BB50, Relevance: .3, Instructions: 283COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643A720, Relevance: .3, Instructions: 273COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07950DA8, Relevance: .3, Instructions: 267COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0795DD78, Relevance: .3, Instructions: 262COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0795AB58, Relevance: .2, Instructions: 239COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07953938, Relevance: .2, Instructions: 224COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0795AB48, Relevance: .2, Instructions: 221COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07E60EF0, Relevance: .2, Instructions: 212COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07950D99, Relevance: .2, Instructions: 177COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 07957990, Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0795D4EE, Relevance: 1.7, APIs: 1, Instructions: 158timeCOMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06438AB8, Relevance: 1.3, Strings: 1, Instructions: 72COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06438AC8, Relevance: 1.3, Strings: 1, Instructions: 67COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643EE98, Relevance: .3, Instructions: 319COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643D508, Relevance: .3, Instructions: 317COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643EE89, Relevance: .3, Instructions: 296COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643B5C0, Relevance: .2, Instructions: 207COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06436C38, Relevance: .2, Instructions: 203COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06436C28, Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643B5B0, Relevance: .2, Instructions: 177COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06435068, Relevance: .2, Instructions: 152COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064343C0, Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643AB89, Relevance: .1, Instructions: 135COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643FC78, Relevance: .1, Instructions: 125COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643CC20, Relevance: .1, Instructions: 121COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643CC30, Relevance: .1, Instructions: 114COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643ABE0, Relevance: .1, Instructions: 111COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643C4F0, Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643ABF0, Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06436298, Relevance: .1, Instructions: 96COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06435A80, Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064362A8, Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643AD28, Relevance: .1, Instructions: 91COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06435A90, Relevance: .1, Instructions: 88COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064363D0, Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06437CB8, Relevance: .1, Instructions: 83COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06437CC8, Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643FC69, Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064363E0, Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0116D214, Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0116D4DC, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643CE00, Relevance: .1, Instructions: 74COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643C4E0, Relevance: .1, Instructions: 71COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643CDF0, Relevance: .1, Instructions: 71COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BD01C, Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643C357, Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06437BC0, Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0116D058, Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06434340, Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013BD006, Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643C368, Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06437BD0, Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0116D20F, Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0116D4D7, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064340F8, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064385D0, Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064340E8, Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0116D053, Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06434F5F, Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06433FE0, Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064385E0, Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643DF68, Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06433FF0, Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06438A30, Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06434F70, Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643DF78, Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643FB98, Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06434078, Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643BEC0, Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643FBA8, Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643FC08, Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06434088, Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643BED0, Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06434350, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643FC18, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 06438BA8, Relevance: 5.4, Strings: 4, Instructions: 376COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06438B99, Relevance: 5.2, Strings: 4, Instructions: 196COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06436EF8, Relevance: .8, Instructions: 819COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064364E0, Relevance: .5, Instructions: 519COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064337D8, Relevance: .4, Instructions: 382COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064328D8, Relevance: .4, Instructions: 363COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064331F0, Relevance: .4, Instructions: 363COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064364D8, Relevance: .3, Instructions: 272COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06436EE9, Relevance: .3, Instructions: 262COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06431020, Relevance: .2, Instructions: 231COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0795BE58, Relevance: .1, Instructions: 144COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06432840, Relevance: .1, Instructions: 124COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06431010, Relevance: .1, Instructions: 120COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064328B0, Relevance: .1, Instructions: 109COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06439EE0, Relevance: .1, Instructions: 106COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643B3C8, Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643A56C, Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0643BB4F, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |