Windows Analysis Report calc.exe
Overview
General Information
Detection
Score: | 80 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_Encoded_Discord_Attachment_Oct21_1 | Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth |
|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_Encoded_Discord_Attachment_Oct21_1 | Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth |
| |
SUSP_Encoded_Discord_Attachment_Oct21_1 | Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth |
| |
SUSP_Encoded_Discord_Attachment_Oct21_1 | Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth |
| |
SUSP_Encoded_Discord_Attachment_Oct21_1 | Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth |
| |
SUSP_Encoded_Discord_Attachment_Oct21_1 | Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth |
| |
Click to see the 8 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_Encoded_Discord_Attachment_Oct21_1 | Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth |
| |
SUSP_Encoded_Discord_Attachment_Oct21_1 | Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth |
| |
SUSP_Encoded_Discord_Attachment_Oct21_1 | Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth |
| |
SUSP_Encoded_Discord_Attachment_Oct21_1 | Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth |
|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Antivirus / Scanner detection for submitted sample | Show sources |
Source: | Avira: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Networking: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | JA3 fingerprint: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
System Summary: |
---|
Found detection on Joe Sandbox Cloud Basic with higher score | Show sources |
Source: | Joe Sandbox Cloud Basic: | Perma Link |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process created: |
Source: | Static PE information: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation: |
---|
.NET source code contains potential unpacker | Show sources |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Static PE information: |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Last function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Process Injection12 | Virtualization/Sandbox Evasion1 | OS Credential Dumping | Query Registry1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools1 | LSASS Memory | Security Software Discovery21 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Ingress Tool Transfer3 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection12 | Security Account Manager | Virtualization/Sandbox Evasion1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol3 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Software Packing1 | NTDS | Process Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol14 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Timestomp1 | LSA Secrets | Remote System Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | System Information Discovery12 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
54% | Virustotal | Browse | ||
12% | Metadefender | Browse | ||
27% | ReversingLabs | ByteCode-MSIL.Trojan.Heracles | ||
100% | Avira | TR/Dldr.Agent.gkrrf | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
cdn.discordapp.com | 162.159.135.233 | true | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
Contacted IPs |
---|
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 510683 |
Start date: | 28.10.2021 |
Start time: | 04:55:03 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 51s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | calc.exe |
Cookbook file name: | defaultwindowsfilecookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Run name: | Without Tracing |
Number of analysed new started processes analysed: | 26 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal80.evad.winEXE@3/7@1/2 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
04:56:24 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
162.159.135.233 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
cdn.discordapp.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.1474137951894232 |
Encrypted: | false |
SSDEEP: | 192:xjFcoHBUZMXyaKsUAeZg/u7szS274ItOh:FFbBUZMXyalmg/u7szX4ItOh |
MD5: | E3079ED555F8784B1284D8F81FEC9B71 |
SHA1: | FC6ACCFA617583415F5958049D09441AA7452585 |
SHA-256: | 941B2A5E239EB42808412C345DB264A65B29CF52FAF0DBD072306A69D8028FA3 |
SHA-512: | EA3A830960A6ADB86A1CAFCDF9D2F57E984FC9EB9C5B53526450477AE48F11BA04E1C2F6228B69121ABC4AE7824B89361AC0B82ABD0BA722CDE82296E9E3949C |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 254011 |
Entropy (8bit): | 3.814697195905774 |
Encrypted: | false |
SSDEEP: | 3072:paoIpOFK0J9gIOgF5ckU0bUCgUplxWnhN51sfjd+pdjgbJLO:pa70J9RpDckU0TjEhp61 |
MD5: | B93804DE4258B1105B8090352B846E2E |
SHA1: | BEEA675AD292DFEB8A6FB47DE64222EF9607DFE7 |
SHA-256: | 3F6B581CB6C062B6EC657CB971B63B5AF381035AF3B60F231F17579B76A06B01 |
SHA-512: | 054991F34A5C3DAB1A352515384DCC3E738F3BF6875BC592389CC4FF04AD2235A391250F13658401BF79BA6F5E8858570A5BD32CD65555CDFA684A5331CE6820 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8364 |
Entropy (8bit): | 3.691637181662257 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNi4a6lObZ6YIxSUy4WgmfZlSwCprT89b+sysf1Km:RrlsNit6I6YeSUyxgmfbSM+6fJ |
MD5: | 8EF2457FBD84949C70B2EEC51F59391B |
SHA1: | 466DE618B6FBEB213AE7D7186DC3C2E63D861258 |
SHA-256: | 2534645C37D6CDF3E238408F48833C98E5CB63532062E4D7EEB9A4D992A6A586 |
SHA-512: | 4C98168125A5B504E50399E423FCEDD9CAAEC093AE4CEC1597BD3835BC0185C37C24BD10502BB2825B5DE9D8AD8C819303825DFB615D27F9092C709E31041516 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4701 |
Entropy (8bit): | 4.435584303749706 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zslJgtWI9/3WSC8BD8fm8M4JPNJFvb+q8vONdz59hIrd:uITf/YGSNiJPRbKOfz59hIrd |
MD5: | E10D27EAC2005BF7AFF83798F490811E |
SHA1: | 2CA257C71C3C9507271B478F68A6DEAC0FDB5E8D |
SHA-256: | 0A7A306E54A36B75D0A35D4F6DB91DB80B8EE7FCDDCB83623741913BE16D8E0A |
SHA-512: | 6DB022BF74F9F19E8C6AF18CFB90923055298EF4DFA671D9F3E3C6935E8B3272F3F4BF6D08D036DDB02199FB5FDBE59694FF40194FF28004C19A0768296F5AC4 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1572864 |
Entropy (8bit): | 4.268369717589601 |
Encrypted: | false |
SSDEEP: | 12288:YHlkj4KQWMEtWUipWroyKRPRAOfC/dSwwO/xjOloiZPNsI9Ev0DNiDpl8:4lkj4KQWMEtWUipQ4fOl |
MD5: | 56751A5793A0EDDD76004DD711F78521 |
SHA1: | 5B5C5E235E5602FCEFDCB5954B76B16268E60EF6 |
SHA-256: | 5BC3D1CA8FBB47D2D91584E9E88895CF3DDEDA00BE0C68A809144B4470D61FE5 |
SHA-512: | 199734E6DA386B518ABFC091DB082E00D3FD636FB166537BFDDDA0757387E18B35D5D217B2CC57D3B3514933FC67517993404228794A73169F794F163CAB8DF1 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 28672 |
Entropy (8bit): | 3.8933024346229366 |
Encrypted: | false |
SSDEEP: | 768:x9gc0ePkpr2VXpaMpcgf2o3xwpLWmGznT7HN5Gdc4:Tg1d2VZa8nDWW+ |
MD5: | 25A44F9B6103D16CB905D821430BB344 |
SHA1: | DDAAD1AF35717569D3FE3C4E618FB7F5883FD988 |
SHA-256: | 23D13B8CAD35DD4EBA460F8673DC58F0842880C7109700128DE50DD40008D836 |
SHA-512: | 062BEA84D01B503CE9143DE4F970015CF35A1A7B546D86D6126B4B936899BE06EEB0A3628DEB422830FC13C2287846F0976BE7A4CAF00E58694A724226764034 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\calc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 535 |
Entropy (8bit): | 4.840369443408386 |
Encrypted: | false |
SSDEEP: | 12:3EU6cTmDslPWUl8/2RdEB2XoQ/j1NiYiiZQhSe:0KIWPWUy/2dEB24abfe |
MD5: | 603AE28A4C3B3266A3A66CBEB32ADEAC |
SHA1: | DA261060E90CB51C90FC6E004433558F776B3A91 |
SHA-256: | 3746AD9375DC9DB19B934CBE8C4034091221508770A5854FDBFFADB4348E19FB |
SHA-512: | 37A4CBC5F6065F7ACAF92C928B0D45E74FA38018CEEAB20B1F1D608130EF1F030974A0DE0A4846ECB5732DB8799B86D4CA2F23F97B3E46B6A71F7CBC9ADE5630 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 4.465233635365889 |
TrID: |
|
File name: | calc.exe |
File size: | 192000 |
MD5: | ce76ae9d476b9c0daa25daf4c6dd4909 |
SHA1: | f574aa3bbe554363a6f6d1d648c31505bf92bfe5 |
SHA256: | 05f3ac7f197b690f306c521b658c935fbf057d737ad6791cee6e2553b87d090b |
SHA512: | b1537873ddbb5a3040220afdcf2159dc805602e7971af04bbb8a9115f771ca0c20dd06ab006aebf9def42cc38763fb5f9920b41011a8ba9ef3471f40eca4fa93 |
SSDEEP: | 768:nJR9+3IvJOAHPv9fJLyhmqGdGgEVXxHtzjSjwoGHHHHHHHHHHHHvHLbchqTWyy65:nJNvTHL4mqGzEBxRjS0oP+qO/M6QO |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0&6..........."...0..............:... ...@....@.. .......................@............`................................ |
File Icon |
---|
Icon Hash: | 70848a8c8c8ac010 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x403aaa |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA |
Time Stamp: | 0xFB362630 [Mon Jul 23 10:32:16 2103 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v4.0.30319 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Entrypoint Preview |
---|
Instruction |
---|
jmp dword ptr [00402000h] |
inc esi |
jne 00007F8BFC84CEC5h |
imul ecx, dword ptr [ebp+69h], 63h |
jc 00007F8BFC84CED1h |
jnc 00007F8BFC84CED1h |
je 0000CE94h |
xor dh, byte ptr [ebx] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x3a58 | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x4000 | 0x2cdf4 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x32000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x3998 | 0x38 | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x1ac0 | 0x1c00 | False | 0.518136160714 | PGP symmetric key encrypted data - Plaintext or unencrypted data | 5.23611813378 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rsrc | 0x4000 | 0x2cdf4 | 0x2ce00 | False | 0.165226758357 | data | 4.36692229858 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x32000 | 0xc | 0x200 | False | 0.044921875 | data | 0.0815394123432 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x4220 | 0x336b | PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced | ||
RT_ICON | 0x759c | 0x19f9 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | ||
RT_ICON | 0x8fa8 | 0x10828 | dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0 | ||
RT_ICON | 0x197e0 | 0x94a8 | data | ||
RT_ICON | 0x22c98 | 0x5488 | data | ||
RT_ICON | 0x28130 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4177526783, next used block 4294967047 | ||
RT_ICON | 0x2c368 | 0x25a8 | data | ||
RT_ICON | 0x2e920 | 0x10a8 | data | ||
RT_ICON | 0x2f9d8 | 0x988 | data | ||
RT_ICON | 0x30370 | 0x468 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x307e8 | 0x92 | data | ||
RT_VERSION | 0x3088c | 0x368 | data | ||
RT_MANIFEST | 0x30c04 | 0x1ea | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
Imports |
---|
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
LegalCopyright | Copyright 2021 |
Assembly Version | 15.10.2.1 |
InternalName | calc.exe |
FileVersion | 15.10.2.1 |
CompanyName | RepreIP |
LegalTrademarks | SDK9OPS2 |
Comments | DK5 Forensics tool and updater |
ProductName | SDK9OPS |
ProductVersion | 15.10.2.1 |
FileDescription | RepreIP |
OriginalFilename | calc.exe |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 28, 2021 04:56:05.441745996 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.441797018 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.441885948 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.473953962 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.473983049 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.521450996 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.521595955 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.525917053 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.525940895 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.526307106 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.570178032 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.892033100 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.926783085 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.926902056 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.926942110 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.926990032 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.926991940 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.927021980 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.927047014 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.927084923 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.927136898 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.927143097 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.927160978 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.927217960 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.927225113 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.927236080 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.927275896 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.927290916 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.927303076 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.927360058 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.927403927 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.927424908 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.927429914 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.927440882 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.927484035 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.927496910 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.927509069 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.927521944 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.927556992 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.927568913 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.927623034 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.927630901 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.927644968 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.927699089 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.927710056 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.927758932 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.927809000 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.927813053 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.927823067 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.927900076 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.927905083 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.927916050 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.927974939 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.927982092 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.927993059 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.928045988 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.928050041 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.928061008 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.928113937 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.928117037 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.928129911 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.928185940 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.928196907 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.928244114 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.928287983 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.928292990 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.928302050 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.928354979 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.928365946 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.928411007 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.928457975 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.928459883 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.928472996 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.928519011 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.928524017 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.928534985 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.928566933 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.928590059 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.928597927 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.928632021 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.944093943 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.944164038 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.944237947 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.944272041 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.944279909 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.944294930 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.944339037 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.944395065 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.944724083 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.944801092 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.944813967 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.944827080 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.944871902 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.944878101 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.944922924 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.944937944 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.944945097 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.944964886 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.945007086 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.945034981 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.945040941 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.945091009 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.960990906 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.961057901 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.961102009 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.961154938 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.961158037 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.961174965 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.961200953 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.961214066 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.961241007 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.961262941 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.961270094 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.961299896 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.961328030 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.961590052 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.961642027 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.961658001 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.961666107 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.961700916 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.961705923 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.961723089 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.961729050 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.961764097 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.961796999 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.961843014 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.961853027 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.961859941 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.961939096 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.961970091 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.961980104 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.961992979 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.961997986 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.962025881 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.962032080 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.962044954 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.962063074 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.962130070 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.962131977 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.962145090 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.962197065 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.962203979 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.962215900 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.962263107 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.962280035 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.962285042 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.962291956 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.962337971 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.962363958 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.962414026 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.962424994 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.962433100 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.962465048 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.962517977 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.962567091 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.962572098 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.962584019 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.962616920 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.962626934 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.962678909 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.962685108 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.962723017 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.962809086 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.978409052 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.978492022 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.978568077 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.978575945 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.978588104 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.978627920 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.978657007 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.978766918 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.978832006 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.979058981 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.979129076 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.979135036 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.979144096 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.979190111 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.979214907 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.979243994 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.979316950 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.979326010 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.979389906 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.979748011 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.979774952 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.979830027 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.979840994 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.979868889 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.979892969 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.980104923 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.980130911 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.980190992 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.980200052 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.980246067 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.980581045 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.980606079 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.980690002 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.980698109 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.980729103 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.980770111 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.980976105 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.981003046 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.981076002 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.981085062 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.981117010 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.981142044 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.981312990 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.981337070 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.981405020 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.981414080 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.981446028 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.981472969 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.981736898 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.981760979 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.981836081 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.981844902 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.981894016 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.981915951 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.982297897 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.982323885 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.982388020 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.982395887 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.982430935 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.982460022 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.982625961 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.982657909 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.982767105 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.982778072 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.982788086 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.982825994 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.982912064 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.982935905 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.983002901 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.983011961 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.983056068 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.983083963 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.983253002 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.983278990 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.983344078 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.983352900 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.983386993 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.983424902 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.983550072 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.983577013 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.983639002 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.983648062 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.983685017 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.983711004 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.983855963 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.983869076 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.983895063 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.984004974 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.984014034 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.984018087 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.984173059 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.984191895 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.984193087 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.984211922 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.984260082 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.984277964 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.984309912 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.984316111 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.984390974 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.984395981 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.984507084 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.984532118 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.984591961 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.984601974 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:05.984642029 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.984668970 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.984730005 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:05.984954119 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.014864922 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.014904976 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.014970064 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.015079021 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.015100956 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.015151978 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.015158892 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.015218019 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.015227079 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.015237093 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.015479088 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.015487909 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.015505075 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.015718937 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.015727997 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.015743017 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.015749931 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.015913010 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.015922070 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.015948057 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.016021013 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.016088963 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.016119957 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.016130924 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.016148090 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.016165972 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.016172886 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.016258001 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.016266108 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.016326904 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.016335011 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.016346931 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.016381979 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.016388893 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.016449928 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.016458035 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.016513109 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.016520977 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.016531944 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.016572952 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.016581059 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.016630888 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.016638041 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.016701937 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.016709089 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.016716003 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.016766071 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.016829014 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.016982079 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.017853975 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.021787882 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.021821976 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.021950960 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.021971941 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.022033930 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.022835016 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.032084942 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.032120943 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.032255888 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.032282114 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.032330036 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.032614946 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.032639980 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.032689095 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.032697916 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.032735109 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.032769918 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.033339024 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.033366919 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.033432961 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.033443928 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.033489943 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.033749104 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.033771992 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.033823967 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.033830881 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.033857107 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.033886909 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.034225941 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.034251928 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.034303904 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.034312010 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.034365892 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.034595013 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.034619093 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.034667015 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.034677982 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.034704924 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.034734964 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.034960032 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.034984112 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.035099030 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.035108089 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.035152912 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.035370111 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.035396099 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.035449028 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.035456896 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.035504103 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.035641909 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.035666943 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.035713911 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.035722017 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.035748959 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.035777092 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.036037922 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.036062956 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.036138058 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.036155939 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.036205053 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.036473036 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.036499977 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.036544085 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.036554098 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.036621094 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.278167963 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.278261900 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.278357029 CEST | 443 | 49706 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.278369904 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.278445959 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.281078100 CEST | 49706 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.287816048 CEST | 49707 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.287859917 CEST | 443 | 49707 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.287966013 CEST | 49707 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.288505077 CEST | 49707 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.288517952 CEST | 443 | 49707 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.325136900 CEST | 443 | 49707 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.330508947 CEST | 49707 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.330532074 CEST | 443 | 49707 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.502538919 CEST | 443 | 49707 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.502612114 CEST | 443 | 49707 | 162.159.135.233 | 192.168.2.5 |
Oct 28, 2021 04:56:06.502675056 CEST | 49707 | 443 | 192.168.2.5 | 162.159.135.233 |
Oct 28, 2021 04:56:06.505669117 CEST | 49707 | 443 | 192.168.2.5 | 162.159.135.233 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 28, 2021 04:56:05.348316908 CEST | 64344 | 53 | 192.168.2.5 | 8.8.8.8 |
Oct 28, 2021 04:56:05.370219946 CEST | 53 | 64344 | 8.8.8.8 | 192.168.2.5 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Oct 28, 2021 04:56:05.348316908 CEST | 192.168.2.5 | 8.8.8.8 | 0xd31 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Oct 28, 2021 04:56:05.370219946 CEST | 8.8.8.8 | 192.168.2.5 | 0xd31 | No error (0) | 162.159.135.233 | A (IP address) | IN (0x0001) | ||
Oct 28, 2021 04:56:05.370219946 CEST | 8.8.8.8 | 192.168.2.5 | 0xd31 | No error (0) | 162.159.133.233 | A (IP address) | IN (0x0001) | ||
Oct 28, 2021 04:56:05.370219946 CEST | 8.8.8.8 | 192.168.2.5 | 0xd31 | No error (0) | 162.159.130.233 | A (IP address) | IN (0x0001) | ||
Oct 28, 2021 04:56:05.370219946 CEST | 8.8.8.8 | 192.168.2.5 | 0xd31 | No error (0) | 162.159.134.233 | A (IP address) | IN (0x0001) | ||
Oct 28, 2021 04:56:05.370219946 CEST | 8.8.8.8 | 192.168.2.5 | 0xd31 | No error (0) | 162.159.129.233 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.5 | 49706 | 162.159.135.233 | 443 | C:\Users\user\Desktop\calc.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-28 02:56:05 UTC | 0 | OUT | |
2021-10-28 02:56:05 UTC | 0 | IN | |
2021-10-28 02:56:05 UTC | 1 | IN | |
2021-10-28 02:56:05 UTC | 1 | IN | |
2021-10-28 02:56:05 UTC | 2 | IN | |
2021-10-28 02:56:05 UTC | 4 | IN | |
2021-10-28 02:56:05 UTC | 5 | IN | |
2021-10-28 02:56:05 UTC | 6 | IN | |
2021-10-28 02:56:05 UTC | 8 | IN | |
2021-10-28 02:56:05 UTC | 9 | IN | |
2021-10-28 02:56:05 UTC | 10 | IN | |
2021-10-28 02:56:05 UTC | 12 | IN | |
2021-10-28 02:56:05 UTC | 13 | IN | |
2021-10-28 02:56:05 UTC | 14 | IN | |
2021-10-28 02:56:05 UTC | 16 | IN | |
2021-10-28 02:56:05 UTC | 17 | IN | |
2021-10-28 02:56:05 UTC | 18 | IN | |
2021-10-28 02:56:05 UTC | 20 | IN | |
2021-10-28 02:56:05 UTC | 21 | IN | |
2021-10-28 02:56:05 UTC | 22 | IN | |
2021-10-28 02:56:05 UTC | 24 | IN | |
2021-10-28 02:56:05 UTC | 24 | IN | |
2021-10-28 02:56:05 UTC | 25 | IN | |
2021-10-28 02:56:05 UTC | 27 | IN | |
2021-10-28 02:56:05 UTC | 28 | IN | |
2021-10-28 02:56:05 UTC | 29 | IN | |
2021-10-28 02:56:05 UTC | 31 | IN | |
2021-10-28 02:56:05 UTC | 32 | IN | |
2021-10-28 02:56:05 UTC | 33 | IN | |
2021-10-28 02:56:05 UTC | 35 | IN | |
2021-10-28 02:56:05 UTC | 36 | IN | |
2021-10-28 02:56:05 UTC | 37 | IN | |
2021-10-28 02:56:05 UTC | 39 | IN | |
2021-10-28 02:56:05 UTC | 40 | IN | |
2021-10-28 02:56:05 UTC | 41 | IN | |
2021-10-28 02:56:05 UTC | 43 | IN | |
2021-10-28 02:56:05 UTC | 44 | IN | |
2021-10-28 02:56:05 UTC | 45 | IN | |
2021-10-28 02:56:05 UTC | 47 | IN | |
2021-10-28 02:56:05 UTC | 48 | IN | |
2021-10-28 02:56:05 UTC | 49 | IN | |
2021-10-28 02:56:05 UTC | 51 | IN | |
2021-10-28 02:56:05 UTC | 52 | IN | |
2021-10-28 02:56:05 UTC | 53 | IN | |
2021-10-28 02:56:05 UTC | 56 | IN | |
2021-10-28 02:56:05 UTC | 60 | IN | |
2021-10-28 02:56:05 UTC | 64 | IN | |
2021-10-28 02:56:05 UTC | 68 | IN | |
2021-10-28 02:56:05 UTC | 72 | IN | |
2021-10-28 02:56:05 UTC | 77 | IN | |
2021-10-28 02:56:05 UTC | 81 | IN | |
2021-10-28 02:56:05 UTC | 85 | IN | |
2021-10-28 02:56:05 UTC | 88 | IN | |
2021-10-28 02:56:05 UTC | 92 | IN | |
2021-10-28 02:56:05 UTC | 96 | IN | |
2021-10-28 02:56:05 UTC | 100 | IN | |
2021-10-28 02:56:05 UTC | 104 | IN | |
2021-10-28 02:56:05 UTC | 109 | IN | |
2021-10-28 02:56:05 UTC | 113 | IN | |
2021-10-28 02:56:05 UTC | 117 | IN | |
2021-10-28 02:56:05 UTC | 120 | IN | |
2021-10-28 02:56:05 UTC | 124 | IN | |
2021-10-28 02:56:05 UTC | 128 | IN | |
2021-10-28 02:56:05 UTC | 132 | IN | |
2021-10-28 02:56:05 UTC | 136 | IN | |
2021-10-28 02:56:05 UTC | 141 | IN | |
2021-10-28 02:56:05 UTC | 145 | IN | |
2021-10-28 02:56:05 UTC | 149 | IN | |
2021-10-28 02:56:05 UTC | 152 | IN | |
2021-10-28 02:56:05 UTC | 156 | IN | |
2021-10-28 02:56:05 UTC | 160 | IN | |
2021-10-28 02:56:05 UTC | 164 | IN | |
2021-10-28 02:56:05 UTC | 168 | IN | |
2021-10-28 02:56:05 UTC | 173 | IN | |
2021-10-28 02:56:05 UTC | 177 | IN | |
2021-10-28 02:56:05 UTC | 181 | IN | |
2021-10-28 02:56:05 UTC | 184 | IN | |
2021-10-28 02:56:05 UTC | 188 | IN | |
2021-10-28 02:56:05 UTC | 192 | IN | |
2021-10-28 02:56:05 UTC | 196 | IN | |
2021-10-28 02:56:05 UTC | 200 | IN | |
2021-10-28 02:56:05 UTC | 205 | IN | |
2021-10-28 02:56:05 UTC | 209 | IN | |
2021-10-28 02:56:05 UTC | 213 | IN | |
2021-10-28 02:56:05 UTC | 216 | IN | |
2021-10-28 02:56:05 UTC | 232 | IN | |
2021-10-28 02:56:05 UTC | 248 | IN | |
2021-10-28 02:56:05 UTC | 264 | IN | |
2021-10-28 02:56:05 UTC | 280 | IN | |
2021-10-28 02:56:05 UTC | 296 | IN | |
2021-10-28 02:56:05 UTC | 312 | IN | |
2021-10-28 02:56:05 UTC | 328 | IN | |
2021-10-28 02:56:05 UTC | 344 | IN | |
2021-10-28 02:56:05 UTC | 360 | IN | |
2021-10-28 02:56:05 UTC | 376 | IN | |
2021-10-28 02:56:05 UTC | 392 | IN | |
2021-10-28 02:56:05 UTC | 408 | IN | |
2021-10-28 02:56:05 UTC | 424 | IN | |
2021-10-28 02:56:06 UTC | 440 | IN | |
2021-10-28 02:56:06 UTC | 456 | IN | |
2021-10-28 02:56:06 UTC | 472 | IN | |
2021-10-28 02:56:06 UTC | 484 | IN | |
2021-10-28 02:56:06 UTC | 500 | IN | |
2021-10-28 02:56:06 UTC | 516 | IN | |
2021-10-28 02:56:06 UTC | 532 | IN | |
2021-10-28 02:56:06 UTC | 548 | IN | |
2021-10-28 02:56:06 UTC | 564 | IN | |
2021-10-28 02:56:06 UTC | 580 | IN | |
2021-10-28 02:56:06 UTC | 596 | IN | |
2021-10-28 02:56:06 UTC | 612 | IN | |
2021-10-28 02:56:06 UTC | 628 | IN | |
2021-10-28 02:56:06 UTC | 644 | IN | |
2021-10-28 02:56:06 UTC | 660 | IN | |
2021-10-28 02:56:06 UTC | 676 | IN | |
2021-10-28 02:56:06 UTC | 692 | IN | |
2021-10-28 02:56:06 UTC | 708 | IN | |
2021-10-28 02:56:06 UTC | 724 | IN | |
2021-10-28 02:56:06 UTC | 740 | IN | |
2021-10-28 02:56:06 UTC | 756 | IN | |
2021-10-28 02:56:06 UTC | 772 | IN | |
2021-10-28 02:56:06 UTC | 788 | IN | |
2021-10-28 02:56:06 UTC | 804 | IN | |
2021-10-28 02:56:06 UTC | 820 | IN | |
2021-10-28 02:56:06 UTC | 836 | IN | |
2021-10-28 02:56:06 UTC | 852 | IN | |
2021-10-28 02:56:06 UTC | 868 | IN | |
2021-10-28 02:56:06 UTC | 884 | IN | |
2021-10-28 02:56:06 UTC | 900 | IN | |
2021-10-28 02:56:06 UTC | 916 | IN | |
2021-10-28 02:56:06 UTC | 932 | IN | |
2021-10-28 02:56:06 UTC | 948 | IN | |
2021-10-28 02:56:06 UTC | 964 | IN | |
2021-10-28 02:56:06 UTC | 980 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.5 | 49707 | 162.159.135.233 | 443 | C:\Users\user\Desktop\calc.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-28 02:56:06 UTC | 994 | OUT | |
2021-10-28 02:56:06 UTC | 994 | IN | |
2021-10-28 02:56:06 UTC | 995 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 04:56:03 |
Start date: | 28/10/2021 |
Path: | C:\Users\user\Desktop\calc.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x320000 |
File size: | 192000 bytes |
MD5 hash: | CE76AE9D476B9C0DAA25DAF4C6DD4909 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 04:56:03 |
Start date: | 28/10/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7ecfc0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 04:56:09 |
Start date: | 28/10/2021 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x7ff64e5e0000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 00C900B8, Relevance: .5, Instructions: 460COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C90580, Relevance: .2, Instructions: 168COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C90571, Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0081D4D8, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0081D3EC, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C90098, Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0081D4D3, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0081D3E7, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C900AC, Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C90710, Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C90860, Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C90808, Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C907B8, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C909A9, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C909B8, Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C9045F, Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C907C8, Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C90818, Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C910D0, Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C90470, Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C910E0, Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C90448, Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|