Play interactive tourEdit tour
Analysis Report pQlSDfwyYkf.js
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Sigma detected: Drops script at startup location
Sigma detected: Register Wscript In Run Key
System process connects to network (likely due to code injection or exploit)
Drops script or batch files to the startup folder
JavaScript source code contains functionality to check for AV products
JavaScript source code contains functionality to check for volume information
JavaScript source code contains functionality to generate code involving HTTP requests or file downloads
JavaScript source code contains functionality to generate code involving a shell, file or stream
May check the online IP address of the machine
Performs DNS queries to domains with low reputation
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Wscript called in batch mode (surpress errors)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains capabilities to detect virtual machines
Creates a start menu entry (Start Menu\Programs\Startup)
Found WSH timer for Javascript or VBS script (likely evasive script)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Stores files to the Windows start menu directory
Uses a known web browser user agent for HTTP communication
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Drops script at startup location | Show sources |
Source: | Author: Joe Security: |
Sigma detected: Register Wscript In Run Key | Show sources |
Source: | Author: Joe Security: |
Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
JavaScript source code contains functionality to check for AV products | Show sources |
Source: | Return value : | Go to definition |
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Software Vulnerabilities: |
---|
JavaScript source code contains functionality to generate code involving a shell, file or stream | Show sources |
Source: | Argument value : | Go to definition | ||
Source: | Argument value : | Go to definition | ||
Source: | Argument value : | Go to definition | ||
Source: | Argument value : | Go to definition | ||
Source: | Argument value : | Go to definition | ||
Source: | Return value : | Go to definition | ||
Source: | Argument value : | Go to definition | ||
Source: | Argument value : | Go to definition | ||
Source: | Return value : | Go to definition | ||
Source: | Argument value : | Go to definition | ||
Source: | Argument value : | Go to definition | ||
Source: | Argument value : | Go to definition | ||
Source: | Argument value : | Go to definition | ||
Source: | Return value : | Go to definition | ||
Source: | Argument value : | Go to definition | ||
Source: | Argument value : | Go to definition |
Networking: |
---|
JavaScript source code contains functionality to generate code involving HTTP requests or file downloads | Show sources |
Source: | Argument value : | Go to definition | ||
Source: | Return value : | Go to definition | ||
Source: | Return value : | Go to definition | ||
Source: | Return value : | Go to definition | ||
Source: | Argument value : | Go to definition | ||
Source: | Return value : | Go to definition | ||
Source: | Argument value : | Go to definition | ||
Source: | Argument value : | Go to definition | ||
Source: | Argument value : | Go to definition | ||
Source: | Return value : | Go to definition | ||
Source: | Return value : | Go to definition | ||
Source: | Return value : | Go to definition | ||
Source: | Argument value : | Go to definition |
May check the online IP address of the machine | Show sources |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Performs DNS queries to domains with low reputation | Show sources |
Source: | DNS query: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
System Summary: |
---|
Wscript called in batch mode (surpress errors) | Show sources |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Initial sample: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Boot Survival: |
---|
Drops script or batch files to the startup folder | Show sources |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
JavaScript source code contains functionality to check for volume information | Show sources |
Source: | Return value : | Go to definition | ||
Source: | Return value : | Go to definition | ||
Source: | Return value : | Go to definition |
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes) | Show sources |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Source: | File opened / queried: | Jump to behavior |
Source: | Window found: | Jump to behavior | ||
Source: | Window found: | Jump to behavior | ||
Source: | Window found: | Jump to behavior | ||
Source: | Window found: | Jump to behavior | ||
Source: | Window found: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
HIPS / PFW / Operating System Protection Evasion: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: | |||
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation331 | Startup Items1 | Startup Items1 | Masquerading1 | OS Credential Dumping | Query Registry1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Encrypted Channel2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scripting62 | Registry Run Keys / Startup Folder21 | Process Injection12 | Virtualization/Sandbox Evasion23 | LSASS Memory | Security Software Discovery441 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Ingress Tool Transfer1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Registry Run Keys / Startup Folder21 | Process Injection12 | Security Account Manager | Virtualization/Sandbox Evasion23 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Scripting62 | NTDS | Process Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol13 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information1 | LSA Secrets | Remote System Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | System Network Configuration Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | File and Directory Discovery1 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | System Information Discovery113 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
No Antivirus matches |
---|
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
myip.dnsomatic.com | 146.112.255.205 | true | false | high | |
barbraovich.xyz | 204.11.58.187 | true | true | unknown | |
ip-api.com | 208.95.112.1 | true | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
208.95.112.1 | ip-api.com | United States | 53334 | TUT-ASUS | false | |
204.11.58.187 | barbraovich.xyz | United States | 394695 | PUBLIC-DOMAIN-REGISTRYUS | true | |
146.112.255.205 | myip.dnsomatic.com | Austria | 36692 | OPENDNSUS | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 381513 |
Start date: | 03.04.2021 |
Start time: | 20:15:50 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 15s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | pQlSDfwyYkf.js |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 31 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winJS@5/5@8/3 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
20:17:29 | Autostart | |
20:17:37 | Autostart | |
20:17:46 | Autostart | |
20:17:54 | Autostart | |
20:19:08 | Autostart |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
208.95.112.1 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
myip.dnsomatic.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
ip-api.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
barbraovich.xyz | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
OPENDNSUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
TUT-ASUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
PUBLIC-DOMAIN-REGISTRYUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\System32\wscript.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 281 |
Entropy (8bit): | 4.903369297352836 |
Encrypted: | false |
SSDEEP: | 6:YWybuaSKaixIFIL4aCUCpqg+jgE0pPfH/9d7K:YWybuvkIyUaCX5+Pcfnm |
MD5: | 4B7188D74C6CF33C10B9F043A6675795 |
SHA1: | 1F36C86D355251FD0586EC1FF56AFB75D0470A4D |
SHA-256: | 1AFCACE6732A388C123CCCBBC32CB99126EA3CF24010C5E1B8D219DA45861D0D |
SHA-512: | 5BD15779819F451A8837D3A12DB1F7A56E543CF19A84D3A5CA6DBCFCDB1AAF54059B565941141EBA6A8993573E3CAC73A2667396C78DAC7F29BD25F8A43EA263 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | http://ip-api.com/json/ |
Preview: |
|
Process: | C:\Windows\System32\wscript.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 841521 |
Entropy (8bit): | 4.601150426420217 |
Encrypted: | false |
SSDEEP: | 3072:vJgMVRGgtqvvC6jSOPT2qeNJgMVRGgtqvvC6jSOPT2qeNJgMVRGgtqvvC6jSOPTM:vJqqniMJqqniMJqqni+ |
MD5: | 11667B8EDF1175CC19A3987342075732 |
SHA1: | 61B84D459223AB20FBAEA18222EB6DF53FF8B424 |
SHA-256: | EF7D6F511545627E169FEA92A61198594814C9A8041A32123AD4453041883685 |
SHA-512: | 1F52F1E79286FC5A89C3FA8BC0EE3CF03DB56924F76AF45F07A49F1D2C03AD928808D67054560AC5A7A3C3AB8D620C2A11A106D826EFE58AE7E95E917164C436 |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\System32\wscript.exe |
File Type: | |
Category: | modified |
Size (bytes): | 78 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYygPYygPYV:rPY9PY9PYV |
MD5: | 7232B71AEB17789B53E7EFDF68F7CD70 |
SHA1: | 6A6C11C08AECEE1CB95E17AFA8FD590460F8F42C |
SHA-256: | B7579769C314DD657A20263C61B95594AEE8C4EA630FBE8CAE2A2CFB7002566B |
SHA-512: | 6946CA93FE56C61C5475081F59C762B905F1E7EF0515814CC5893098D55011ED3895A010BDFD7A623A015A3232D3A9650929BF87A99505C8C08BF2901F2A31E8 |
Malicious: | true |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Windows\System32\wscript.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 841521 |
Entropy (8bit): | 4.601150426420217 |
Encrypted: | false |
SSDEEP: | 3072:vJgMVRGgtqvvC6jSOPT2qeNJgMVRGgtqvvC6jSOPT2qeNJgMVRGgtqvvC6jSOPTM:vJqqniMJqqniMJqqni+ |
MD5: | 11667B8EDF1175CC19A3987342075732 |
SHA1: | 61B84D459223AB20FBAEA18222EB6DF53FF8B424 |
SHA-256: | EF7D6F511545627E169FEA92A61198594814C9A8041A32123AD4453041883685 |
SHA-512: | 1F52F1E79286FC5A89C3FA8BC0EE3CF03DB56924F76AF45F07A49F1D2C03AD928808D67054560AC5A7A3C3AB8D620C2A11A106D826EFE58AE7E95E917164C436 |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\System32\wscript.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 78 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYygPYygPYV:rPY9PY9PYV |
MD5: | 7232B71AEB17789B53E7EFDF68F7CD70 |
SHA1: | 6A6C11C08AECEE1CB95E17AFA8FD590460F8F42C |
SHA-256: | B7579769C314DD657A20263C61B95594AEE8C4EA630FBE8CAE2A2CFB7002566B |
SHA-512: | 6946CA93FE56C61C5475081F59C762B905F1E7EF0515814CC5893098D55011ED3895A010BDFD7A623A015A3232D3A9650929BF87A99505C8C08BF2901F2A31E8 |
Malicious: | true |
Reputation: | moderate, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.157425613514049 |
TrID: |
|
File name: | pQlSDfwyYkf.js |
File size: | 78389 |
MD5: | 6cdad3b5ac021d3dbf0fb6159831cdce |
SHA1: | 9e4ccf157808cabe397aca975accd69d79fa49a7 |
SHA256: | ea00769d7f638847d6082f8a9d4493cd98041df6d713f06a3bcaf95ec8ac54fb |
SHA512: | 5a8bd43b0029b376595f603c6ceffc28c595f65b4494a8df3c747ac0927115781ff88456b70c42fd1478df11297c9019a0954de048c5545a1a593bb9de9802f2 |
SSDEEP: | 768:YylMSjPmpj464sb+lVgmpOIfqIgqIyv7H2m+r2M0yuz2M0yu/pyU2M0yuPnGgDJH:YyiAb/+FysdN4vmULOiHQQ |
File Content Preview: | var br,cE,bP,cC,W,cB,bn,B,cf,bL,cD,bV,bT,bc,Z,cT,bd,z,cv,bX,cM,bf,x,cO,ca,u,m,bH,a,cr,cF,g,bK,cw,bR,bJ,bZ,bS,X,cx,be,bW,l,bo,bq,f,Y,cj,bQ,cR,cV,b,cN,j,ba,e,r,v,bG,cl,bM,h,bY,bF,bp,d,s,bI,cg,w,bl,cP,cL,cU,cb,ck,ce,y,cQ,bU,q,bO,ch,bm,cS,cG,bb,co,cK,A,c,bE,i |
File Icon |
---|
Icon Hash: | e8d69ece968a9ec4 |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 3, 2021 20:17:10.487704039 CEST | 49720 | 80 | 192.168.2.5 | 208.95.112.1 |
Apr 3, 2021 20:17:10.539612055 CEST | 80 | 49720 | 208.95.112.1 | 192.168.2.5 |
Apr 3, 2021 20:17:10.539710999 CEST | 49720 | 80 | 192.168.2.5 | 208.95.112.1 |
Apr 3, 2021 20:17:10.540301085 CEST | 49720 | 80 | 192.168.2.5 | 208.95.112.1 |
Apr 3, 2021 20:17:10.595407963 CEST | 80 | 49720 | 208.95.112.1 | 192.168.2.5 |
Apr 3, 2021 20:17:10.595499992 CEST | 49720 | 80 | 192.168.2.5 | 208.95.112.1 |
Apr 3, 2021 20:17:13.094382048 CEST | 49723 | 80 | 192.168.2.5 | 146.112.255.205 |
Apr 3, 2021 20:17:13.135261059 CEST | 80 | 49723 | 146.112.255.205 | 192.168.2.5 |
Apr 3, 2021 20:17:13.135426998 CEST | 49723 | 80 | 192.168.2.5 | 146.112.255.205 |
Apr 3, 2021 20:17:13.136342049 CEST | 49723 | 80 | 192.168.2.5 | 146.112.255.205 |
Apr 3, 2021 20:17:13.174619913 CEST | 80 | 49723 | 146.112.255.205 | 192.168.2.5 |
Apr 3, 2021 20:17:13.174669981 CEST | 80 | 49723 | 146.112.255.205 | 192.168.2.5 |
Apr 3, 2021 20:17:13.174760103 CEST | 49723 | 80 | 192.168.2.5 | 146.112.255.205 |
Apr 3, 2021 20:17:29.106760979 CEST | 49726 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:29.279494047 CEST | 443 | 49726 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:29.280180931 CEST | 49726 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:29.286272049 CEST | 49726 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:29.458872080 CEST | 443 | 49726 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:29.468957901 CEST | 443 | 49726 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:29.468981981 CEST | 443 | 49726 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:29.468991041 CEST | 443 | 49726 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:29.469115019 CEST | 49726 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:29.535916090 CEST | 49726 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:29.702918053 CEST | 443 | 49726 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:29.702991009 CEST | 49726 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:29.734172106 CEST | 49726 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:29.734585047 CEST | 49726 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:29.901019096 CEST | 443 | 49726 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:30.093600988 CEST | 443 | 49726 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:30.093708038 CEST | 49726 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:30.093981981 CEST | 443 | 49726 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:30.094048023 CEST | 49726 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:30.750226021 CEST | 49726 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:30.751938105 CEST | 49727 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:30.924154997 CEST | 443 | 49726 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:30.925105095 CEST | 443 | 49727 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:30.925268888 CEST | 49727 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:30.925998926 CEST | 49727 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:31.100585938 CEST | 443 | 49727 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:31.101259947 CEST | 443 | 49727 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:31.101777077 CEST | 49727 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:31.105534077 CEST | 49727 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:31.105612993 CEST | 49727 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:31.105685949 CEST | 49727 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:31.277340889 CEST | 443 | 49727 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:31.521686077 CEST | 443 | 49727 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:31.522170067 CEST | 443 | 49727 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:31.522308111 CEST | 49727 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:31.522814989 CEST | 49727 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:32.009047031 CEST | 49727 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:32.010840893 CEST | 49728 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:32.175226927 CEST | 443 | 49727 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:32.176923990 CEST | 443 | 49728 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:32.177052975 CEST | 49728 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:32.177515984 CEST | 49728 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:32.343765974 CEST | 443 | 49728 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:32.344549894 CEST | 443 | 49728 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:32.344649076 CEST | 49728 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:32.345074892 CEST | 49728 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:32.347794056 CEST | 49728 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:32.348078012 CEST | 49728 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:32.513842106 CEST | 443 | 49728 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:32.554766893 CEST | 443 | 49728 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:32.684305906 CEST | 443 | 49728 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:32.684397936 CEST | 49728 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:32.684746027 CEST | 443 | 49728 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:32.684804916 CEST | 49728 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:34.739377022 CEST | 49728 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:34.740629911 CEST | 49734 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:34.905677080 CEST | 443 | 49728 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:34.907167912 CEST | 443 | 49734 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:34.907291889 CEST | 49734 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:34.907974005 CEST | 49734 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:35.082051039 CEST | 443 | 49734 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:35.082617998 CEST | 443 | 49734 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:35.082782984 CEST | 49734 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:35.083312988 CEST | 49734 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:35.086606979 CEST | 49734 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:35.086981058 CEST | 49734 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:35.259244919 CEST | 443 | 49734 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:35.301103115 CEST | 443 | 49734 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:35.471992970 CEST | 443 | 49734 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:35.472127914 CEST | 49734 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:35.472248077 CEST | 443 | 49734 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:17:35.472564936 CEST | 49734 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:17:52.682600975 CEST | 80 | 49720 | 208.95.112.1 | 192.168.2.5 |
Apr 3, 2021 20:17:52.682754040 CEST | 49720 | 80 | 192.168.2.5 | 208.95.112.1 |
Apr 3, 2021 20:18:05.472819090 CEST | 443 | 49734 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:18:08.609307051 CEST | 80 | 49720 | 208.95.112.1 | 192.168.2.5 |
Apr 3, 2021 20:18:13.389441013 CEST | 49748 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:18:13.584445953 CEST | 443 | 49748 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:18:13.584692955 CEST | 49748 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:18:13.585614920 CEST | 49748 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:18:13.757239103 CEST | 443 | 49748 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:18:13.758146048 CEST | 443 | 49748 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:18:13.758301020 CEST | 49748 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:18:13.759593964 CEST | 49748 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:18:13.762790918 CEST | 49748 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:18:13.762804985 CEST | 49748 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:18:13.936826944 CEST | 443 | 49748 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:18:13.977313995 CEST | 443 | 49748 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:18:14.092073917 CEST | 443 | 49748 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:18:14.092099905 CEST | 443 | 49748 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:18:14.092464924 CEST | 49748 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:18:14.093436003 CEST | 49748 | 443 | 192.168.2.5 | 204.11.58.187 |
Apr 3, 2021 20:18:14.265034914 CEST | 443 | 49748 | 204.11.58.187 | 192.168.2.5 |
Apr 3, 2021 20:18:18.176342010 CEST | 80 | 49723 | 146.112.255.205 | 192.168.2.5 |
Apr 3, 2021 20:18:18.176450014 CEST | 49723 | 80 | 192.168.2.5 | 146.112.255.205 |
Apr 3, 2021 20:18:57.298460960 CEST | 49750 | 80 | 192.168.2.5 | 208.95.112.1 |
Apr 3, 2021 20:18:57.350307941 CEST | 80 | 49750 | 208.95.112.1 | 192.168.2.5 |
Apr 3, 2021 20:18:57.350435972 CEST | 49750 | 80 | 192.168.2.5 | 208.95.112.1 |
Apr 3, 2021 20:18:57.351469994 CEST | 49750 | 80 | 192.168.2.5 | 208.95.112.1 |
Apr 3, 2021 20:18:57.405817986 CEST | 80 | 49750 | 208.95.112.1 | 192.168.2.5 |
Apr 3, 2021 20:18:57.405910015 CEST | 49750 | 80 | 192.168.2.5 | 208.95.112.1 |
Apr 3, 2021 20:18:58.291157961 CEST | 49751 | 80 | 192.168.2.5 | 208.95.112.1 |
Apr 3, 2021 20:18:58.343436003 CEST | 80 | 49751 | 208.95.112.1 | 192.168.2.5 |
Apr 3, 2021 20:18:58.343763113 CEST | 49751 | 80 | 192.168.2.5 | 208.95.112.1 |
Apr 3, 2021 20:18:58.344640970 CEST | 49751 | 80 | 192.168.2.5 | 208.95.112.1 |
Apr 3, 2021 20:18:58.397279024 CEST | 80 | 49751 | 208.95.112.1 | 192.168.2.5 |
Apr 3, 2021 20:18:58.397803068 CEST | 49751 | 80 | 192.168.2.5 | 208.95.112.1 |
Apr 3, 2021 20:19:00.051399946 CEST | 49752 | 80 | 192.168.2.5 | 146.112.255.205 |
Apr 3, 2021 20:19:00.089762926 CEST | 80 | 49752 | 146.112.255.205 | 192.168.2.5 |
Apr 3, 2021 20:19:00.090193987 CEST | 49752 | 80 | 192.168.2.5 | 146.112.255.205 |
Apr 3, 2021 20:19:00.090447903 CEST | 49752 | 80 | 192.168.2.5 | 146.112.255.205 |
Apr 3, 2021 20:19:00.128711939 CEST | 80 | 49752 | 146.112.255.205 | 192.168.2.5 |
Apr 3, 2021 20:19:00.128802061 CEST | 80 | 49752 | 146.112.255.205 | 192.168.2.5 |
Apr 3, 2021 20:19:00.128957033 CEST | 49752 | 80 | 192.168.2.5 | 146.112.255.205 |
Apr 3, 2021 20:19:00.206037045 CEST | 49753 | 80 | 192.168.2.5 | 146.112.255.205 |
Apr 3, 2021 20:19:00.244144917 CEST | 49754 | 80 | 192.168.2.5 | 146.112.255.205 |
Apr 3, 2021 20:19:00.244436979 CEST | 80 | 49753 | 146.112.255.205 | 192.168.2.5 |
Apr 3, 2021 20:19:00.244555950 CEST | 49753 | 80 | 192.168.2.5 | 146.112.255.205 |
Apr 3, 2021 20:19:00.244756937 CEST | 49753 | 80 | 192.168.2.5 | 146.112.255.205 |
Apr 3, 2021 20:19:00.282613039 CEST | 80 | 49754 | 146.112.255.205 | 192.168.2.5 |
Apr 3, 2021 20:19:00.282746077 CEST | 49754 | 80 | 192.168.2.5 | 146.112.255.205 |
Apr 3, 2021 20:19:00.282944918 CEST | 80 | 49753 | 146.112.255.205 | 192.168.2.5 |
Apr 3, 2021 20:19:00.283109903 CEST | 49754 | 80 | 192.168.2.5 | 146.112.255.205 |
Apr 3, 2021 20:19:00.284437895 CEST | 80 | 49753 | 146.112.255.205 | 192.168.2.5 |
Apr 3, 2021 20:19:00.284516096 CEST | 49753 | 80 | 192.168.2.5 | 146.112.255.205 |
Apr 3, 2021 20:19:00.321436882 CEST | 80 | 49754 | 146.112.255.205 | 192.168.2.5 |
Apr 3, 2021 20:19:00.321505070 CEST | 80 | 49754 | 146.112.255.205 | 192.168.2.5 |
Apr 3, 2021 20:19:00.321640015 CEST | 49754 | 80 | 192.168.2.5 | 146.112.255.205 |
Apr 3, 2021 20:19:00.351181030 CEST | 49723 | 80 | 192.168.2.5 | 146.112.255.205 |
Apr 3, 2021 20:19:00.392553091 CEST | 80 | 49723 | 146.112.255.205 | 192.168.2.5 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 3, 2021 20:16:31.924556017 CEST | 65307 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:16:31.988241911 CEST | 53 | 65307 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:16:32.143085003 CEST | 64344 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:16:32.207150936 CEST | 53 | 64344 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:16:32.330271006 CEST | 62060 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:16:32.378983021 CEST | 53 | 62060 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:16:33.733463049 CEST | 61805 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:16:33.779457092 CEST | 53 | 61805 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:16:34.597819090 CEST | 54795 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:16:34.649528027 CEST | 53 | 54795 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:16:35.390784979 CEST | 49557 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:16:35.445075035 CEST | 53 | 49557 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:16:35.745127916 CEST | 61733 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:16:35.802941084 CEST | 53 | 61733 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:16:37.381016016 CEST | 65447 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:16:37.429567099 CEST | 53 | 65447 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:16:38.690375090 CEST | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:16:38.740159988 CEST | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:16:40.157440901 CEST | 62176 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:16:40.214020967 CEST | 53 | 62176 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:16:41.988599062 CEST | 59596 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:16:42.037672043 CEST | 53 | 59596 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:16:42.765866995 CEST | 65296 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:16:42.813765049 CEST | 53 | 65296 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:16:43.676740885 CEST | 63183 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:16:43.724165916 CEST | 53 | 63183 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:16:44.450530052 CEST | 60151 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:16:44.496654987 CEST | 53 | 60151 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:16:57.978404045 CEST | 56969 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:16:58.072699070 CEST | 53 | 56969 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:17:10.425621986 CEST | 55161 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:17:10.474539995 CEST | 53 | 55161 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:17:12.357573032 CEST | 54757 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:17:12.419945955 CEST | 53 | 54757 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:17:13.034869909 CEST | 49992 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:17:13.092287064 CEST | 53 | 49992 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:17:27.149049044 CEST | 60075 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:17:27.196631908 CEST | 53 | 60075 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:17:28.426048994 CEST | 55016 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:17:28.483237028 CEST | 53 | 55016 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:17:28.904994965 CEST | 64345 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:17:29.104764938 CEST | 53 | 64345 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:17:32.630234003 CEST | 57128 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:17:32.684880018 CEST | 53 | 57128 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:17:52.524812937 CEST | 54791 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:17:52.600895882 CEST | 53 | 54791 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:17:53.715042114 CEST | 50463 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:17:53.816692114 CEST | 53 | 50463 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:17:54.610012054 CEST | 50394 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:17:54.664421082 CEST | 53 | 50394 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:17:55.240168095 CEST | 58530 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:17:55.306725979 CEST | 53 | 58530 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:17:56.019995928 CEST | 53813 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:17:56.074356079 CEST | 53 | 53813 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:17:56.770963907 CEST | 63732 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:17:56.816926003 CEST | 53 | 63732 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:17:57.698774099 CEST | 57344 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:17:57.758212090 CEST | 53 | 57344 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:17:59.496206999 CEST | 54450 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:17:59.553359032 CEST | 53 | 54450 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:18:00.880690098 CEST | 59261 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:18:00.929627895 CEST | 53 | 59261 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:18:02.435165882 CEST | 57151 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:18:02.491905928 CEST | 53 | 57151 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:18:03.987288952 CEST | 59413 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:18:04.044460058 CEST | 53 | 59413 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:18:10.676431894 CEST | 60516 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:18:10.727965117 CEST | 53 | 60516 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:18:13.117996931 CEST | 51649 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:18:13.172678947 CEST | 53 | 51649 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:18:57.249293089 CEST | 65086 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:18:57.295454025 CEST | 53 | 65086 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:18:58.240498066 CEST | 56432 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:18:58.288784981 CEST | 53 | 56432 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:19:00.004445076 CEST | 52929 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:19:00.050451994 CEST | 53 | 52929 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:19:00.152805090 CEST | 64317 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:19:00.183485985 CEST | 61004 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 3, 2021 20:19:00.201658010 CEST | 53 | 64317 | 8.8.8.8 | 192.168.2.5 |
Apr 3, 2021 20:19:00.238084078 CEST | 53 | 61004 | 8.8.8.8 | 192.168.2.5 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Apr 3, 2021 20:17:10.425621986 CEST | 192.168.2.5 | 8.8.8.8 | 0x837c | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 3, 2021 20:17:13.034869909 CEST | 192.168.2.5 | 8.8.8.8 | 0xc390 | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 3, 2021 20:17:28.904994965 CEST | 192.168.2.5 | 8.8.8.8 | 0x6d1f | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 3, 2021 20:18:57.249293089 CEST | 192.168.2.5 | 8.8.8.8 | 0x1f00 | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 3, 2021 20:18:58.240498066 CEST | 192.168.2.5 | 8.8.8.8 | 0xc6a0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 3, 2021 20:19:00.004445076 CEST | 192.168.2.5 | 8.8.8.8 | 0x9cf0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 3, 2021 20:19:00.152805090 CEST | 192.168.2.5 | 8.8.8.8 | 0x1157 | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 3, 2021 20:19:00.183485985 CEST | 192.168.2.5 | 8.8.8.8 | 0x76c6 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Apr 3, 2021 20:17:10.474539995 CEST | 8.8.8.8 | 192.168.2.5 | 0x837c | No error (0) | 208.95.112.1 | A (IP address) | IN (0x0001) | ||
Apr 3, 2021 20:17:13.092287064 CEST | 8.8.8.8 | 192.168.2.5 | 0xc390 | No error (0) | 146.112.255.205 | A (IP address) | IN (0x0001) | ||
Apr 3, 2021 20:17:29.104764938 CEST | 8.8.8.8 | 192.168.2.5 | 0x6d1f | No error (0) | 204.11.58.187 | A (IP address) | IN (0x0001) | ||
Apr 3, 2021 20:18:57.295454025 CEST | 8.8.8.8 | 192.168.2.5 | 0x1f00 | No error (0) | 208.95.112.1 | A (IP address) | IN (0x0001) | ||
Apr 3, 2021 20:18:58.288784981 CEST | 8.8.8.8 | 192.168.2.5 | 0xc6a0 | No error (0) | 208.95.112.1 | A (IP address) | IN (0x0001) | ||
Apr 3, 2021 20:19:00.050451994 CEST | 8.8.8.8 | 192.168.2.5 | 0x9cf0 | No error (0) | 146.112.255.205 | A (IP address) | IN (0x0001) | ||
Apr 3, 2021 20:19:00.201658010 CEST | 8.8.8.8 | 192.168.2.5 | 0x1157 | No error (0) | 146.112.255.205 | A (IP address) | IN (0x0001) | ||
Apr 3, 2021 20:19:00.238084078 CEST | 8.8.8.8 | 192.168.2.5 | 0x76c6 | No error (0) | 146.112.255.205 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.5 | 49720 | 208.95.112.1 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Apr 3, 2021 20:17:10.540301085 CEST | 1366 | OUT | |
Apr 3, 2021 20:17:10.595407963 CEST | 1367 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.5 | 49723 | 146.112.255.205 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Apr 3, 2021 20:17:13.136342049 CEST | 1378 | OUT | |
Apr 3, 2021 20:17:13.174669981 CEST | 1379 | IN |