Analysis Report COVID_19_Test_Result_Doctor_Note.js
Overview
General Information
Detection
Score: | 80 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Drops script at startup location | Show sources |
Source: | Author: Joe Security: |
Sigma detected: Register Wscript In Run Key | Show sources |
Source: | Author: Joe Security: |
Signature Overview |
---|
Click to jump to signature section
Compliance: |
---|
Binary contains paths to debug symbols | Show sources |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Networking: |
---|
Found C&C like URL pattern | Show sources |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary: |
---|
Wscript called in batch mode (surpress errors) | Show sources |
Source: | Process created: | ||
Source: | Process created: |
Source: | Initial sample: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation: |
---|
Potential obfuscated javascript found | Show sources |
Source: | Initial file: |
Boot Survival: |
---|
Drops script or batch files to the startup folder | Show sources |
Source: | File created: | |||
Source: | File created: | |||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | Registry key monitored for changes: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | File opened / queried: |
Source: | Window found: | ||
Source: | Window found: | ||
Source: | Window found: | ||
Source: | Window found: |
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
HIPS / PFW / Operating System Protection Evasion: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Network Connect: | ||
Source: | Network Connect: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Key value queried: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting32 | Startup Items1 | Startup Items1 | Masquerading1 | OS Credential Dumping | Query Registry1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Non-Application Layer Protocol2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Registry Run Keys / Startup Folder21 | Process Injection12 | Virtualization/Sandbox Evasion2 | LSASS Memory | Security Software Discovery11 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Application Layer Protocol112 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Registry Run Keys / Startup Folder21 | Process Injection12 | Security Account Manager | Virtualization/Sandbox Evasion2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Scripting32 | NTDS | Process Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information1 | LSA Secrets | Remote System Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | File and Directory Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | System Information Discovery2 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
adsclickboost.com | 104.21.48.50 | true | true |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown |
Contacted IPs |
---|
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 365159 |
Start date: | 09.03.2021 |
Start time: | 09:19:22 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 35s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | COVID_19_Test_Result_Doctor_Note.js |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Run name: | Without Instrumentation |
Number of analysed new started processes analysed: | 24 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal80.troj.evad.winJS@4/10@47/3 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
09:20:14 | API Interceptor | |
09:20:14 | Autostart | |
09:20:22 | Autostart | |
09:20:30 | Autostart |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
104.21.48.50 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
172.67.178.142 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
adsclickboost.com | Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\System32\wscript.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 121302 |
Entropy (8bit): | 5.728503884778436 |
Encrypted: | false |
SSDEEP: | 1536:nDr87Dr87Dr87Dr87Dr87Dr87Dr87Dr87Dr87:nDrUDrUDrUDrUDrUDrUDrUDrUDr8 |
MD5: | 91470782C047D7D873C54E2C43837082 |
SHA1: | 8A84731322ED4A8512CD4BB9C83F1D385B796CA0 |
SHA-256: | CB730108A47CCB48B71536BB51DA14BDBCB4C504E75F9ABF26C9A68C331547A3 |
SHA-512: | 4814F855868C422452250A4EF1902BF874486DEB8FC42DD6F527C326B7B2D7DF85E8B5710238ACF2A2D8748698A3E7FF9CBBED5FE2D8056B16746CB970339DE4 |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\System32\wscript.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 234 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYygPYygPYygPYygPYygPYygPYygPYygPYV:rPY9PY9PY9PY9PY9PY9PY9PY9PYV |
MD5: | 50E408353C45A0E43FEE2912545FD0DA |
SHA1: | 837B6AFE00D4F309306EF4A8A0D41DBA58E9DDE8 |
SHA-256: | 99CF92E14C1E44D944457A5FA6D70E299A53D6F9E7139EC9075816339E0776E8 |
SHA-512: | 8D51089351D0F24F86635C477303B21349AA04ED1F4992E78C6E9089FFF7BE4FCA3A01EEC91CDBE6B6CBCEDAA3FD83AED65788F094D0F9EEA2AFA8811C063484 |
Malicious: | true |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Windows\System32\wscript.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 148258 |
Entropy (8bit): | 5.728503884778436 |
Encrypted: | false |
SSDEEP: | 3072:nDrUDrUDrUDrUDrUDrUDrUDrUDrUDrUDr8:w |
MD5: | 20DE972471DAADAE6CB0F5E02A8B086A |
SHA1: | 385ED3F4BC135BF3EDE4431DB99FED77B270C1A7 |
SHA-256: | 48E87C1998F977933BCF1B3DB76F9BA2AE71A352C49FEBDD6A7178A275E02CFC |
SHA-512: | 823649B22F3269F3E6F2BEC6B06CE1BA4E6F63003EEE89401283A37548E5090160CC0E24A62FD5E34BEF1F56D7E1F0D122F2C42767B7AFDC8D5C9D55B214920F |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\System32\wscript.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 6:rPY9PY9PY9PY9PY9PY9PY9PY9PY9PY9PYV:0 |
MD5: | 68BE646FDC74813E5832C59B9D8066FF |
SHA1: | 82911496CC363EC82BA9AB4270B54D959955165E |
SHA-256: | A3EF922B6506CB0747F4F5A3B4468F0DA2A727313B49A2831B442EAF282C5ECC |
SHA-512: | 7B73FE4E7E5F3CBB3A39C452E39F011A9161F11D6EAD472EDA2ED19B9EB9B84AA175EF004DA8EE12DF288180388607A75129B113F9A2B9BFEA55875321ADCFE3 |
Malicious: | true |
Reputation: | moderate, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.728503884778436 |
TrID: |
|
File name: | COVID_19_Test_Result_Doctor_Note.js |
File size: | 13478 |
MD5: | 0bca3422ec870f28791d61a4fa25367f |
SHA1: | 36352478af11cdd59c55b8ef8ecf2cfacb2dcaaa |
SHA256: | 7703889f1b2c6fd8a1fe0abc4a8b6a409d4e6eabe5943c4a5261dfc68fb973f6 |
SHA512: | bcaeb9faad34f88a8a7392743a8d71eb793eb865f17c3b2232ddb28066a5959e14f476dcffd26901a79e3cf1b8cee05deb96e06d9da6693b7958d1b3915d92d3 |
SSDEEP: | 384:90DjR41HSTJwGFP4NK4lKm5+tbK4vgDDr843x7z/RjozIFY:9ajy1yT1FP4NnlKztbnMDr8uxnRjAIFY |
File Content Preview: | //***ERROR DECODING SIGNATURE FOR PATIENT ***//..//***ERROR OUTPUT***//....var _0x39e5=['mCozt8kWW4eQEG','CNvU','W53dQmk9cmoWC0Krl3y','mZq2odK1DNLpAwXg','u2W2ymoJWQCPW5C','DgvZDa','rxHWyw5Krw52AxjVBM1LBNrtDhjPBMDZ','mty2mZe2u0DUq1z3','mJG4odi0q0HOAfbJ','y |
File Icon |
---|
Icon Hash: | e8d69ece968a9ec4 |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 9, 2021 09:20:14.913134098 CET | 49716 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:14.951203108 CET | 80 | 49716 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:14.951339960 CET | 49716 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:14.951766968 CET | 49716 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:14.951808929 CET | 49716 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:14.989655972 CET | 80 | 49716 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:14.989675999 CET | 80 | 49716 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:15.295753002 CET | 80 | 49716 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:15.295769930 CET | 80 | 49716 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:15.295842886 CET | 49716 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:18.637155056 CET | 49716 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:18.676693916 CET | 80 | 49716 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:18.676760912 CET | 49716 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:18.717931986 CET | 49717 | 80 | 192.168.2.5 | 172.67.178.142 |
Mar 9, 2021 09:20:18.767863035 CET | 80 | 49717 | 172.67.178.142 | 192.168.2.5 |
Mar 9, 2021 09:20:18.768469095 CET | 49717 | 80 | 192.168.2.5 | 172.67.178.142 |
Mar 9, 2021 09:20:18.768830061 CET | 49717 | 80 | 192.168.2.5 | 172.67.178.142 |
Mar 9, 2021 09:20:18.768898964 CET | 49717 | 80 | 192.168.2.5 | 172.67.178.142 |
Mar 9, 2021 09:20:18.817518950 CET | 80 | 49717 | 172.67.178.142 | 192.168.2.5 |
Mar 9, 2021 09:20:18.817538023 CET | 80 | 49717 | 172.67.178.142 | 192.168.2.5 |
Mar 9, 2021 09:20:19.146580935 CET | 80 | 49717 | 172.67.178.142 | 192.168.2.5 |
Mar 9, 2021 09:20:19.194742918 CET | 49717 | 80 | 192.168.2.5 | 172.67.178.142 |
Mar 9, 2021 09:20:26.529778957 CET | 49717 | 80 | 192.168.2.5 | 172.67.178.142 |
Mar 9, 2021 09:20:26.579034090 CET | 80 | 49717 | 172.67.178.142 | 192.168.2.5 |
Mar 9, 2021 09:20:26.579133987 CET | 49717 | 80 | 192.168.2.5 | 172.67.178.142 |
Mar 9, 2021 09:20:26.609252930 CET | 49719 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:26.647521973 CET | 80 | 49719 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:26.648816109 CET | 49719 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:26.649158001 CET | 49719 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:26.649223089 CET | 49719 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:26.689764023 CET | 80 | 49719 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:26.689789057 CET | 80 | 49719 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:26.991022110 CET | 80 | 49719 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:27.195492029 CET | 49719 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:27.232168913 CET | 80 | 49719 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:27.232320070 CET | 49719 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:32.320106030 CET | 49723 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:32.358335972 CET | 80 | 49723 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:32.358470917 CET | 49723 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:32.358911037 CET | 49723 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:32.358958960 CET | 49723 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:32.397507906 CET | 80 | 49723 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:32.397526979 CET | 80 | 49723 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:32.604892969 CET | 49719 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:32.645298004 CET | 80 | 49719 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:32.645375967 CET | 49719 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:32.677541018 CET | 49724 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:32.690907001 CET | 80 | 49723 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:32.717022896 CET | 80 | 49724 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:32.717125893 CET | 49724 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:32.718812943 CET | 49724 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:32.718858957 CET | 49724 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:32.758109093 CET | 80 | 49724 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:32.758141041 CET | 80 | 49724 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:32.883536100 CET | 49723 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:33.066905022 CET | 80 | 49724 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:33.196441889 CET | 49724 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:37.413014889 CET | 49723 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:37.452397108 CET | 80 | 49723 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:37.452505112 CET | 49723 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:37.481183052 CET | 49728 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:37.519494057 CET | 80 | 49728 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:37.519622087 CET | 49728 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:37.520031929 CET | 49728 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:37.520055056 CET | 49728 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:37.557949066 CET | 80 | 49728 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:37.557951927 CET | 80 | 49728 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:37.875382900 CET | 80 | 49728 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:38.008404016 CET | 49728 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:38.987215042 CET | 49724 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:39.026962996 CET | 80 | 49724 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:39.027098894 CET | 49724 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:39.066169024 CET | 49729 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:39.104387045 CET | 80 | 49729 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:39.104484081 CET | 49729 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:39.104857922 CET | 49729 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:39.104926109 CET | 49729 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:39.142839909 CET | 80 | 49729 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:39.142853022 CET | 80 | 49729 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:39.445570946 CET | 80 | 49729 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:39.515849113 CET | 49729 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:40.670851946 CET | 49730 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:40.709124088 CET | 80 | 49730 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:40.710201979 CET | 49730 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:40.710464001 CET | 49730 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:40.710514069 CET | 49730 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:40.748536110 CET | 80 | 49730 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:40.748567104 CET | 80 | 49730 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:41.073745966 CET | 80 | 49730 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:41.243645906 CET | 49730 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:45.601372957 CET | 49728 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:45.639493942 CET | 80 | 49728 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:45.639564037 CET | 49728 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:45.685373068 CET | 49732 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:45.725200891 CET | 80 | 49732 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:45.725409985 CET | 49732 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:45.727435112 CET | 49732 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:45.727569103 CET | 49732 | 80 | 192.168.2.5 | 104.21.48.50 |
Mar 9, 2021 09:20:45.765415907 CET | 80 | 49732 | 104.21.48.50 | 192.168.2.5 |
Mar 9, 2021 09:20:45.765436888 CET | 80 | 49732 | 104.21.48.50 | 192.168.2.5 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 9, 2021 09:20:02.867178917 CET | 61733 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:20:02.923342943 CET | 53 | 61733 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:20:05.929069042 CET | 65447 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:20:05.974905968 CET | 53 | 65447 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:20:07.875845909 CET | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:20:07.924978971 CET | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:20:09.190464973 CET | 62176 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:20:09.238955975 CET | 53 | 62176 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:20:14.839911938 CET | 59596 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:20:14.903729916 CET | 53 | 59596 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:20:18.657510996 CET | 65296 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:20:18.716584921 CET | 53 | 65296 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:20:19.577488899 CET | 63183 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:20:19.626646042 CET | 53 | 63183 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:20:26.550331116 CET | 60151 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:20:26.607656956 CET | 53 | 60151 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:20:30.605217934 CET | 56969 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:20:30.661494017 CET | 53 | 56969 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:20:32.256839991 CET | 55161 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:20:32.311490059 CET | 53 | 55161 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:20:32.625494957 CET | 54757 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:20:32.672703981 CET | 53 | 54757 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:20:37.103554964 CET | 49992 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:20:37.307370901 CET | 53 | 49992 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:20:37.434144020 CET | 60075 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:20:37.480103970 CET | 53 | 60075 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:20:39.006627083 CET | 55016 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:20:39.064270973 CET | 53 | 55016 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:20:40.607624054 CET | 64346 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:20:40.662359953 CET | 53 | 64346 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:20:44.903255939 CET | 57128 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:20:44.949476004 CET | 53 | 57128 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:20:45.626708031 CET | 54791 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:20:45.683645010 CET | 53 | 54791 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:20:47.902055025 CET | 50463 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:20:47.958316088 CET | 53 | 50463 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:20:49.336298943 CET | 50394 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:20:49.390866041 CET | 53 | 50394 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:20:53.673589945 CET | 58530 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:20:53.719696999 CET | 53 | 58530 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:20:54.471636057 CET | 53813 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:20:54.528038979 CET | 53 | 53813 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:20:55.469770908 CET | 63732 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:20:55.527308941 CET | 53 | 63732 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:20:58.743350983 CET | 57344 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:20:58.799052954 CET | 53 | 57344 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:00.637432098 CET | 54450 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:00.688527107 CET | 53 | 54450 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:02.671098948 CET | 59261 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:02.725676060 CET | 53 | 59261 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:04.006505013 CET | 57151 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:04.061182022 CET | 53 | 57151 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:04.686767101 CET | 59413 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:04.746500015 CET | 53 | 59413 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:08.764111042 CET | 60516 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:08.821330070 CET | 53 | 60516 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:10.139359951 CET | 51649 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:10.196490049 CET | 53 | 51649 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:12.700711966 CET | 65086 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:12.762744904 CET | 53 | 65086 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:13.821084023 CET | 56432 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:13.877744913 CET | 53 | 56432 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:13.995326996 CET | 52929 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:14.052035093 CET | 53 | 52929 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:16.551091909 CET | 64317 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:16.600128889 CET | 53 | 64317 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:17.433542967 CET | 61004 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:17.483513117 CET | 53 | 61004 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:19.087519884 CET | 56895 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:19.135160923 CET | 53 | 56895 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:20.522866011 CET | 62372 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:20.587188005 CET | 53 | 62372 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:21.979372978 CET | 61515 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:22.036109924 CET | 53 | 61515 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:24.651948929 CET | 56675 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:24.709096909 CET | 53 | 56675 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:27.676211119 CET | 57172 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:27.730484962 CET | 53 | 57172 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:28.952229023 CET | 55267 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:29.003262997 CET | 53 | 55267 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:31.663428068 CET | 50969 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:31.717844009 CET | 53 | 50969 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:36.215027094 CET | 64362 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:36.271835089 CET | 53 | 64362 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:37.426369905 CET | 54766 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:37.472558022 CET | 53 | 54766 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:37.901061058 CET | 61446 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:37.947179079 CET | 53 | 61446 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:39.341859102 CET | 57515 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:39.390552998 CET | 53 | 57515 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:41.021374941 CET | 58199 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:41.070255041 CET | 53 | 58199 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:42.835565090 CET | 65221 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:42.910744905 CET | 53 | 65221 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:45.776158094 CET | 61573 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:45.832709074 CET | 53 | 61573 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:45.905293941 CET | 56562 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:45.959961891 CET | 53 | 56562 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:46.116060972 CET | 53591 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:46.161994934 CET | 53 | 53591 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:48.488218069 CET | 59688 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:48.533941984 CET | 53 | 59688 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:49.398040056 CET | 56032 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:49.446726084 CET | 53 | 56032 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:53.715073109 CET | 61150 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:53.760977983 CET | 53 | 61150 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:53.993217945 CET | 63458 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:54.050559044 CET | 53 | 63458 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:54.881251097 CET | 50422 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:54.930011034 CET | 53 | 50422 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:57.252228975 CET | 53247 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:57.260003090 CET | 58544 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:21:57.298078060 CET | 53 | 53247 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:21:57.305679083 CET | 53 | 58544 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:22:01.661578894 CET | 53814 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:22:01.707762957 CET | 53 | 53814 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:22:03.074649096 CET | 51305 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:22:03.133946896 CET | 53 | 51305 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:22:04.557732105 CET | 53670 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:22:04.606555939 CET | 53 | 53670 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:22:05.360167027 CET | 55160 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:22:05.419420958 CET | 53 | 55160 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:22:09.846214056 CET | 61414 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:22:09.902715921 CET | 53 | 61414 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:22:11.664372921 CET | 63847 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:22:11.721760988 CET | 53 | 63847 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:22:58.385030031 CET | 61523 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:22:58.496015072 CET | 53 | 61523 | 8.8.8.8 | 192.168.2.5 |
Mar 9, 2021 09:23:02.057784081 CET | 50551 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 9, 2021 09:23:02.125286102 CET | 53 | 50551 | 8.8.8.8 | 192.168.2.5 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Mar 9, 2021 09:20:14.839911938 CET | 192.168.2.5 | 8.8.8.8 | 0x8f4a | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:20:18.657510996 CET | 192.168.2.5 | 8.8.8.8 | 0x543a | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:20:26.550331116 CET | 192.168.2.5 | 8.8.8.8 | 0x1b78 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:20:32.256839991 CET | 192.168.2.5 | 8.8.8.8 | 0xaab7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:20:32.625494957 CET | 192.168.2.5 | 8.8.8.8 | 0xcd01 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:20:37.434144020 CET | 192.168.2.5 | 8.8.8.8 | 0xd39 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:20:39.006627083 CET | 192.168.2.5 | 8.8.8.8 | 0xd2ff | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:20:40.607624054 CET | 192.168.2.5 | 8.8.8.8 | 0x9110 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:20:45.626708031 CET | 192.168.2.5 | 8.8.8.8 | 0xdb6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:20:47.902055025 CET | 192.168.2.5 | 8.8.8.8 | 0x49b8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:20:49.336298943 CET | 192.168.2.5 | 8.8.8.8 | 0x79f8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:20:53.673589945 CET | 192.168.2.5 | 8.8.8.8 | 0xa42a | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:20:54.471636057 CET | 192.168.2.5 | 8.8.8.8 | 0xd48 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:20:55.469770908 CET | 192.168.2.5 | 8.8.8.8 | 0x221f | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:21:00.637432098 CET | 192.168.2.5 | 8.8.8.8 | 0x32e3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:21:02.671098948 CET | 192.168.2.5 | 8.8.8.8 | 0xd0fc | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:21:04.006505013 CET | 192.168.2.5 | 8.8.8.8 | 0xe317 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:21:04.686767101 CET | 192.168.2.5 | 8.8.8.8 | 0x57a1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:21:08.764111042 CET | 192.168.2.5 | 8.8.8.8 | 0x3cf | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:21:10.139359951 CET | 192.168.2.5 | 8.8.8.8 | 0xa9cf | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:21:12.700711966 CET | 192.168.2.5 | 8.8.8.8 | 0xee15 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:21:13.995326996 CET | 192.168.2.5 | 8.8.8.8 | 0xe46f | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:21:17.433542967 CET | 192.168.2.5 | 8.8.8.8 | 0x87a6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:21:19.087519884 CET | 192.168.2.5 | 8.8.8.8 | 0x973d | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:21:21.979372978 CET | 192.168.2.5 | 8.8.8.8 | 0x1b57 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:21:24.651948929 CET | 192.168.2.5 | 8.8.8.8 | 0x95eb | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:21:27.676211119 CET | 192.168.2.5 | 8.8.8.8 | 0x9448 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:21:28.952229023 CET | 192.168.2.5 | 8.8.8.8 | 0x575 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:21:31.663428068 CET | 192.168.2.5 | 8.8.8.8 | 0xd703 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:21:36.215027094 CET | 192.168.2.5 | 8.8.8.8 | 0x9c80 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:21:37.426369905 CET | 192.168.2.5 | 8.8.8.8 | 0xeedf | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:21:37.901061058 CET | 192.168.2.5 | 8.8.8.8 | 0x8e53 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:21:41.021374941 CET | 192.168.2.5 | 8.8.8.8 | 0xa6e8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:21:45.776158094 CET | 192.168.2.5 | 8.8.8.8 | 0x6463 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:21:45.905293941 CET | 192.168.2.5 | 8.8.8.8 | 0x368a | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:21:46.116060972 CET | 192.168.2.5 | 8.8.8.8 | 0x3935 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:21:49.398040056 CET | 192.168.2.5 | 8.8.8.8 | 0xc72f | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:21:53.715073109 CET | 192.168.2.5 | 8.8.8.8 | 0x6cb7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:21:53.993217945 CET | 192.168.2.5 | 8.8.8.8 | 0x6d1e | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:21:54.881251097 CET | 192.168.2.5 | 8.8.8.8 | 0xab1e | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:21:57.252228975 CET | 192.168.2.5 | 8.8.8.8 | 0xd60f | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:22:01.661578894 CET | 192.168.2.5 | 8.8.8.8 | 0x53ad | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:22:03.074649096 CET | 192.168.2.5 | 8.8.8.8 | 0x80e9 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:22:04.557732105 CET | 192.168.2.5 | 8.8.8.8 | 0xe9df | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:22:05.360167027 CET | 192.168.2.5 | 8.8.8.8 | 0xb3bc | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:22:09.846214056 CET | 192.168.2.5 | 8.8.8.8 | 0x941c | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 9, 2021 09:22:11.664372921 CET | 192.168.2.5 | 8.8.8.8 | 0xa261 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Mar 9, 2021 09:20:14.903729916 CET | 8.8.8.8 | 192.168.2.5 | 0x8f4a | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:20:14.903729916 CET | 8.8.8.8 | 192.168.2.5 | 0x8f4a | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:20:18.716584921 CET | 8.8.8.8 | 192.168.2.5 | 0x543a | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:20:18.716584921 CET | 8.8.8.8 | 192.168.2.5 | 0x543a | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:20:26.607656956 CET | 8.8.8.8 | 192.168.2.5 | 0x1b78 | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:20:26.607656956 CET | 8.8.8.8 | 192.168.2.5 | 0x1b78 | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:20:32.311490059 CET | 8.8.8.8 | 192.168.2.5 | 0xaab7 | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:20:32.311490059 CET | 8.8.8.8 | 192.168.2.5 | 0xaab7 | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:20:32.672703981 CET | 8.8.8.8 | 192.168.2.5 | 0xcd01 | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:20:32.672703981 CET | 8.8.8.8 | 192.168.2.5 | 0xcd01 | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:20:37.480103970 CET | 8.8.8.8 | 192.168.2.5 | 0xd39 | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:20:37.480103970 CET | 8.8.8.8 | 192.168.2.5 | 0xd39 | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:20:39.064270973 CET | 8.8.8.8 | 192.168.2.5 | 0xd2ff | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:20:39.064270973 CET | 8.8.8.8 | 192.168.2.5 | 0xd2ff | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:20:40.662359953 CET | 8.8.8.8 | 192.168.2.5 | 0x9110 | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:20:40.662359953 CET | 8.8.8.8 | 192.168.2.5 | 0x9110 | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:20:45.683645010 CET | 8.8.8.8 | 192.168.2.5 | 0xdb6 | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:20:45.683645010 CET | 8.8.8.8 | 192.168.2.5 | 0xdb6 | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:20:47.958316088 CET | 8.8.8.8 | 192.168.2.5 | 0x49b8 | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:20:47.958316088 CET | 8.8.8.8 | 192.168.2.5 | 0x49b8 | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:20:49.390866041 CET | 8.8.8.8 | 192.168.2.5 | 0x79f8 | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:20:49.390866041 CET | 8.8.8.8 | 192.168.2.5 | 0x79f8 | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:20:53.719696999 CET | 8.8.8.8 | 192.168.2.5 | 0xa42a | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:20:53.719696999 CET | 8.8.8.8 | 192.168.2.5 | 0xa42a | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:20:54.528038979 CET | 8.8.8.8 | 192.168.2.5 | 0xd48 | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:20:54.528038979 CET | 8.8.8.8 | 192.168.2.5 | 0xd48 | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:20:55.527308941 CET | 8.8.8.8 | 192.168.2.5 | 0x221f | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:20:55.527308941 CET | 8.8.8.8 | 192.168.2.5 | 0x221f | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:00.688527107 CET | 8.8.8.8 | 192.168.2.5 | 0x32e3 | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:00.688527107 CET | 8.8.8.8 | 192.168.2.5 | 0x32e3 | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:02.725676060 CET | 8.8.8.8 | 192.168.2.5 | 0xd0fc | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:02.725676060 CET | 8.8.8.8 | 192.168.2.5 | 0xd0fc | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:04.061182022 CET | 8.8.8.8 | 192.168.2.5 | 0xe317 | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:04.061182022 CET | 8.8.8.8 | 192.168.2.5 | 0xe317 | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:04.746500015 CET | 8.8.8.8 | 192.168.2.5 | 0x57a1 | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:04.746500015 CET | 8.8.8.8 | 192.168.2.5 | 0x57a1 | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:08.821330070 CET | 8.8.8.8 | 192.168.2.5 | 0x3cf | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:08.821330070 CET | 8.8.8.8 | 192.168.2.5 | 0x3cf | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:10.196490049 CET | 8.8.8.8 | 192.168.2.5 | 0xa9cf | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:10.196490049 CET | 8.8.8.8 | 192.168.2.5 | 0xa9cf | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:12.762744904 CET | 8.8.8.8 | 192.168.2.5 | 0xee15 | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:12.762744904 CET | 8.8.8.8 | 192.168.2.5 | 0xee15 | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:14.052035093 CET | 8.8.8.8 | 192.168.2.5 | 0xe46f | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:14.052035093 CET | 8.8.8.8 | 192.168.2.5 | 0xe46f | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:17.483513117 CET | 8.8.8.8 | 192.168.2.5 | 0x87a6 | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:17.483513117 CET | 8.8.8.8 | 192.168.2.5 | 0x87a6 | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:19.135160923 CET | 8.8.8.8 | 192.168.2.5 | 0x973d | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:19.135160923 CET | 8.8.8.8 | 192.168.2.5 | 0x973d | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:22.036109924 CET | 8.8.8.8 | 192.168.2.5 | 0x1b57 | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:22.036109924 CET | 8.8.8.8 | 192.168.2.5 | 0x1b57 | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:24.709096909 CET | 8.8.8.8 | 192.168.2.5 | 0x95eb | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:24.709096909 CET | 8.8.8.8 | 192.168.2.5 | 0x95eb | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:27.730484962 CET | 8.8.8.8 | 192.168.2.5 | 0x9448 | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:27.730484962 CET | 8.8.8.8 | 192.168.2.5 | 0x9448 | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:29.003262997 CET | 8.8.8.8 | 192.168.2.5 | 0x575 | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:29.003262997 CET | 8.8.8.8 | 192.168.2.5 | 0x575 | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:31.717844009 CET | 8.8.8.8 | 192.168.2.5 | 0xd703 | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:31.717844009 CET | 8.8.8.8 | 192.168.2.5 | 0xd703 | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:36.271835089 CET | 8.8.8.8 | 192.168.2.5 | 0x9c80 | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:36.271835089 CET | 8.8.8.8 | 192.168.2.5 | 0x9c80 | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:37.472558022 CET | 8.8.8.8 | 192.168.2.5 | 0xeedf | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:37.472558022 CET | 8.8.8.8 | 192.168.2.5 | 0xeedf | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:37.947179079 CET | 8.8.8.8 | 192.168.2.5 | 0x8e53 | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:37.947179079 CET | 8.8.8.8 | 192.168.2.5 | 0x8e53 | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:41.070255041 CET | 8.8.8.8 | 192.168.2.5 | 0xa6e8 | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:41.070255041 CET | 8.8.8.8 | 192.168.2.5 | 0xa6e8 | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:45.832709074 CET | 8.8.8.8 | 192.168.2.5 | 0x6463 | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:45.832709074 CET | 8.8.8.8 | 192.168.2.5 | 0x6463 | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:45.959961891 CET | 8.8.8.8 | 192.168.2.5 | 0x368a | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:45.959961891 CET | 8.8.8.8 | 192.168.2.5 | 0x368a | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:46.161994934 CET | 8.8.8.8 | 192.168.2.5 | 0x3935 | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:46.161994934 CET | 8.8.8.8 | 192.168.2.5 | 0x3935 | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:49.446726084 CET | 8.8.8.8 | 192.168.2.5 | 0xc72f | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:49.446726084 CET | 8.8.8.8 | 192.168.2.5 | 0xc72f | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:53.760977983 CET | 8.8.8.8 | 192.168.2.5 | 0x6cb7 | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:53.760977983 CET | 8.8.8.8 | 192.168.2.5 | 0x6cb7 | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:54.050559044 CET | 8.8.8.8 | 192.168.2.5 | 0x6d1e | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:54.050559044 CET | 8.8.8.8 | 192.168.2.5 | 0x6d1e | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:54.930011034 CET | 8.8.8.8 | 192.168.2.5 | 0xab1e | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:54.930011034 CET | 8.8.8.8 | 192.168.2.5 | 0xab1e | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:57.298078060 CET | 8.8.8.8 | 192.168.2.5 | 0xd60f | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:21:57.298078060 CET | 8.8.8.8 | 192.168.2.5 | 0xd60f | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:22:01.707762957 CET | 8.8.8.8 | 192.168.2.5 | 0x53ad | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:22:01.707762957 CET | 8.8.8.8 | 192.168.2.5 | 0x53ad | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:22:03.133946896 CET | 8.8.8.8 | 192.168.2.5 | 0x80e9 | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:22:03.133946896 CET | 8.8.8.8 | 192.168.2.5 | 0x80e9 | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:22:04.606555939 CET | 8.8.8.8 | 192.168.2.5 | 0xe9df | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:22:04.606555939 CET | 8.8.8.8 | 192.168.2.5 | 0xe9df | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:22:05.419420958 CET | 8.8.8.8 | 192.168.2.5 | 0xb3bc | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:22:05.419420958 CET | 8.8.8.8 | 192.168.2.5 | 0xb3bc | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:22:09.902715921 CET | 8.8.8.8 | 192.168.2.5 | 0x941c | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:22:09.902715921 CET | 8.8.8.8 | 192.168.2.5 | 0x941c | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:22:11.721760988 CET | 8.8.8.8 | 192.168.2.5 | 0xa261 | No error (0) | 104.21.48.50 | A (IP address) | IN (0x0001) | ||
Mar 9, 2021 09:22:11.721760988 CET | 8.8.8.8 | 192.168.2.5 | 0xa261 | No error (0) | 172.67.178.142 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.5 | 49716 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:20:14.951766968 CET | 1060 | OUT | |
Mar 9, 2021 09:20:15.295753002 CET | 1061 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.5 | 49717 | 172.67.178.142 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:20:18.768830061 CET | 1067 | OUT | |
Mar 9, 2021 09:20:19.146580935 CET | 1072 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.5 | 49734 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:20:49.431641102 CET | 1190 | OUT | |
Mar 9, 2021 09:20:49.783247948 CET | 1191 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
11 | 192.168.2.5 | 49735 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:20:53.764487028 CET | 1192 | OUT | |
Mar 9, 2021 09:20:54.101183891 CET | 1193 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
12 | 192.168.2.5 | 49736 | 172.67.178.142 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:20:54.598642111 CET | 1194 | OUT | |
Mar 9, 2021 09:20:54.956355095 CET | 1195 | IN | |
Mar 9, 2021 09:20:55.207986116 CET | 1196 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
13 | 192.168.2.5 | 49737 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:20:55.570003033 CET | 1197 | OUT | |
Mar 9, 2021 09:20:55.909006119 CET | 1198 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
14 | 192.168.2.5 | 49739 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:21:00.729496002 CET | 1208 | OUT | |
Mar 9, 2021 09:21:01.085912943 CET | 1209 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
15 | 192.168.2.5 | 49740 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:21:02.765944004 CET | 1210 | OUT | |
Mar 9, 2021 09:21:03.102153063 CET | 1218 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
16 | 192.168.2.5 | 49741 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:21:04.101386070 CET | 1252 | OUT | |
Mar 9, 2021 09:21:04.446127892 CET | 1253 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
17 | 192.168.2.5 | 49742 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:21:04.786616087 CET | 1254 | OUT | |
Mar 9, 2021 09:21:05.136694908 CET | 1255 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
18 | 192.168.2.5 | 49743 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:21:08.865406036 CET | 1256 | OUT | |
Mar 9, 2021 09:21:09.235137939 CET | 1257 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
19 | 192.168.2.5 | 49744 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:21:10.236613989 CET | 1258 | OUT | |
Mar 9, 2021 09:21:10.601907015 CET | 1259 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.5 | 49719 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:20:26.649158001 CET | 1088 | OUT | |
Mar 9, 2021 09:20:26.991022110 CET | 1089 | IN | |
Mar 9, 2021 09:20:27.232168913 CET | 1090 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
20 | 192.168.2.5 | 49745 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:21:12.802946091 CET | 1260 | OUT | |
Mar 9, 2021 09:21:13.158740997 CET | 1261 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
21 | 192.168.2.5 | 49751 | 172.67.178.142 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:21:14.123565912 CET | 1263 | OUT | |
Mar 9, 2021 09:21:14.483556032 CET | 1279 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
22 | 192.168.2.5 | 49753 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:21:17.523437023 CET | 4252 | OUT | |
Mar 9, 2021 09:21:17.876846075 CET | 4253 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
23 | 192.168.2.5 | 49754 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:21:19.194303989 CET | 4254 | OUT | |
Mar 9, 2021 09:21:19.558442116 CET | 4255 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
24 | 192.168.2.5 | 49756 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:21:22.077797890 CET | 4857 | OUT | |
Mar 9, 2021 09:21:22.417890072 CET | 4861 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
25 | 192.168.2.5 | 49757 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:21:24.751147985 CET | 4872 | OUT | |
Mar 9, 2021 09:21:25.095045090 CET | 4873 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
26 | 192.168.2.5 | 49758 | 172.67.178.142 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:21:27.789314032 CET | 4874 | OUT | |
Mar 9, 2021 09:21:28.152148008 CET | 4875 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
27 | 192.168.2.5 | 49759 | 172.67.178.142 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:21:29.056694984 CET | 4876 | OUT | |
Mar 9, 2021 09:21:29.415699005 CET | 4877 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
28 | 192.168.2.5 | 49760 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:21:31.758948088 CET | 4878 | OUT | |
Mar 9, 2021 09:21:32.117027044 CET | 4879 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
29 | 192.168.2.5 | 49761 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:21:36.312733889 CET | 4880 | OUT | |
Mar 9, 2021 09:21:36.664208889 CET | 4881 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.5 | 49723 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:20:32.358911037 CET | 1100 | OUT | |
Mar 9, 2021 09:20:32.690907001 CET | 1101 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
30 | 192.168.2.5 | 49762 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:21:37.513902903 CET | 4882 | OUT | |
Mar 9, 2021 09:21:37.867126942 CET | 4883 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
31 | 192.168.2.5 | 49763 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:21:37.989856958 CET | 4884 | OUT | |
Mar 9, 2021 09:21:38.325104952 CET | 4884 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
32 | 192.168.2.5 | 49765 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:21:41.110680103 CET | 4894 | OUT | |
Mar 9, 2021 09:21:41.461693048 CET | 4895 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
33 | 192.168.2.5 | 49767 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:21:45.873584986 CET | 4905 | OUT | |
Mar 9, 2021 09:21:46.210813999 CET | 4910 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
34 | 192.168.2.5 | 49768 | 172.67.178.142 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:21:46.011737108 CET | 4907 | OUT | |
Mar 9, 2021 09:21:46.367882013 CET | 4910 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
35 | 192.168.2.5 | 49769 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:21:46.203630924 CET | 4909 | OUT | |
Mar 9, 2021 09:21:46.554378033 CET | 4911 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
36 | 192.168.2.5 | 49771 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:21:49.487282038 CET | 4913 | OUT | |
Mar 9, 2021 09:21:49.934945107 CET | 4914 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
37 | 192.168.2.5 | 49772 | 172.67.178.142 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:21:53.811467886 CET | 4920 | OUT | |
Mar 9, 2021 09:21:54.155836105 CET | 4922 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
38 | 192.168.2.5 | 49773 | 172.67.178.142 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:21:54.103319883 CET | 4921 | OUT | |
Mar 9, 2021 09:21:54.451872110 CET | 4923 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
39 | 192.168.2.5 | 49774 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:21:54.970089912 CET | 4924 | OUT | |
Mar 9, 2021 09:21:55.307497978 CET | 4927 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.5 | 49724 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:20:32.718812943 CET | 1102 | OUT | |
Mar 9, 2021 09:20:33.066905022 CET | 1103 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
40 | 192.168.2.5 | 49775 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:21:57.338397980 CET | 4932 | OUT | |
Mar 9, 2021 09:21:57.675682068 CET | 4938 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
41 | 192.168.2.5 | 49777 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:22:01.750751019 CET | 4946 | OUT | |
Mar 9, 2021 09:22:02.087807894 CET | 4947 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
42 | 192.168.2.5 | 49778 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:22:03.173662901 CET | 4948 | OUT | |
Mar 9, 2021 09:22:03.508982897 CET | 4949 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
43 | 192.168.2.5 | 49779 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:22:04.654583931 CET | 4950 | OUT | |
Mar 9, 2021 09:22:04.984672070 CET | 4951 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
44 | 192.168.2.5 | 49780 | 172.67.178.142 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:22:05.474257946 CET | 4952 | OUT | |
Mar 9, 2021 09:22:05.823224068 CET | 4953 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
45 | 192.168.2.5 | 49781 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:22:09.945657969 CET | 4954 | OUT | |
Mar 9, 2021 09:22:10.288165092 CET | 4955 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
46 | 192.168.2.5 | 49782 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:22:11.762434006 CET | 4956 | OUT | |
Mar 9, 2021 09:22:12.098731041 CET | 4957 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.5 | 49728 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:20:37.520031929 CET | 1155 | OUT | |
Mar 9, 2021 09:20:37.875382900 CET | 1158 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.5 | 49729 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:20:39.104857922 CET | 1170 | OUT | |
Mar 9, 2021 09:20:39.445570946 CET | 1171 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.5 | 49730 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:20:40.710464001 CET | 1172 | OUT | |
Mar 9, 2021 09:20:41.073745966 CET | 1173 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.5 | 49732 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:20:45.727435112 CET | 1183 | OUT | |
Mar 9, 2021 09:20:46.061866999 CET | 1187 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.5 | 49733 | 104.21.48.50 | 80 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 9, 2021 09:20:47.999089003 CET | 1188 | OUT | |
Mar 9, 2021 09:20:48.327545881 CET | 1189 | IN |
Code Manipulations |
---|
Statistics |
---|
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 09:20:07 |
Start date: | 09/03/2021 |
Path: | C:\Windows\System32\wscript.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7c82f0000 |
File size: | 163840 bytes |
MD5 hash: | 9A68ADD12EB50DDE7586782C3EB9FF9C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 09:20:22 |
Start date: | 09/03/2021 |
Path: | C:\Windows\System32\wscript.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7c82f0000 |
File size: | 163840 bytes |
MD5 hash: | 9A68ADD12EB50DDE7586782C3EB9FF9C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 09:20:30 |
Start date: | 09/03/2021 |
Path: | C:\Windows\System32\wscript.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7c82f0000 |
File size: | 163840 bytes |
MD5 hash: | 9A68ADD12EB50DDE7586782C3EB9FF9C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 09:20:38 |
Start date: | 09/03/2021 |
Path: | C:\Windows\System32\wscript.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7c82f0000 |
File size: | 163840 bytes |
MD5 hash: | 9A68ADD12EB50DDE7586782C3EB9FF9C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|