Windows
Analysis Report
graphic.vbs
Overview
General Information
Detection
Score: | 76 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- wscript.exe (PID: 6264 cmdline:
C:\Windows \System32\ wscript.ex e "C:\User s\user\Des ktop\graph ic.vbs" MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
- LogicoolTouchPad.exe (PID: 6400 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\A09278- 2768-DE074 3-A6FB6408 3C2\Logico olTouchPad .exe MD5: 216BBB6CE29EF16A61B9D5BA4D227300) - WerFault.exe (PID: 6624 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 400 -s 800 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
- LogicoolTouchPad.exe (PID: 6588 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\A09278- 2768-DE074 3-A6FB6408 3C2\Logico olTouchPad .exe MD5: 216BBB6CE29EF16A61B9D5BA4D227300) - WerFault.exe (PID: 6540 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 588 -s 772 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Crypt | Yara detected CryptOne packer | Joe Security | ||
JoeSecurity_Crypt | Yara detected CryptOne packer | Joe Security | ||
JoeSecurity_Crypt | Yara detected CryptOne packer | Joe Security | ||
JoeSecurity_Crypt | Yara detected CryptOne packer | Joe Security | ||
JoeSecurity_Crypt | Yara detected CryptOne packer | Joe Security | ||
Click to see the 1 entries |
Click to jump to signature section
AV Detection |
---|
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | HTTPS traffic detected: |
Networking |
---|
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Binary or memory string: |
Source: | Initial sample: |
Source: | Process created: |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Code function: | 1_2_004A6088 | |
Source: | Code function: | 1_2_0047C920 | |
Source: | Code function: | 1_2_0047EB70 | |
Source: | Code function: | 27_2_004A6088 | |
Source: | Code function: | 27_2_0047C920 | |
Source: | Code function: | 27_2_0047EB70 | |
Source: | Code function: | 27_2_0044D148 |
Source: | Key opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Code function: | 1_2_0041E2A4 |
Source: | Process created: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Window detected: |
Data Obfuscation |
---|
Source: | Anti Malware Scan Interface: |
Source: | Code function: | 1_2_0040207C | |
Source: | Code function: | 1_2_00403B83 | |
Source: | Code function: | 1_2_00406ECD | |
Source: | Code function: | 1_2_004046C8 | |
Source: | Code function: | 1_2_0043FB91 | |
Source: | Code function: | 1_2_004B8080 | |
Source: | Code function: | 1_2_0040E1DC | |
Source: | Code function: | 1_2_004B8048 | |
Source: | Code function: | 1_2_0042C05C | |
Source: | Code function: | 1_2_004C6141 | |
Source: | Code function: | 1_2_004B80B8 | |
Source: | Code function: | 1_2_004B417C | |
Source: | Code function: | 1_2_004B23EE | |
Source: | Code function: | 1_2_004661BA | |
Source: | Code function: | 1_2_0040E24F | |
Source: | Code function: | 1_2_0040E24F | |
Source: | Code function: | 1_2_0045620C | |
Source: | Code function: | 1_2_0042A270 | |
Source: | Code function: | 1_2_004B4258 | |
Source: | Code function: | 1_2_004642EF | |
Source: | Code function: | 1_2_004622CC | |
Source: | Code function: | 1_2_0042A364 | |
Source: | Code function: | 1_2_00464330 | |
Source: | Code function: | 1_2_004663CC | |
Source: | Code function: | 1_2_004D04A0 | |
Source: | Code function: | 1_2_00442500 | |
Source: | Code function: | 1_2_004D051C | |
Source: | Code function: | 1_2_004D04EB | |
Source: | Code function: | 1_2_0041A515 | |
Source: | Code function: | 1_2_004B454C | |
Source: | Code function: | 1_2_004D0554 |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Memory protected: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior |
Source: | File created: | Jump to dropped file |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 121 Scripting | 1 DLL Side-Loading | 11 Process Injection | 1 Virtualization/Sandbox Evasion | 1 Input Capture | 1 Security Software Discovery | Remote Services | 1 Input Capture | Exfiltration Over Other Network Medium | 11 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | 1 Exploitation for Client Execution | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | Exfiltration Over Bluetooth | 1 Ingress Tool Transfer | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 11 Process Injection | Security Account Manager | 1 Remote System Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 2 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Deobfuscate/Decode Files or Information | NTDS | 2 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 3 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 121 Scripting | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 3 Obfuscated Files or Information | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 Software Packing | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Kazy.4159236 | Download File | ||
100% | Avira | TR/Kazy.4159236 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1232832 | Download File | ||
100% | Avira | TR/Kazy.4159236 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Kazy.4159236 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Kazy.4159236 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Kazy.4159236 | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
idontgetitpodcast.com | 104.244.73.88 | true | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.244.73.88 | idontgetitpodcast.com | United States | 53667 | PONYNETUS | true |
Joe Sandbox Version: | 35.0.0 Citrine |
Analysis ID: | 651434 |
Start date and time: 23/06/202223:13:10 | 2022-06-23 23:13:10 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 12m 3s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | graphic.vbs |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 32 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal76.troj.evad.winVBS@5/7@1/1 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WerFault.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
- Excluded domains from analysis (whitelisted): www.bing.com, ris.api.iris.microsoft.com, fs.microsoft.com, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
- Not all processes where analyzed, report is missing behavior information
- Report creation exceeded maximum time and may have missing disassembly code information.
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
23:14:51 | Task Scheduler | |
23:14:51 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
PONYNETUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ce5f3254611a8c095a3d821d44539877 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_LogicoolTouchPad_947d9cf2526790edff1959af95e3e22df417fa27_e28e5cbf_19bbec0b\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9549491394338331 |
Encrypted: | false |
SSDEEP: | 96:eHQeS/wXNSKf7pXIQcQ/c62HcEicw3qhI+HbHg/8BRTf3jFa9iVfNsOIMbJOyghx:kQeNHhCHoMjNkIBE/u7sbS274Ite |
MD5: | 6630D6E1E611ED1B98C48218ABE17B17 |
SHA1: | CB702197EE7976D727A750B06063B51902AA991D |
SHA-256: | 47D6E90F6255E3087DC09F7CEDBAE9BE5CF1CC75299562BF2CDF2773F51EACF8 |
SHA-512: | F312485DD94170D62D05A9E39F0358C64D1DE2208A4A34D35C823D912C321C6F273C1B9C668C0C95C1BE9F5037A828E92843E15BECA743733884452916E3BC5E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_LogicoolTouchPad_947d9cf2526790edff1959af95e3e22df417fa27_e28e5cbf_19d14f63\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.948749505497814 |
Encrypted: | false |
SSDEEP: | 192:C6lKm7hHhCHoMjEhjPn/u7sxS274Itez:bKKxhcoMjW/u7sxX4Ite |
MD5: | 0793D548E88868CB789B538223F82024 |
SHA1: | ABE17AA85985C0336F63029C3235B34FA7FFB1FA |
SHA-256: | 225CAEA450CC6934345D14DE0DF907B22EB41B0009D52E619185958ABFE89FDD |
SHA-512: | 8DCB7DBE253239403559E380F8DEEF4F55C1D2C332387D3CA99759372A8FEB9617035155B07D1046DCED86BEDE3AC96E20D3CB87B7B7420F0604D3F71D1F1868 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1103732 |
Entropy (8bit): | 1.3892764169544443 |
Encrypted: | false |
SSDEEP: | 1536:7V38bfUWzYJIuQkVRaqWVU84QhzetNIWzfOsLThcY6uMNyHEC3C:2bfUMYJIuFWHhatNIYfOsLTXEC3C |
MD5: | 2B7289CF793E7046CD712F5953B9DA46 |
SHA1: | E3263226D3B4095D43C27DE3688D8A1F1909CBA7 |
SHA-256: | FD4169270B815A8C5322DE50BC3ABCFBE8A596D6DBF25C6CAB32DDF9D5013E4F |
SHA-512: | E6AF6ECD04F49A7D7EE9268F703B152311BA5A3C8256CAD933AE503708AECAD78F19835846D471FD6E57A906428DF2CD66AEC2C1044C6F059EDF8955B1E57605 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8332 |
Entropy (8bit): | 3.6981217994993423 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNi4o6IlH6Yg1SU4XgmfGS/J3+pDf89bPtsfiFm:RrlsNiv6IlH6YCSUygmfGSlPmfJ |
MD5: | 83E8FBA9AF86FFCDB2A2C7D1438C23A5 |
SHA1: | BF639DCF204DD644C6C32C85BC368E145BE043F0 |
SHA-256: | 30F3003348BE58EC5337B9E3402559F0CC8CAE4A6C712B689670E1161416FC34 |
SHA-512: | 7E4AFC9BFB44E80ED7FDADF1E98E3176C0B99A9A65A0AF4A5D36B37EEA2ADBB8AC80F40B3559D437BC3CC222BA59B23FE9F7F84692600349983BB0FF3BAF35FD |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1104148 |
Entropy (8bit): | 1.3841253492744015 |
Encrypted: | false |
SSDEEP: | 1536:5p1V38LfTHzQuNq4kiSeqWl0w4FpzmtNIO7fesLDhcY6gUyKl1Du:sLfTTQuNqaPmpitNIYfesLD6XDu |
MD5: | ECDAEB26A19198632D0B6A853B666B2F |
SHA1: | 20F89F8ED5D388F6552CD67ADDB3FAADE964849B |
SHA-256: | D26C2D9E7390CA965B665B6AEFBF945325D7D80AE4D86EF11046F0F676C1A14B |
SHA-512: | C5BDF9B27EA4E4CAAE842BBED593EB18F45F5583F0296B53D6676E8B3A76859532FD7422D5E1CCC306C22CA2B9C00B10283F20016482E36E18033F36661E0214 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8332 |
Entropy (8bit): | 3.696966644180345 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNihO6IlrxE6YgzSU8kgmfGS/J3+pD289bRlsf0i7m:RrlsNiY6IlrS6YUSU9gmfGSqR+f6 |
MD5: | 8276E7B5F552BAF0D659C848EC037668 |
SHA1: | E76CEAC8DF29038E2AB43543A6522F8DE2993730 |
SHA-256: | 82EC93B347922F764F78C737D01D761C6D6C6899FE125153D3A6329DE8027D0A |
SHA-512: | BFD70A209416E3A425D9595B29370F767834B170FFB8262F95EA1B68EA6300611C471646086B561D5B2A64009D6499B12385B56224D6BC6EE31FD6332C7788B7 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\wscript.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1043968 |
Entropy (8bit): | 6.714780980017607 |
Encrypted: | false |
SSDEEP: | 12288:PRuwQc5qewWUH5gTSGINfhj+kXIsYXh2kRpATTV6PzXTwn61cQ47gNckpPWUlQVt:Z0eNPAkFwgkwbYBEu4fYY8s |
MD5: | 216BBB6CE29EF16A61B9D5BA4D227300 |
SHA1: | E80B9D4649DFA29EE6272A0D77F72482CF1CCA4E |
SHA-256: | 3A0789AEAA433B8043EF5E58B025F58A76126A6AFBBD82BA6E4FBD0C79E62FD7 |
SHA-512: | 14FAB78027AD33C49AFA14DBFCF6A8691B04BB19422735DB35857EE3384FC543D6766C9E9FEF36DAEF39D271E19266FA64DF9A1449A187DC4198D3CDE46DC043 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 5.981282042267296 |
TrID: | |
File name: | graphic.vbs |
File size: | 406244 |
MD5: | d2945c4124e2f89c05a723f7c1ad416d |
SHA1: | 414faaa0bf15450bc7f84c31024fa8fed26eb156 |
SHA256: | ac1cad78a2be2e78a05a51cf4d1b5eac2a6b302a40c3f6157496e00b4dcb81cd |
SHA512: | 934774aad58e2a3d4af34d16b5feecc93f5558911b64f84f069381ee10e066728984151776ae4132ab189243f69b848816e49d4480c19974dcd72a56c4391695 |
SSDEEP: | 6144:CHnJw2yvbGTSqC+2wvjuhRfBPSqweSExQxCUoaa+Y4glR7e5hMgxwDK:ubgKs+2wubf6HxDoaRY5C3xeK |
TLSH: | 5384E1B071E456713B9D871A55F05EB3A13E07930B123DB0DAE7071BAF06DD06F68A2A |
File Content Preview: | .On Error Resume Next.dim ZiLOTkT, bbNLRjf, FdlvVq, iuPKDLa, kaAMG.ZiLOTkT = "100%C101XE98S.r{46vk]59f~44]FjZ3YF-g100|?o.F101dli97k pJ?H104*e%45ME&n18Z49+_{K 35<.GO30X100C]u_M101yZ.mU97T.O113B~_}1-26;57<l106P117I100q,.R101a[103_m W!b25YI123)48{meb100r-UVe |
Icon Hash: | e8d69ece869a9ec4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 23, 2022 23:14:27.999174118 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:27.999241114 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:27.999424934 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.003988028 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.004017115 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.104716063 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.104902029 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.136472940 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.136519909 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.136766911 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.236967087 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.608150959 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.648509026 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.668175936 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.668216944 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.668226004 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.668258905 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.668281078 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.668292999 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.668385029 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.668420076 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.668438911 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.668448925 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.668457031 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.668463945 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.668472052 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.668494940 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.668504000 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.668519974 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.668523073 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.668589115 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.692348003 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.692365885 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.692404985 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.692420959 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.692452908 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.692493916 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.692526102 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.692543983 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.692600965 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.692625999 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.692651033 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.692662954 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.692712069 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.692754030 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.692773104 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.692812920 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.692825079 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.692850113 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.692877054 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.717469931 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.717513084 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.717575073 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.717598915 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.717644930 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.717675924 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.717690945 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.717720985 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.717755079 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.717766047 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.717811108 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.717852116 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.717968941 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.717994928 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.718039989 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.718055964 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.718090057 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.718126059 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.718132973 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.718143940 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.718168974 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.718184948 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.718238115 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.718249083 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.718302011 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.718319893 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.718328953 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.718343019 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.718394995 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.718456984 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.718529940 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.718585968 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.718595028 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.718607903 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.718686104 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.720458031 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.742919922 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.742964029 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.743072033 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.743115902 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.743145943 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.743165970 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.743221045 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.744720936 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.744760990 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.744872093 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.744906902 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.744935036 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.744982958 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.744998932 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.745058060 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.745076895 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.745204926 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.745256901 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.745275021 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.745294094 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.745335102 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.745429039 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.745466948 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.745486975 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.745497942 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.745523930 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.745660067 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.745707989 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.745729923 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.745743990 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.745769024 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.745798111 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.745822906 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.745860100 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.745874882 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.745898008 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.745914936 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.745939970 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.745970011 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.745985031 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.746004105 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.746025085 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.746047020 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.746078014 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.746089935 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.746114016 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.746133089 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.746156931 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.746187925 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.746201992 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.746220112 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.746237993 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.746246099 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.746284008 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.746298075 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.746329069 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.754628897 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.772733927 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.772778988 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.772880077 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.772933006 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.772957087 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.772984982 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773010015 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773019075 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.773040056 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773083925 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.773092985 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773112059 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773130894 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773137093 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.773144960 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773179054 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.773194075 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773210049 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773241043 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.773248911 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773271084 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773288012 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773293972 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.773300886 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773339987 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.773350954 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773367882 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773396015 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.773402929 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773428917 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773447037 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.773452044 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773464918 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773499012 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.773525000 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773536921 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.773545027 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773555040 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773571968 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.773616076 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.773617983 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773631096 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773657084 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773691893 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.773698092 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773709059 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773731947 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.773741007 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773772955 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773772955 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.773787022 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773809910 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773829937 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.773854017 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773888111 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.773889065 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773901939 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773933887 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.773977995 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.773988962 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.774010897 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.774035931 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.774043083 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.774130106 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.774137974 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.774149895 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.774159908 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.774226904 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.774234056 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.774276018 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.774281025 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.774364948 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.788021088 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.796245098 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.796277046 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.796410084 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.796435118 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.796489954 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.796710014 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.796732903 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.796802044 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.796809912 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.796855927 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.796984911 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.797005892 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.797055006 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.797063112 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.797105074 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.797310114 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.797334909 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.797419071 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.797427893 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.797472954 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.797574043 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.797593117 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.797646046 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.797656059 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.797859907 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.797863960 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.797880888 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.797921896 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.798180103 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.798219919 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.798228979 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.798250914 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.798307896 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.798449039 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.798470020 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.798522949 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.798531055 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.798727036 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.798748970 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.798799992 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.798808098 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.798849106 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.799017906 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.799040079 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.799115896 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.799124956 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.799261093 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.799392939 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.799416065 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.799472094 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.799479961 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.799623966 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.799707890 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.799730062 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.799793005 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.799801111 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.800668955 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.801048994 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.912094116 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.912127018 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.912225962 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.912312031 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.912345886 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.912373066 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.912386894 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.912395954 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.912411928 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.912460089 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.912470102 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.912513971 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.912554979 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.912744999 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.912769079 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.912813902 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.912822962 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.912862062 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.912966013 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.912985086 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.913028002 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.913045883 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.913062096 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.913079977 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.913091898 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.913147926 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.913152933 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.913182020 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.913213968 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.913233995 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.913247108 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.913254023 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.913290024 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.913312912 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.913322926 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.913332939 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.913383007 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.913433075 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.932009935 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.937517881 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.937608004 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.937635899 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Jun 23, 2022 23:14:28.937691927 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.937740088 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.939912081 CEST | 49746 | 443 | 192.168.2.4 | 104.244.73.88 |
Jun 23, 2022 23:14:28.939938068 CEST | 443 | 49746 | 104.244.73.88 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 23, 2022 23:14:27.930609941 CEST | 60506 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 23, 2022 23:14:27.985476971 CEST | 53 | 60506 | 8.8.8.8 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jun 23, 2022 23:14:27.930609941 CEST | 192.168.2.4 | 8.8.8.8 | 0x90ca | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jun 23, 2022 23:14:27.985476971 CEST | 8.8.8.8 | 192.168.2.4 | 0x90ca | No error (0) | 104.244.73.88 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49746 | 104.244.73.88 | 443 | C:\Windows\System32\wscript.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-06-23 21:14:28 UTC | 0 | OUT | |
2022-06-23 21:14:28 UTC | 0 | IN | |
2022-06-23 21:14:28 UTC | 0 | IN | |
2022-06-23 21:14:28 UTC | 16 | IN | |
2022-06-23 21:14:28 UTC | 32 | IN | |
2022-06-23 21:14:28 UTC | 48 | IN | |
2022-06-23 21:14:28 UTC | 64 | IN | |
2022-06-23 21:14:28 UTC | 80 | IN | |
2022-06-23 21:14:28 UTC | 96 | IN | |
2022-06-23 21:14:28 UTC | 112 | IN | |
2022-06-23 21:14:28 UTC | 128 | IN | |
2022-06-23 21:14:28 UTC | 144 | IN | |
2022-06-23 21:14:28 UTC | 160 | IN | |
2022-06-23 21:14:28 UTC | 176 | IN | |
2022-06-23 21:14:28 UTC | 192 | IN | |
2022-06-23 21:14:28 UTC | 208 | IN | |
2022-06-23 21:14:28 UTC | 224 | IN | |
2022-06-23 21:14:28 UTC | 240 | IN | |
2022-06-23 21:14:28 UTC | 256 | IN | |
2022-06-23 21:14:28 UTC | 272 | IN | |
2022-06-23 21:14:28 UTC | 288 | IN | |
2022-06-23 21:14:28 UTC | 304 | IN | |
2022-06-23 21:14:28 UTC | 320 | IN | |
2022-06-23 21:14:28 UTC | 336 | IN | |
2022-06-23 21:14:28 UTC | 352 | IN | |
2022-06-23 21:14:28 UTC | 368 | IN | |
2022-06-23 21:14:28 UTC | 384 | IN | |
2022-06-23 21:14:28 UTC | 400 | IN | |
2022-06-23 21:14:28 UTC | 416 | IN | |
2022-06-23 21:14:28 UTC | 432 | IN | |
2022-06-23 21:14:28 UTC | 448 | IN | |
2022-06-23 21:14:28 UTC | 464 | IN | |
2022-06-23 21:14:28 UTC | 480 | IN | |
2022-06-23 21:14:28 UTC | 496 | IN | |
2022-06-23 21:14:28 UTC | 512 | IN | |
2022-06-23 21:14:28 UTC | 528 | IN | |
2022-06-23 21:14:28 UTC | 544 | IN | |
2022-06-23 21:14:28 UTC | 560 | IN | |
2022-06-23 21:14:28 UTC | 576 | IN | |
2022-06-23 21:14:28 UTC | 592 | IN | |
2022-06-23 21:14:28 UTC | 608 | IN | |
2022-06-23 21:14:28 UTC | 624 | IN | |
2022-06-23 21:14:28 UTC | 640 | IN | |
2022-06-23 21:14:28 UTC | 656 | IN | |
2022-06-23 21:14:28 UTC | 672 | IN | |
2022-06-23 21:14:28 UTC | 688 | IN | |
2022-06-23 21:14:28 UTC | 704 | IN | |
2022-06-23 21:14:28 UTC | 720 | IN | |
2022-06-23 21:14:28 UTC | 736 | IN | |
2022-06-23 21:14:28 UTC | 752 | IN | |
2022-06-23 21:14:28 UTC | 768 | IN | |
2022-06-23 21:14:28 UTC | 784 | IN | |
2022-06-23 21:14:28 UTC | 800 | IN | |
2022-06-23 21:14:28 UTC | 816 | IN | |
2022-06-23 21:14:28 UTC | 832 | IN | |
2022-06-23 21:14:28 UTC | 848 | IN | |
2022-06-23 21:14:28 UTC | 864 | IN | |
2022-06-23 21:14:28 UTC | 880 | IN | |
2022-06-23 21:14:28 UTC | 896 | IN | |
2022-06-23 21:14:28 UTC | 912 | IN | |
2022-06-23 21:14:28 UTC | 928 | IN | |
2022-06-23 21:14:28 UTC | 944 | IN | |
2022-06-23 21:14:28 UTC | 960 | IN | |
2022-06-23 21:14:28 UTC | 976 | IN | |
2022-06-23 21:14:28 UTC | 992 | IN | |
2022-06-23 21:14:28 UTC | 1008 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 23:14:39 |
Start date: | 23/06/2022 |
Path: | C:\Windows\System32\wscript.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff768b40000 |
File size: | 163840 bytes |
MD5 hash: | 9A68ADD12EB50DDE7586782C3EB9FF9C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 1 |
Start time: | 23:14:51 |
Start date: | 23/06/2022 |
Path: | C:\Users\user\AppData\Local\Temp\A09278-2768-DE0743-A6FB64083C2\LogicoolTouchPad.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1043968 bytes |
MD5 hash: | 216BBB6CE29EF16A61B9D5BA4D227300 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Target ID: | 5 |
Start time: | 23:14:59 |
Start date: | 23/06/2022 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe40000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 27 |
Start time: | 23:16:36 |
Start date: | 23/06/2022 |
Path: | C:\Users\user\AppData\Local\Temp\A09278-2768-DE0743-A6FB64083C2\LogicoolTouchPad.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1043968 bytes |
MD5 hash: | 216BBB6CE29EF16A61B9D5BA4D227300 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Reputation: | low |
Target ID: | 29 |
Start time: | 23:16:41 |
Start date: | 23/06/2022 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe40000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Execution Graph
Execution Coverage: | 3.6% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 1.8% |
Total number of Nodes: | 109 |
Total number of Limit Nodes: | 4 |
Graph
Function 0041E2A4 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004D07C0 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 270memorylibraryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00452758 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 132windowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044DDE8 Relevance: 1.6, APIs: 1, Instructions: 148COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00451B48 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00451728 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004253B4 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422794 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403614 Relevance: .1, Instructions: 142COMMON
C-Code - Quality: 50% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403683 Relevance: .1, Instructions: 102COMMON
C-Code - Quality: 31% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0047C920 Relevance: 11.7, Strings: 9, Instructions: 466COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0047EB70 Relevance: 4.1, Strings: 3, Instructions: 391COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004A6088 Relevance: .4, Instructions: 391COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004142CC Relevance: 7.8, APIs: 5, Instructions: 271COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 2.1% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 119 |
Total number of Limit Nodes: | 5 |
Graph
Function 004D07C0 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 270memorylibraryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00452758 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 132windowCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044DDE8 Relevance: 1.6, APIs: 1, Instructions: 148COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00451B48 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E2A4 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00451728 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004253B4 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422794 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403614 Relevance: .1, Instructions: 142COMMON
C-Code - Quality: 50% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403683 Relevance: .1, Instructions: 102COMMON
C-Code - Quality: 31% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004142CC Relevance: 7.8, APIs: 5, Instructions: 271COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |