Play interactive tourEdit tour
Analysis Report http://pics3.city-data.com/images/covid19/covid-19-btn.png
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
No high impact signatures.
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
Compliance: |
---|
Uses new MSVCR Dlls | Show sources |
Source: | File opened: | Jump to behavior |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Process Injection1 | Masquerading1 | OS Credential Dumping | File and Directory Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Non-Application Layer Protocol3 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Process Injection1 | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Application Layer Protocol3 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Ingress Tool Transfer3 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
pics3.city-data.com | 135.148.13.31 | true | false | high | |
favicon.ico | unknown | unknown | false | unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
135.148.13.31 | unknown | United States | 18676 | AVAYAUS | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Red Diamond |
Analysis ID: | 342953 |
Start date: | 21.01.2021 |
Start time: | 23:29:02 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 2m 50s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://pics3.city-data.com/images/covid19/covid-19-btn.png |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 17 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@3/16@2/1 |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30296 |
Entropy (8bit): | 1.857700052177407 |
Encrypted: | false |
SSDEEP: | 96:ru/ZhZk2u9WSRtSlvfSchMSySxS87fSrcX:ru/ZhZk2u9WGtGvfhhMrEr7fGcX |
MD5: | D1976603CB1B57B7DAB819B29814BD0E |
SHA1: | 63E3AD5D6CE459BEF43B1AF329C5E0FCFE86A29D |
SHA-256: | 4CEA51A47249F55D2AA45AF75488C2BE411831BEA4CAE4D27C8D129FFBD2C4B5 |
SHA-512: | 91BB5D32FA41080DD8C643A1B5F38FDE3EA4E3A7718C9430E806DAFBA91A9F5E813F73E1EC2B7CC4EA45FE5AD1D431DDC1BB727CC46A16C9F921C0BA868B0E31 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24228 |
Entropy (8bit): | 1.6439059462108963 |
Encrypted: | false |
SSDEEP: | 48:IwIZGcpr9GwpaEZG4pQEhGrapbS2rGQpBTWGHHpc4sTGUp8dGzYpmIpYGopRujwl:rI/ZnQE76GBS2Fjp24kWjMiYXsg |
MD5: | A010E6121846CAE04961058EBB007AE3 |
SHA1: | A077B3F68A905AD006960F63BCEF0F0CDEF08BAA |
SHA-256: | 6EA43DBEA7B26DF1119C47CA5B64F6E2FE452E1279E210EAFBF566E842BF2738 |
SHA-512: | B4897D0E5C1364A14728BF2F5B180AAE912C637D2DBB6C27879A0800F6EABA761A7B33500EC894013EE4144228D990C64E5A429DE2472AD638462C4488528193 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16984 |
Entropy (8bit): | 1.5635462148731956 |
Encrypted: | false |
SSDEEP: | 48:Iw9/ZGcprv6GwpawZG4pQYGrapbSJrGQpKMG7HpRqsTGIpG:r9//ZviQw76mBSJFAnTq4A |
MD5: | E69BF6702E526B6CDED50937B08C2467 |
SHA1: | B18AB844CD5B54FC4DA5126CE06D9E491BC8FBEF |
SHA-256: | 15A35377257CDA64664977ADEBFF0E077718B676CE3F39BE680ED8B86363AE4A |
SHA-512: | 84A71EF5B7C64B4C59F152629CE5CC972C0EEA63298184429F29FB209DFD6E11014C1623485E97CF91D2995BF84CB0293A2A9A5B62A3E9AA8E4CE02744BEF894 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 656 |
Entropy (8bit): | 5.073253024958182 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxOEWy/nWimI002EtM3MHdNMNxOEWy/nWimI00ObVbkEtMb:2d6NxOUSZHKd6NxOUSZ76b |
MD5: | 881D3E332050B69ACFA059F3018C1A0F |
SHA1: | DBBEDAF8659A15BDEB9A2A3E4115DFC72613050C |
SHA-256: | 282C534E4CEDD9C427343538E8FF96E21C141D8BD2D1D5793FE06C2B7F003282 |
SHA-512: | 7E1BF54FFF8F578F35F3D7D700E6EC119440EDA81C01D8528C121A141D7B672A9FE7E6B3A969AD9F71ECEE4439220C2B7B084365EC43E8E6CED8C6CC59894540 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 653 |
Entropy (8bit): | 5.124523951090877 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxe2kxkmnWimI002EtM3MHdNMNxe2kxr/nWimI00Obkak6EtMb:2d6Nxr8SZHKd6NxrYSZ7Aa7b |
MD5: | E6A375F186EA5C7C572D198FA5D11130 |
SHA1: | 9672617A2D0DADA665EAB2CB2BCC6A5B5AE81290 |
SHA-256: | 44B22BFC75AA45752468692ADDB28C16EC66BCD38490AA6EF603236445F8AF03 |
SHA-512: | 29317D96B4A79A726665AF56352FFC3DFD34A431B865C05904974557292FC74A213B7D92A0E994AB9245610B49D76A11E26FAB178C19A817124BD5B6DEE24F38 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 662 |
Entropy (8bit): | 5.1094529698972 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxvLbLLnWimI002EtM3MHdNMNxvLbLLnWimI00ObmZEtMb:2d6Nxv3SZHKd6Nxv3SZ7mb |
MD5: | 521B94559CECE3BCB9075CCF1B9E13BA |
SHA1: | 0B1BC22FCFDB9647158AF048188251E4F96CDCD3 |
SHA-256: | 312D45D76C8AF53994B3FF6D394812A1F45AABDE5801789A299FA49E655CCEFD |
SHA-512: | 2FE5024238B296EF8698D311CCEF911BD34FCD323CC0DFE3510AF4D118C402CA0CF9846D8F255C9E17859043326EBC10A473B391A21581981067C9739D46F3D5 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 647 |
Entropy (8bit): | 5.1107546654944205 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxi3uTu/nWimI002EtM3MHdNMNxi3uTu/nWimI00Obd5EtMb:2d6NxkwoSZHKd6NxkwoSZ7Jjb |
MD5: | F39793CBDE18173CB94C168C4CB1E8D9 |
SHA1: | EC89CA2734A9DA691D1AB9AB499E09BBE43EA2C6 |
SHA-256: | 842DA461A543ABB5956795DE48BED2C47A6785C36A46FDAE01C9E4454DEE2777 |
SHA-512: | 09110125C3F30ABFF05104DA7FD14B62A04BDD22C49CA95986C5FBE87AD417495CC8289A3A59484B797CA9E72FA55F9F7BED323BF5FCFDF0D8B4A4463991D988 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 656 |
Entropy (8bit): | 5.124166094743051 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxhGwbLLnWimI002EtM3MHdNMNxhGwbLLnWimI00Ob8K075EtMb:2d6NxQ+SZHKd6NxQ+SZ7YKajb |
MD5: | 044933374F4A9EBFC2780F14A0E598AA |
SHA1: | F0263435EECF3F2662AFCE1AEFF077C72D75E93F |
SHA-256: | D5450E156825865878F4F592485AA08AC3EE7A1533A9CF4AE503F3A52BE7C32B |
SHA-512: | CF6E92D76D5759938ED42ED47E7F3C6DBFFA1D3B5E47CB7FFA72FBD584178C05B84EEC4A77CAE937EEE115C3D4C44D7B85E21962A2AF5F9FC6A152AF7268EACF |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 653 |
Entropy (8bit): | 5.073894731407674 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNx0nWy/nWimI002EtM3MHdNMNx0nWy/nWimI00ObxEtMb:2d6Nx05SZHKd6Nx05SZ7nb |
MD5: | 13C011EB30C1802BA262F9B8212E472C |
SHA1: | DFFF7E4BF7F98430021EFD287DD16D45B92F5273 |
SHA-256: | C104471BCCCB51456C87D442E6B7E9DD10122AB4968D8DE4AF0AD64B88666146 |
SHA-512: | EFC80011A33D8E7D07040E5F25254C686E79BAF2DA1B9CCA2EFBA98DB502146CDD58E31EC2AF6B3FD175076F846B1B71085666FBF2A58AC251F8A1040FD46109 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 656 |
Entropy (8bit): | 5.113676726228879 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxxWy/nWimI002EtM3MHdNMNxxWy/nWimI00Ob6Kq5EtMb:2d6NxjSZHKd6NxjSZ7ob |
MD5: | 80DBC1130FBA22DFB354C6C55E1FCB91 |
SHA1: | 8D0DC57593705B34111031990F88FD1D6C5FF674 |
SHA-256: | 9929D1A7574FA318D708C17574989F5887FFC0742982E511F1D62BB93524408F |
SHA-512: | 968F9BCFEB155D80DE488FF4736B795BC4FD36EAF55DA4C751DE46482C00643015F6DA45AD21F84A1B4D9401C67036F6EFDB1CE5009BB4D032767B1102E6C1F6 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 659 |
Entropy (8bit): | 5.114372086815224 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxc3uTu/nWimI002EtM3MHdNMNxc3uTu/nWimI00ObVEtMb:2d6NxOwoSZHKd6NxOwoSZ7Db |
MD5: | 9D17F83639F14FFF0DF6BB6D97AF7B02 |
SHA1: | C83F9500F810417CE58ADC422EBED78D63C2AC97 |
SHA-256: | 59DD88760C2F63652A6EF61A8057EB12AC65F53F5D16CAB91A7648AB9D60D0B9 |
SHA-512: | 1FF35FFBD5401F5EE9F67EBC8DF33F87EFF6951478D8F19FDE255779838847D35E7B9E92B959DC0DEDB5C0CD0F524AC90B92089D7B519554663D39B3235CDB48 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 653 |
Entropy (8bit): | 5.096421622258924 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxfn3uTu/nWimI002EtM3MHdNMNxfn3uTu/nWimI00Obe5EtMb:2d6NxPwoSZHKd6NxPwoSZ7ijb |
MD5: | B5DBCD49B6A795357A2F862CD354D538 |
SHA1: | A33B73015C0F114A91790725B3AAFDCE63F60F57 |
SHA-256: | 2EA8FE19B46CD10232E9E430C818F805EA5D5F60B8D37A95FE3E4EDAC4FE774A |
SHA-512: | 18FFDFD9531B296864C0AFF37D3594E4456AC05ADDB2D371CB746C4D4DAD5076FCE1831C7A59FD3FB78F964E4AC563BCA653A7E1993693AF6043A19E262B65CD |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 22559 |
Entropy (8bit): | 7.986669850540404 |
Encrypted: | false |
SSDEEP: | 384:YgOXEB3cm2fbSdCmK5ssJ+dz+FE01pwqDjjoTNFXmRAE17zhYDksNq/5:SEB8f2dCmK1WWXdmN9031HMU/5 |
MD5: | CCD6A0C5DABD6C707AB69170A20A62E4 |
SHA1: | 7939D05E2697FB189EA212C2BF3388C2B0ED9EE6 |
SHA-256: | 39085EC813E9E509AD1D618F8F8207FC4FB2F35BE2169324C1E6CAD9B2207E0D |
SHA-512: | 4ED1883E38AD9938835F66054C1C3330AE31940DC1303B65EADC6214FADC026C9306BC49562212C9B5D92AFBC5E36EFCCBC188735A62FA927B9FFAF238BB423D |
Malicious: | false |
Reputation: | low |
IE Cache URL: | http://pics3.city-data.com/images/covid19/covid-19-btn.png |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 34421 |
Entropy (8bit): | 0.3617138013678112 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lRg9lRA9lTS9lTy9lSSd9lSSd9lw29lwG9l2I9l2o9l/Ij:kBqoxKAuvScS+5XF0III7ujw1 |
MD5: | 7AF1A328287784E47FB3FBC636260ABD |
SHA1: | A8DBEBD3E4195DE0A63B18CFB982F230ABFFE7A8 |
SHA-256: | 7CD159E180E76E1F7E088BC444C0A4A440096C4DD1D5BBA195DDEC5B2421D92B |
SHA-512: | 55A5F4DA7956D0499925A614152835311930BADB8ABF5FEEBD9E969B93F5E378B10003935F73B7F47CE1B3C0F13F97427EB0C7F01ACCD7553CCC8A06BA5F4865 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 25441 |
Entropy (8bit): | 0.27918767598683664 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab |
MD5: | AB889A32AB9ACD33E816C2422337C69A |
SHA1: | 1190C6B34DED2D295827C2A88310D10A8B90B59B |
SHA-256: | 4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA |
SHA-512: | BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13029 |
Entropy (8bit): | 0.47908442814096136 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9loFF9lof9lWyuIH:kBqoIAeyuIH |
MD5: | C7AC48C8FB92371BEB52A8E66BEE832F |
SHA1: | 23FDA014B85864A0BE2A2C11E696B95E31E49A74 |
SHA-256: | 0FA964F40F230EF4E9473E6CB4BE78311378BF7F40CA0C23AC5D8A8819E65C0D |
SHA-512: | D900B9F6DB88AAAC501698291B7D01E28DC6A80AA2D630283AE82AE8895BFE5F091FF2E46DBC919B4898482DE831F1B118ADB06D50675DBE91D9C6DD16C97C7B |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
No static file info |
---|
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 21, 2021 23:29:50.865756989 CET | 49714 | 80 | 192.168.2.3 | 135.148.13.31 |
Jan 21, 2021 23:29:50.866132975 CET | 49715 | 80 | 192.168.2.3 | 135.148.13.31 |
Jan 21, 2021 23:29:50.999659061 CET | 80 | 49715 | 135.148.13.31 | 192.168.2.3 |
Jan 21, 2021 23:29:50.999773979 CET | 49715 | 80 | 192.168.2.3 | 135.148.13.31 |
Jan 21, 2021 23:29:51.002228022 CET | 80 | 49714 | 135.148.13.31 | 192.168.2.3 |
Jan 21, 2021 23:29:51.002321959 CET | 49714 | 80 | 192.168.2.3 | 135.148.13.31 |
Jan 21, 2021 23:29:51.002568007 CET | 49715 | 80 | 192.168.2.3 | 135.148.13.31 |
Jan 21, 2021 23:29:51.135929108 CET | 80 | 49715 | 135.148.13.31 | 192.168.2.3 |
Jan 21, 2021 23:29:51.136131048 CET | 80 | 49715 | 135.148.13.31 | 192.168.2.3 |
Jan 21, 2021 23:29:51.136174917 CET | 80 | 49715 | 135.148.13.31 | 192.168.2.3 |
Jan 21, 2021 23:29:51.136212111 CET | 80 | 49715 | 135.148.13.31 | 192.168.2.3 |
Jan 21, 2021 23:29:51.136250019 CET | 80 | 49715 | 135.148.13.31 | 192.168.2.3 |
Jan 21, 2021 23:29:51.136274099 CET | 49715 | 80 | 192.168.2.3 | 135.148.13.31 |
Jan 21, 2021 23:29:51.136290073 CET | 80 | 49715 | 135.148.13.31 | 192.168.2.3 |
Jan 21, 2021 23:29:51.136322975 CET | 49715 | 80 | 192.168.2.3 | 135.148.13.31 |
Jan 21, 2021 23:29:51.136328936 CET | 80 | 49715 | 135.148.13.31 | 192.168.2.3 |
Jan 21, 2021 23:29:51.136367083 CET | 80 | 49715 | 135.148.13.31 | 192.168.2.3 |
Jan 21, 2021 23:29:51.136404037 CET | 80 | 49715 | 135.148.13.31 | 192.168.2.3 |
Jan 21, 2021 23:29:51.136426926 CET | 49715 | 80 | 192.168.2.3 | 135.148.13.31 |
Jan 21, 2021 23:29:51.136451006 CET | 80 | 49715 | 135.148.13.31 | 192.168.2.3 |
Jan 21, 2021 23:29:51.136492968 CET | 80 | 49715 | 135.148.13.31 | 192.168.2.3 |
Jan 21, 2021 23:29:51.136496067 CET | 49715 | 80 | 192.168.2.3 | 135.148.13.31 |
Jan 21, 2021 23:29:51.136558056 CET | 49715 | 80 | 192.168.2.3 | 135.148.13.31 |
Jan 21, 2021 23:29:51.136646986 CET | 49715 | 80 | 192.168.2.3 | 135.148.13.31 |
Jan 21, 2021 23:29:51.269718885 CET | 80 | 49715 | 135.148.13.31 | 192.168.2.3 |
Jan 21, 2021 23:29:51.269823074 CET | 80 | 49715 | 135.148.13.31 | 192.168.2.3 |
Jan 21, 2021 23:29:51.269850969 CET | 80 | 49715 | 135.148.13.31 | 192.168.2.3 |
Jan 21, 2021 23:29:51.269851923 CET | 49715 | 80 | 192.168.2.3 | 135.148.13.31 |
Jan 21, 2021 23:29:51.269872904 CET | 80 | 49715 | 135.148.13.31 | 192.168.2.3 |
Jan 21, 2021 23:29:51.269892931 CET | 49715 | 80 | 192.168.2.3 | 135.148.13.31 |
Jan 21, 2021 23:29:51.269897938 CET | 80 | 49715 | 135.148.13.31 | 192.168.2.3 |
Jan 21, 2021 23:29:51.269897938 CET | 49715 | 80 | 192.168.2.3 | 135.148.13.31 |
Jan 21, 2021 23:29:51.269923925 CET | 80 | 49715 | 135.148.13.31 | 192.168.2.3 |
Jan 21, 2021 23:29:51.269928932 CET | 49715 | 80 | 192.168.2.3 | 135.148.13.31 |
Jan 21, 2021 23:29:51.269942999 CET | 49715 | 80 | 192.168.2.3 | 135.148.13.31 |
Jan 21, 2021 23:29:51.269970894 CET | 80 | 49715 | 135.148.13.31 | 192.168.2.3 |
Jan 21, 2021 23:29:51.270000935 CET | 49715 | 80 | 192.168.2.3 | 135.148.13.31 |
Jan 21, 2021 23:29:51.270018101 CET | 49715 | 80 | 192.168.2.3 | 135.148.13.31 |
Jan 21, 2021 23:29:51.270087957 CET | 80 | 49715 | 135.148.13.31 | 192.168.2.3 |
Jan 21, 2021 23:29:51.270138979 CET | 49715 | 80 | 192.168.2.3 | 135.148.13.31 |
Jan 21, 2021 23:29:51.369046926 CET | 49715 | 80 | 192.168.2.3 | 135.148.13.31 |
Jan 21, 2021 23:29:51.503371000 CET | 80 | 49715 | 135.148.13.31 | 192.168.2.3 |
Jan 21, 2021 23:29:51.503442049 CET | 80 | 49715 | 135.148.13.31 | 192.168.2.3 |
Jan 21, 2021 23:29:51.503539085 CET | 49715 | 80 | 192.168.2.3 | 135.148.13.31 |
Jan 21, 2021 23:30:01.501705885 CET | 80 | 49715 | 135.148.13.31 | 192.168.2.3 |
Jan 21, 2021 23:30:01.501902103 CET | 49715 | 80 | 192.168.2.3 | 135.148.13.31 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 21, 2021 23:29:44.260360956 CET | 53 | 55984 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:29:45.521255016 CET | 64185 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:29:45.569335938 CET | 53 | 64185 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:29:46.958312035 CET | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:29:47.006445885 CET | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:29:48.066881895 CET | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:29:48.125583887 CET | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:29:49.014528990 CET | 63492 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:29:49.073982000 CET | 53 | 63492 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:29:49.765376091 CET | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:29:49.826018095 CET | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:29:50.101902962 CET | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:29:50.152740002 CET | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:29:50.790333033 CET | 53195 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:29:50.848503113 CET | 53 | 53195 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:29:51.056045055 CET | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:29:51.107076883 CET | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:29:52.158948898 CET | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:29:52.206834078 CET | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:29:53.530324936 CET | 49563 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:29:53.578241110 CET | 53 | 49563 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:29:54.525585890 CET | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:29:54.573590040 CET | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:29:56.252304077 CET | 59349 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:29:56.300259113 CET | 53 | 59349 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:29:57.698481083 CET | 57084 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:29:57.746495962 CET | 53 | 57084 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:29:58.880774975 CET | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:29:58.928664923 CET | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:30:07.235977888 CET | 57568 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:30:07.294986010 CET | 53 | 57568 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:30:11.129782915 CET | 50540 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:30:11.189188004 CET | 53 | 50540 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:30:19.207493067 CET | 54366 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:30:19.275684118 CET | 53 | 54366 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:30:19.766457081 CET | 53034 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:30:19.825227976 CET | 53 | 53034 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:30:20.438301086 CET | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:30:20.494856119 CET | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:30:20.765713930 CET | 53034 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:30:20.813807011 CET | 53 | 53034 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:30:21.451255083 CET | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:30:21.507584095 CET | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:30:21.817424059 CET | 53034 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:30:21.865520000 CET | 53 | 53034 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:30:22.562743902 CET | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:30:22.619543076 CET | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:30:23.826857090 CET | 53034 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:30:23.883507013 CET | 53 | 53034 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:30:24.645796061 CET | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:30:24.702472925 CET | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:30:26.039372921 CET | 55435 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:30:26.102130890 CET | 53 | 55435 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:30:27.842703104 CET | 53034 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:30:27.899240971 CET | 53 | 53034 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:30:28.654577017 CET | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:30:28.710727930 CET | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:30:33.891154051 CET | 50713 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:30:33.942935944 CET | 53 | 50713 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:30:34.534245968 CET | 56132 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:30:34.609544039 CET | 53 | 56132 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:30:35.175333023 CET | 58987 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:30:35.263621092 CET | 53 | 58987 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:30:35.693535089 CET | 56579 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:30:35.760566950 CET | 53 | 56579 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:30:36.244709015 CET | 60633 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:30:36.301527023 CET | 53 | 60633 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:30:36.709357023 CET | 61292 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:30:36.765584946 CET | 53 | 61292 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:30:37.146029949 CET | 63619 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:30:37.204185963 CET | 53 | 63619 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:30:37.645880938 CET | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:30:37.702153921 CET | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:30:38.141988039 CET | 61946 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:30:38.201226950 CET | 53 | 61946 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:30:38.745074034 CET | 64910 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:30:38.801328897 CET | 53 | 64910 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:30:39.421215057 CET | 52123 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:30:39.480643988 CET | 53 | 52123 | 8.8.8.8 | 192.168.2.3 |
Jan 21, 2021 23:30:39.844429016 CET | 56130 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 21, 2021 23:30:39.903721094 CET | 53 | 56130 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jan 21, 2021 23:29:50.790333033 CET | 192.168.2.3 | 8.8.8.8 | 0x15eb | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 21, 2021 23:30:07.235977888 CET | 192.168.2.3 | 8.8.8.8 | 0xf040 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jan 21, 2021 23:29:50.848503113 CET | 8.8.8.8 | 192.168.2.3 | 0x15eb | No error (0) | 135.148.13.31 | A (IP address) | IN (0x0001) | ||
Jan 21, 2021 23:30:07.294986010 CET | 8.8.8.8 | 192.168.2.3 | 0xf040 | Name error (3) | none | none | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49715 | 135.148.13.31 | 80 | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 21, 2021 23:29:51.002568007 CET | 78 | OUT | |
Jan 21, 2021 23:29:51.136131048 CET | 80 | IN |