Play interactive tourEdit tour
Analysis Report http://huehiufkerfpvkm.craetivehc.com/x/ZGllZ28uZmVycmVpcm9Ad2l6aW5rLmVz
Overview
General Information
Detection
HTMLPhisher
Score: | 80 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Phishing site detected (based on favicon image match)
Yara detected HtmlPhish_10
Phishing site detected (based on image similarity)
Phishing site detected (based on logo template match)
HTML body contains low number of good links
HTML title does not match URL
Invalid T&C link found
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Dropped Files |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_HtmlPhish_10 | Yara detected HtmlPhish_10 | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Antivirus / Scanner detection for submitted sample | Show sources |
Source: | SlashNext: |
Antivirus detection for URL or domain | Show sources |
Source: | SlashNext: |
Phishing: |
---|
Phishing site detected (based on favicon image match) | Show sources |
Source: | Matcher: |
Yara detected HtmlPhish_10 | Show sources |
Source: | File source: |
Phishing site detected (based on image similarity) | Show sources |
Source: | Matcher: | Jump to dropped file |
Phishing site detected (based on logo template match) | Show sources |
Source: | Matcher: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Compliance: |
---|
Uses new MSVCR Dlls | Show sources |
Source: | File opened: |
Uses secure TLS version for HTTPS connections | Show sources |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Source: | File opened: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Process Injection1 | Masquerading1 | OS Credential Dumping | File and Directory Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Encrypted Channel2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Process Injection1 | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Application Layer Protocol2 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol3 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Ingress Tool Transfer1 | SIM Card Swap | Carrier Billing Fraud |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
100% | SlashNext | Fake Login Page type: Phishing & Social Engineering |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse | ||
1% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | SlashNext | Fake Login Page type: Phishing & Social Engineering | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
docs-sharedourlooksecuredloging.onlinerslog.fit | 40.84.135.214 | true | false |
| unknown |
crt.sectigo.com | 91.199.212.52 | true | false |
| unknown |
huehiufkerfpvkm.craetivehc.com | 20.81.200.229 | true | false | unknown | |
zerossl.crt.sectigo.com | unknown | unknown | false | unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true | unknown | ||
false |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
20.81.200.229 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
40.84.135.214 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
91.199.212.52 | unknown | United Kingdom | 48447 | SECTIGOGB | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 345082 |
Start date: | 27.01.2021 |
Start time: | 17:14:09 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 3m 14s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://huehiufkerfpvkm.craetivehc.com/x/ZGllZ28uZmVycmVpcm9Ad2l6aW5rLmVz |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 15 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal80.phis.win@3/18@4/3 |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3506 |
Entropy (8bit): | 7.54155945514523 |
Encrypted: | false |
SSDEEP: | 48:m4qXYiteL8B0wtUJgVXpxi4sVQmjPOZphFRl1P4qXYiteL8B0wtUJgVXpxi4sVQO:StO+0mrZn/T5RptO+0mrZn/T5R+ |
MD5: | 5C8E451E4A7E09535AB02C6301187E84 |
SHA1: | CE337AB88CDAD351169A54668C6651E37D2C3A58 |
SHA-256: | 3BEE4411F74C082D025884DA0688FE633DF567E220D9D17FD2733AF378123E5C |
SHA-512: | 2B7948258DB6C51A266E356B89B7659866220FE916CC051E0C26563E9D729500A73163DA21686FBAB15F9AED9CB240F3658F6F69DF8863FDDE6E8CA81940DA14 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 548 |
Entropy (8bit): | 3.095107598593844 |
Encrypted: | false |
SSDEEP: | 6:kK4EY4qMUjKFgJE5Y7EyUWOJ9jnsKtfY4qMUjKFgJE5Y7EyUWOJ9jn/:wEY4qMUE0WYtBoxnxY4qMUE0WYtBoxn/ |
MD5: | EAA31D5E30E2F185529653528A02185C |
SHA1: | 8D9FCF5C4F5C4D06F3DE4850FBD775CAD61980D0 |
SHA-256: | AA25C54684A02BC189C8EC2480B63B5229F3F2C54737F0904F940EFE367074AD |
SHA-512: | A1EDC6A8B75F7E38416ECD5BE584D2504CD79A483EC574238E92CD05B47B67446793A85F43B34712C96BC3DF80BC1AB1FE097BEFA7E0EB62BE625E7348E0A5C3 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30296 |
Entropy (8bit): | 1.8499809915792826 |
Encrypted: | false |
SSDEEP: | 96:rlZ5Zt2Xu9WXItXwbfXEovKMX5XqXc9QXgxfXeom6X:rlZ5Zt2+9W4twfURME/+fu8X |
MD5: | 8005B39A115CE6162BE3AA44B5144D0C |
SHA1: | 7B190B9F53C890D430AF829BC7C0F995A7AAF40F |
SHA-256: | F2332F16BC3A5974D47D47ACF91E68AEFBF397907A24D0F59F847BAAFD6611EF |
SHA-512: | 40786C9123BC7FBC914403610041E2582F08BE523F0D42FD5AA460EEF544091600266E59A40039074D3D45B1F8EBE086DB4394CA211FD9220E61B96590A69E3B |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 33368 |
Entropy (8bit): | 2.266230339485313 |
Encrypted: | false |
SSDEEP: | 192:ruZBQ96DksFjx2EkWQMzYbPO80eC0ZD0s0W0f0ufL:r6WoIshgwlzumd8ZYt7MuT |
MD5: | F13AEC1B649C8A2678CAD4FD7B958A13 |
SHA1: | 626099648B60ABCE10856264D729863EEE033AA8 |
SHA-256: | 6B03DEE17A2997D23BF047F7CE0E721DC2B63E53B9DAFFF9A826A478C75B1BA9 |
SHA-512: | 47DF8094D772826D6BB5EC7E1BBAA0360A1F39A8BC6C54B3577B8F334FD93EA09F98F0B4AD9729291139D883EDD428FF3F758B3C0C20910A15A1078CCDBA7A9C |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16984 |
Entropy (8bit): | 1.5640311352383127 |
Encrypted: | false |
SSDEEP: | 48:IwNGcprcGwpaVG4pQxGrapbScrGQpKOG7HpR+sTGIpG:rTZUQH6BBScFAJT+4A |
MD5: | CB05B5A920A18CC364206FDB2A88B7FA |
SHA1: | 1DF2FC99155828967D42D2D206478DB18C576DFB |
SHA-256: | 41246BA932A4C681B4BDE812027B040283904C5E1EC5C9EB51028ED2890AB248 |
SHA-512: | C9B37AEB3DB7EFE08A25E6552D346976F865E917A222441BE0AC9D4F27145ABEA21B827FCBC38EC443C20D7521A0C8612226BA7F3697D7025DAE60F473D0CF3D |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 18356 |
Entropy (8bit): | 3.1144171316444202 |
Encrypted: | false |
SSDEEP: | 48:mP0efaE/EqP0efaE/bqP0efaE/jqP0efaE/tgyyyyyyyyyyyyyIqP0efaE/D/qPR:00M0z0z0w0b0jQQQQQZ |
MD5: | 9E43E23A22D2584F44841947BB9617EA |
SHA1: | B4C939866E13C0B9F1FEEAC81283F32CAC695620 |
SHA-256: | 91D3C714D124D131663AB4105276E05C8F2E7639EF38B50084FB5212D493F44E |
SHA-512: | 2EFD1BEE29133230C0A4E771BBC542CA9D55117AE2102348F2A7806B26DCDE38B23B7F82247BC711DFC6E0468223E45FB6EF548D05995FE3A392F1ACA21847B8 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 31419 |
Entropy (8bit): | 7.838593850267985 |
Encrypted: | false |
SSDEEP: | 768:B2CG6sPLHj1DDtLEHZwbz0yDEr+q5jc0T7KEE:4CG6sTDFRLKZwbzpDEr+Zc7e |
MD5: | B204756661AE1F820ACDBF507B2C0FE7 |
SHA1: | 8BCC62CD820991FE0C4D35C2E397E9D2E225D4A0 |
SHA-256: | A33593E9043EFEFBAF94D9CA220C885CE1C42DD2A7707F30ED072D7D71587DA5 |
SHA-512: | F115CD7216716F759575B0411028CFA56049150F54D2692CF8998E47D82959BA1521CB9462DF6E5496C51B08ED736FFC0CF4BB70C0328099143293CDDB4B570E |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://docs-sharedourlooksecuredloging.onlinerslog.fit/x/lib/img/background.jpg |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 3651 |
Entropy (8bit): | 4.094801914706141 |
Encrypted: | false |
SSDEEP: | 96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO |
MD5: | EE5C8D9FB6248C938FD0DC19370E90BD |
SHA1: | D01A22720918B781338B5BBF9202B241A5F99EE4 |
SHA-256: | 04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A |
SHA-512: | C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://docs-sharedourlooksecuredloging.onlinerslog.fit/x/lib/img/logo2.svg |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 149 |
Entropy (8bit): | 4.69713648664703 |
Encrypted: | false |
SSDEEP: | 3:gnkAqRAdu6/GY7voOkADFoHDtL/QUJYC5LAeKCLr0dTgYBXILn:7AqJm7+mmHhZJBLzKIAgCYL |
MD5: | CA1AE28154FE294016416ECCEB7C618D |
SHA1: | 90DAA9B614BDE0D09C77AD6F395EE106516B9540 |
SHA-256: | FAB2876CD18840FB88240F181D4AE1E03944EC25ED35CC7072797305C3113CB0 |
SHA-512: | C35358C2D01DE5950BB8B8B166CBB5420C38E99EE137E02FE900E083B143FEF16B6C93D14E76731AD06F658D084148FC86EB3A0B57C876D729E4713DBB7E870F |
Malicious: | false |
Reputation: | low |
IE Cache URL: | http://huehiufkerfpvkm.craetivehc.com/x/ZGllZ28uZmVycmVpcm9Ad2l6aW5rLmVz |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 17174 |
Entropy (8bit): | 2.9129715116732746 |
Encrypted: | false |
SSDEEP: | 24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO |
MD5: | 12E3DAC858061D088023B2BD48E2FA96 |
SHA1: | E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5 |
SHA-256: | 90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21 |
SHA-512: | C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://docs-sharedourlooksecuredloging.onlinerslog.fit/x/lib/img/favicon.ico |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 513 |
Entropy (8bit): | 4.720499940334011 |
Encrypted: | false |
SSDEEP: | 12:t4BdU/uRqv6DLfBHKFWJCDLfBSU1pRXIFl+MJ4bADc:t4TU/uRff0EcfIU1XXU+t2c |
MD5: | A9CC2824EF3517B6C4160DCF8FF7D410 |
SHA1: | 8DB9AEBAD84CA6E4225BFDD2458FF3821CC4F064 |
SHA-256: | 34F9DB946E89F031A80DFCA7B16B2B686469C9886441261AE70A44DA1DFA2D58 |
SHA-512: | AA3DDAB0A1CFF9533F9A668ABA4FB5E3D75ED9F8AFF8A1CAA4C29F9126D85FF4529E82712C0119D2E81035D1CE1CC491FF9473384D211317D4D00E0E234AD97F |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://docs-sharedourlooksecuredloging.onlinerslog.fit/x/lib/img/arrow.svg |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 915 |
Entropy (8bit): | 3.877322891561989 |
Encrypted: | false |
SSDEEP: | 24:t4CvnAVRf83f1QqCSzGUdiHTVtpRduf1QqCWbVHTVeUV0Uv6f1QqCWbVHTVeUV0W:fnL1QqC4GuiHFXS1QqCWRHQ3V1QqCWRV |
MD5: | 5AC590EE72BFE06A7CECFD75B588AD73 |
SHA1: | DDA2CB89A241BC424746D8CF2A22A35535094611 |
SHA-256: | 6075736EA9C281D69C4A3D78FF97BB61B9416A5809919BABE5A0C5596F99AAEA |
SHA-512: | B9135D934B9EA50B51BB0316E383B114C8F24DFE75FEF11DCBD1C96170EA59202F6BAFE11AAF534CC2F4ED334A8EA4DBE96AF2504130896D6203BFD2DA69138F |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://docs-sharedourlooksecuredloging.onlinerslog.fit/x/lib/img/white_ellipsis.svg |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4896 |
Entropy (8bit): | 3.9126979104150483 |
Encrypted: | false |
SSDEEP: | 48:tcFIqr5Wxn1PWWmvw0vqcRvZ82gBIZflx3v:8Iq1K9WNBnvZGIZPv |
MD5: | 3B84D0C9225D24FC7E5152CB6A2D598F |
SHA1: | 7A5333C492C1BC12C5610C22D619EF9D04E70247 |
SHA-256: | 45364A073B31276BC6EAD8526712AD2B6028094877BF248076FD507432CBAAD8 |
SHA-512: | D1AB93213C0412B9E0CECC784251931130306549BDE99463A27B0DC28A462F72F1EBDA3717460ED54A9A255F3EC7A01D345360192A9D6434F2330ABE515AB9FF |
Malicious: | true |
Yara Hits: |
|
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 101788 |
Entropy (8bit): | 5.304944776832708 |
Encrypted: | false |
SSDEEP: | 1536:QpHDglbuhw+ExmazA/PWrF7qvEAFiQcpmNtuhPyJRD:l74wyJZ |
MD5: | 4DB4A299AE7E73B3CB53351867416D0C |
SHA1: | 36C0DFF7A6742EAD3229E476F05C559069C3080F |
SHA-256: | 10C50B88EBF99FDF813A4CCE86BA218A6E2EA3D266146520529F1E1BDDC5EBD3 |
SHA-512: | 8EB086FC241C314DDD4B15AC6F34DBD61B838E2D7C2B535A02AF2A83A92294AB1C79EB122EFCA8FF648346F4515B35EDEEB13DC5E79EBC2C7E9ACCC4AC5BAA76 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://docs-sharedourlooksecuredloging.onlinerslog.fit/x/lib/css/login.css |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1750 |
Entropy (8bit): | 7.784821733371315 |
Encrypted: | false |
SSDEEP: | 24:W6Yai7i2Tz46sC7PbpHZMYYsOWFzyKgXW0n9/ND1LCgz7AXtew1pcv8m5PRlQXt+:9KtTzx/HxRF+KKWE/B1LCgYXtIZRlN |
MD5: | 533E293F0C8947ADA653B47C00E394E2 |
SHA1: | 0F507BB89C42F937A290D0EEDA3F2E0DBFCAD5C1 |
SHA-256: | B5D587F6C48A9B22BBE97150249E0C0655AC1780BD273431480A22F8A5BFEF6C |
SHA-512: | B91127D6C27E270F7AAB0A83054451FFF4719C587A425F36EC32F4E532CF4E4D74505AAC71ED3629769552924BC9A9C8CB7F73667B0D20EA5AAED587BCD3E179 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://docs-sharedourlooksecuredloging.onlinerslog.fit/x/lib/img/logo3.png |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 25441 |
Entropy (8bit): | 0.3245043509657957 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laAAvOAM:kBqoxxJhHWSVSEabAvOA |
MD5: | DF2958624447487DF004C835F737F326 |
SHA1: | C404AA80B34E07D70249BA53B89B07DEB6559857 |
SHA-256: | E43056E46F864A0D969E2EB30C8D2FC716E2EA8C43059863EDA47403C0958ADB |
SHA-512: | 20AF848CF40C74DC74D5095A2180F02F0E5866B199F7F20594A015D4BF4BAEA82992E9B0BBF2EE984C89F1ACEBC8F57C97F90D49DA77C6B92379EC1E1B2C72AA |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 43818 |
Entropy (8bit): | 0.9608238901188655 |
Encrypted: | false |
SSDEEP: | 192:kBqoxKAuqR+2wqDwfKM80Y0ZD0s0W0f0u:kBqoxKAuqR+2wqDwfKMdBZYt7Mu |
MD5: | 5A52D0F75F0520AF194E4FC9564DF10E |
SHA1: | EF4B17897F8C89C4F566F06F358120EB6085375F |
SHA-256: | 347EE3B7C6AC98ADE4EBD763C295166CBAB4DD90D0A7C329C8621D61914D089F |
SHA-512: | D88C0B69D95F3593DB6BC223170528427291BB35A981D83F8E919ADD6C6A394563BAC6BB7E70C1708FCA5A47BF6AD1E209D6F746D5584B0D800A8997C76576D4 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13029 |
Entropy (8bit): | 0.4791783023883562 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9loUT9loUT9lWUkMp6apOR9ORP7O7Q:kBqoIzlXA |
MD5: | B563C982C2EC8AABB037DF49DD26BA1F |
SHA1: | 91AF55CF61820213E9D781EF947B4DCBEA28DBB1 |
SHA-256: | 8F12BBCD1E5D0C94F5C3BE723DBAAA5B3FB7577E000463E9A8C7799693536819 |
SHA-512: | 824D55BE603680B57A50FB1EAB293F897E39F10F2550FA8CE6D76C53F462A2785422016666EE159A2B77AC910A152B2446F8AE46FB6DFDB9EDA9908735FCF91E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
No static file info |
---|
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 27, 2021 17:15:05.565825939 CET | 49721 | 80 | 192.168.2.5 | 20.81.200.229 |
Jan 27, 2021 17:15:05.565910101 CET | 49720 | 80 | 192.168.2.5 | 20.81.200.229 |
Jan 27, 2021 17:15:05.694519997 CET | 80 | 49721 | 20.81.200.229 | 192.168.2.5 |
Jan 27, 2021 17:15:05.694710016 CET | 49721 | 80 | 192.168.2.5 | 20.81.200.229 |
Jan 27, 2021 17:15:05.694781065 CET | 80 | 49720 | 20.81.200.229 | 192.168.2.5 |
Jan 27, 2021 17:15:05.694871902 CET | 49720 | 80 | 192.168.2.5 | 20.81.200.229 |
Jan 27, 2021 17:15:05.695318937 CET | 49721 | 80 | 192.168.2.5 | 20.81.200.229 |
Jan 27, 2021 17:15:05.889887094 CET | 80 | 49721 | 20.81.200.229 | 192.168.2.5 |
Jan 27, 2021 17:15:06.061757088 CET | 80 | 49721 | 20.81.200.229 | 192.168.2.5 |
Jan 27, 2021 17:15:06.061872959 CET | 49721 | 80 | 192.168.2.5 | 20.81.200.229 |
Jan 27, 2021 17:15:06.591379881 CET | 49723 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:06.594357014 CET | 49722 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:06.745685101 CET | 443 | 49723 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:06.745804071 CET | 49723 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:06.751168013 CET | 443 | 49722 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:06.751302004 CET | 49722 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:06.754837990 CET | 49723 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:06.755206108 CET | 49722 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:06.910450935 CET | 443 | 49723 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:06.910489082 CET | 443 | 49723 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:06.910557032 CET | 49723 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:06.910593987 CET | 49723 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:06.912173986 CET | 443 | 49722 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:06.912203074 CET | 443 | 49722 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:06.912344933 CET | 49722 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:07.652102947 CET | 49724 | 80 | 192.168.2.5 | 91.199.212.52 |
Jan 27, 2021 17:15:07.653048992 CET | 49725 | 80 | 192.168.2.5 | 91.199.212.52 |
Jan 27, 2021 17:15:07.716795921 CET | 80 | 49724 | 91.199.212.52 | 192.168.2.5 |
Jan 27, 2021 17:15:07.716835976 CET | 80 | 49725 | 91.199.212.52 | 192.168.2.5 |
Jan 27, 2021 17:15:07.716984987 CET | 49724 | 80 | 192.168.2.5 | 91.199.212.52 |
Jan 27, 2021 17:15:07.717055082 CET | 49725 | 80 | 192.168.2.5 | 91.199.212.52 |
Jan 27, 2021 17:15:07.762238026 CET | 49725 | 80 | 192.168.2.5 | 91.199.212.52 |
Jan 27, 2021 17:15:07.763355017 CET | 49724 | 80 | 192.168.2.5 | 91.199.212.52 |
Jan 27, 2021 17:15:07.826227903 CET | 80 | 49725 | 91.199.212.52 | 192.168.2.5 |
Jan 27, 2021 17:15:07.826288939 CET | 80 | 49725 | 91.199.212.52 | 192.168.2.5 |
Jan 27, 2021 17:15:07.826327085 CET | 80 | 49725 | 91.199.212.52 | 192.168.2.5 |
Jan 27, 2021 17:15:07.826467991 CET | 49725 | 80 | 192.168.2.5 | 91.199.212.52 |
Jan 27, 2021 17:15:07.827028990 CET | 80 | 49724 | 91.199.212.52 | 192.168.2.5 |
Jan 27, 2021 17:15:07.827099085 CET | 80 | 49724 | 91.199.212.52 | 192.168.2.5 |
Jan 27, 2021 17:15:07.827132940 CET | 80 | 49724 | 91.199.212.52 | 192.168.2.5 |
Jan 27, 2021 17:15:07.827265978 CET | 49724 | 80 | 192.168.2.5 | 91.199.212.52 |
Jan 27, 2021 17:15:07.856863022 CET | 49723 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:07.856904030 CET | 49722 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:07.857686043 CET | 49722 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:08.013705969 CET | 443 | 49723 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:08.013797045 CET | 49723 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:08.014425039 CET | 443 | 49722 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:08.014508009 CET | 49722 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:08.066127062 CET | 443 | 49722 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:08.422846079 CET | 443 | 49722 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:08.423005104 CET | 49722 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:08.425647020 CET | 49722 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:08.637414932 CET | 443 | 49722 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:10.570102930 CET | 80 | 49724 | 91.199.212.52 | 192.168.2.5 |
Jan 27, 2021 17:15:10.570126057 CET | 80 | 49725 | 91.199.212.52 | 192.168.2.5 |
Jan 27, 2021 17:15:10.570168972 CET | 49724 | 80 | 192.168.2.5 | 91.199.212.52 |
Jan 27, 2021 17:15:10.570195913 CET | 49725 | 80 | 192.168.2.5 | 91.199.212.52 |
Jan 27, 2021 17:15:10.570285082 CET | 49724 | 80 | 192.168.2.5 | 91.199.212.52 |
Jan 27, 2021 17:15:10.570350885 CET | 49725 | 80 | 192.168.2.5 | 91.199.212.52 |
Jan 27, 2021 17:15:10.634191990 CET | 80 | 49724 | 91.199.212.52 | 192.168.2.5 |
Jan 27, 2021 17:15:10.634243011 CET | 80 | 49725 | 91.199.212.52 | 192.168.2.5 |
Jan 27, 2021 17:15:11.558188915 CET | 80 | 49721 | 20.81.200.229 | 192.168.2.5 |
Jan 27, 2021 17:15:11.558337927 CET | 49721 | 80 | 192.168.2.5 | 20.81.200.229 |
Jan 27, 2021 17:15:13.037166119 CET | 443 | 49722 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:13.037369967 CET | 49722 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:13.042767048 CET | 49722 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:13.262533903 CET | 443 | 49722 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:13.307244062 CET | 443 | 49722 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:13.307270050 CET | 443 | 49722 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:13.307287931 CET | 443 | 49722 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:13.307302952 CET | 443 | 49722 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:13.307316065 CET | 49722 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:13.307358980 CET | 49722 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:13.326982021 CET | 49722 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:13.327754021 CET | 49723 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:13.329811096 CET | 49726 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:13.330950975 CET | 49727 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:13.331463099 CET | 49728 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:13.484667063 CET | 443 | 49722 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:13.484693050 CET | 443 | 49722 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:13.484709978 CET | 443 | 49722 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:13.484725952 CET | 443 | 49722 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:13.484730005 CET | 49722 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:13.484739065 CET | 443 | 49722 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:13.484759092 CET | 443 | 49722 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:13.484767914 CET | 49722 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:13.484781027 CET | 443 | 49722 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:13.484793901 CET | 443 | 49722 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:13.484810114 CET | 443 | 49722 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:13.484812975 CET | 49722 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:13.484827042 CET | 443 | 49722 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:13.484839916 CET | 443 | 49726 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:13.484841108 CET | 49722 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:13.484872103 CET | 49722 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:13.484916925 CET | 49726 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:13.485816956 CET | 443 | 49728 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:13.485935926 CET | 49728 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:13.486330032 CET | 49726 | 443 | 192.168.2.5 | 40.84.135.214 |
Jan 27, 2021 17:15:13.486387014 CET | 443 | 49727 | 40.84.135.214 | 192.168.2.5 |
Jan 27, 2021 17:15:13.486458063 CET | 49727 | 443 | 192.168.2.5 | 40.84.135.214 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 27, 2021 17:14:59.216414928 CET | 65296 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 27, 2021 17:14:59.267267942 CET | 53 | 65296 | 8.8.8.8 | 192.168.2.5 |
Jan 27, 2021 17:15:00.166466951 CET | 63183 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 27, 2021 17:15:00.214437962 CET | 53 | 63183 | 8.8.8.8 | 192.168.2.5 |
Jan 27, 2021 17:15:01.147109985 CET | 60151 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 27, 2021 17:15:01.195234060 CET | 53 | 60151 | 8.8.8.8 | 192.168.2.5 |
Jan 27, 2021 17:15:03.999756098 CET | 56969 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 27, 2021 17:15:04.061264038 CET | 53 | 56969 | 8.8.8.8 | 192.168.2.5 |
Jan 27, 2021 17:15:05.485532045 CET | 55161 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 27, 2021 17:15:05.554894924 CET | 53 | 55161 | 8.8.8.8 | 192.168.2.5 |
Jan 27, 2021 17:15:06.528197050 CET | 54757 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 27, 2021 17:15:06.588871956 CET | 53 | 54757 | 8.8.8.8 | 192.168.2.5 |
Jan 27, 2021 17:15:07.567178965 CET | 49992 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 27, 2021 17:15:07.649831057 CET | 53 | 49992 | 8.8.8.8 | 192.168.2.5 |
Jan 27, 2021 17:15:19.136082888 CET | 60075 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 27, 2021 17:15:19.200200081 CET | 53 | 60075 | 8.8.8.8 | 192.168.2.5 |
Jan 27, 2021 17:15:22.034053087 CET | 55016 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 27, 2021 17:15:22.112302065 CET | 53 | 55016 | 8.8.8.8 | 192.168.2.5 |
Jan 27, 2021 17:15:24.467451096 CET | 64345 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 27, 2021 17:15:24.515644073 CET | 53 | 64345 | 8.8.8.8 | 192.168.2.5 |
Jan 27, 2021 17:15:31.914210081 CET | 57128 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 27, 2021 17:15:31.974792957 CET | 53 | 57128 | 8.8.8.8 | 192.168.2.5 |
Jan 27, 2021 17:15:33.994510889 CET | 54791 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 27, 2021 17:15:34.050858974 CET | 53 | 54791 | 8.8.8.8 | 192.168.2.5 |
Jan 27, 2021 17:15:35.009541035 CET | 54791 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 27, 2021 17:15:35.065922022 CET | 53 | 54791 | 8.8.8.8 | 192.168.2.5 |
Jan 27, 2021 17:15:35.066243887 CET | 50463 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 27, 2021 17:15:35.117003918 CET | 53 | 50463 | 8.8.8.8 | 192.168.2.5 |
Jan 27, 2021 17:15:36.008594990 CET | 54791 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 27, 2021 17:15:36.069551945 CET | 53 | 54791 | 8.8.8.8 | 192.168.2.5 |
Jan 27, 2021 17:15:36.071707010 CET | 50463 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 27, 2021 17:15:36.131751060 CET | 53 | 50463 | 8.8.8.8 | 192.168.2.5 |
Jan 27, 2021 17:15:37.071106911 CET | 50463 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 27, 2021 17:15:37.132862091 CET | 53 | 50463 | 8.8.8.8 | 192.168.2.5 |
Jan 27, 2021 17:15:38.027137041 CET | 54791 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 27, 2021 17:15:38.085154057 CET | 53 | 54791 | 8.8.8.8 | 192.168.2.5 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jan 27, 2021 17:15:05.485532045 CET | 192.168.2.5 | 8.8.8.8 | 0x1159 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 27, 2021 17:15:06.528197050 CET | 192.168.2.5 | 8.8.8.8 | 0xfce3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 27, 2021 17:15:07.567178965 CET | 192.168.2.5 | 8.8.8.8 | 0x5adb | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 27, 2021 17:15:22.034053087 CET | 192.168.2.5 | 8.8.8.8 | 0x2829 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jan 27, 2021 17:15:05.554894924 CET | 8.8.8.8 | 192.168.2.5 | 0x1159 | No error (0) | 20.81.200.229 | A (IP address) | IN (0x0001) | ||
Jan 27, 2021 17:15:06.588871956 CET | 8.8.8.8 | 192.168.2.5 | 0xfce3 | No error (0) | 40.84.135.214 | A (IP address) | IN (0x0001) | ||
Jan 27, 2021 17:15:07.649831057 CET | 8.8.8.8 | 192.168.2.5 | 0x5adb | No error (0) | crt.sectigo.com | CNAME (Canonical name) | IN (0x0001) | ||
Jan 27, 2021 17:15:07.649831057 CET | 8.8.8.8 | 192.168.2.5 | 0x5adb | No error (0) | 91.199.212.52 | A (IP address) | IN (0x0001) | ||
Jan 27, 2021 17:15:22.112302065 CET | 8.8.8.8 | 192.168.2.5 | 0x2829 | No error (0) | 40.84.135.214 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.5 | 49721 | 20.81.200.229 | 80 | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 27, 2021 17:15:05.695318937 CET | 40 | OUT | |
Jan 27, 2021 17:15:06.061757088 CET | 41 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.5 | 49725 | 91.199.212.52 | 80 | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 27, 2021 17:15:07.762238026 CET | 47 | OUT | |
Jan 27, 2021 17:15:07.826288939 CET | 49 | IN |