Analysis Report https://docs.google.com/document/d/e/2PACX-1vS36Y8R0dZPmbkK0kzlhwl7QP56-1X6JRq34lZp4A2cukPSL9y0gFPCpMx8sjlWiW2dB5LySYzIsG8o/pub
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Dropped Files |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_HtmlPhish_20 | Yara detected HtmlPhish_20 | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Antivirus / Scanner detection for submitted sample | Show sources |
Source: | SlashNext: |
Phishing: |
---|
Yara detected HtmlPhish_20 | Show sources |
Source: | File source: | ||
Source: | File source: |
Phishing site detected (based on various OCR indicators) | Show sources |
Source: | OCR Text: |
Compliance: |
---|
Uses new MSVCR Dlls | Show sources |
Source: | File opened: | Jump to behavior |
Uses secure TLS version for HTTPS connections | Show sources |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Process Injection1 | Masquerading1 | OS Credential Dumping | File and Directory Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Encrypted Channel2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Process Injection1 | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
100% | SlashNext | Fake Login Page type: Phishing & Social Engineering |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
sistema.grutorax.com.br | 198.57.186.221 | true | false | unknown | |
googlehosted.l.googleusercontent.com | 142.250.186.33 | true | false | high | |
themes.googleusercontent.com | unknown | unknown | false | high | |
lh3.googleusercontent.com | unknown | unknown | false | high | |
lh4.googleusercontent.com | unknown | unknown | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
198.57.186.221 | unknown | United States | 46606 | UNIFIEDLAYER-AS-1US | false | |
142.250.186.33 | unknown | United States | 15169 | GOOGLEUS | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 356040 |
Start date: | 22.02.2021 |
Start time: | 13:46:48 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 3m 9s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://docs.google.com/document/d/e/2PACX-1vS36Y8R0dZPmbkK0kzlhwl7QP56-1X6JRq34lZp4A2cukPSL9y0gFPCpMx8sjlWiW2dB5LySYzIsG8o/pub |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal60.phis.win@3/20@4/2 |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30296 |
Entropy (8bit): | 1.8499466969897256 |
Encrypted: | false |
SSDEEP: | 96:r4ZHZN2UWdjtdqbfdQ0DKMCvLqNRQhxfx0S6X:r4ZHZN2UWdjtdKfdQRMCGInfxcX |
MD5: | 8BAC526E41573A2CAD6867809E289F8C |
SHA1: | D5FE50B4C0B4BCB6CF4531F3B3189CAE541515CB |
SHA-256: | 2590174882504E6F61E151A33E0CE48BE66C771624370A199C24220DE325F75D |
SHA-512: | D11C8740FA2B8803811D31A36D3729097E63AC336DB7FDBD411EBB913EA136FD4A9648D76B1133B57C91DC52DF13486BBEC515ECDA090F5F1AF59979A02C29D5 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 38740 |
Entropy (8bit): | 2.1911165499795384 |
Encrypted: | false |
SSDEEP: | 384:rF/xJzEUADimvNFrx0/vVWE+9/vVV2/vzB:hmFFra/qkV |
MD5: | 70A44A40BDDDC93B74937EEA2B161F35 |
SHA1: | FF2304139B1433D23D5C9D8B8F30D1E7D5346715 |
SHA-256: | 5B6F8DA7B342BE20F5A20829087B6C6C708111F95C871C8A97D4F077892ED401 |
SHA-512: | D2CBB56DEE5AA2EAC847F769E29362A1B48933DB529EA8DE43CC180AD8072C24FB59F7B8E6A2A91F2BD8EAD55BA3D2088C38BC35FC5FC06C98319E1CD470B8A0 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16984 |
Entropy (8bit): | 1.5647969432177713 |
Encrypted: | false |
SSDEEP: | 48:IwYGcprVGwpaHG4pQDGrapbSqcGQpKqoG7HpRL7TGIpG:rsZ/Qp6nBSfAqzTVA |
MD5: | F3AAF30E0EA9BA988B3222AA8C6774AF |
SHA1: | FC3FF6B7B3BEE662CD192D62420148975FD12EB7 |
SHA-256: | 72CA8EC618DCB613611C3A3E21D0CCEA04E8789AEDDB8B310D354AB8AA8EFCE0 |
SHA-512: | CCA4614AFD97CED38EAD98F1BA49BBFFACBAB356251A795D0E8D8BAB4BC7B7BC352640212A31AB32BEC2B8A0983E1D422E3ACC6CE8DDD93B346CD010494F8896 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 31152 |
Entropy (8bit): | 2.9003224583168437 |
Encrypted: | false |
SSDEEP: | 96:BzshzQhzOhze8rTruQ4vIJct+MP47v+rcqlBPG9u:BwhkhyhXPH4vI6tFPqWceBPGU |
MD5: | F8F41CAF30ED7E844025B007842A2CBD |
SHA1: | 26EB3E0EA6B4048955592D0693866AC0FD3B8BDF |
SHA-256: | 1C10F3654C77AF129B830F84DF443342CE3D7D270540DB9F96DF2DA662AF01C1 |
SHA-512: | 8B466C074C72D59763B25F25B3DC5E8F97882E6A57F2D7E8C174D052BC011B26E1B20160956BA63519F28C860E06124AA17CB1209D2AA73B742CE9144491E9C5 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 26228 |
Entropy (8bit): | 7.98323449413518 |
Encrypted: | false |
SSDEEP: | 768:DBOEuz6T0146JY/J6unqhOYK0GJenzOoyo6:DBHuea4j/vnqo304enzUo6 |
MD5: | 6DD4AD69D53830BDF5232A13482BD50D |
SHA1: | 6FFF1079D7E5D02A2259CB5D7833E790239E01CF |
SHA-256: | 5CE48D9E9D748AD4686094D3CC33F5AE1E272A5B618F5C6D146C4D12EF02E4A6 |
SHA-512: | FC91E8C4EAE384D38667E330C5A5E4BF82EBAC9A23AB88439D7C22CCDD125DE7F1371DD953F18DEE60EF68B680DF49A32F684157D90F20E1DAC3BFFC9DF84118 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 20268 |
Entropy (8bit): | 7.970212610239314 |
Encrypted: | false |
SSDEEP: | 384:LyfRPUY1e32pJd75q1DzPjsnouCrZsZtetWFNFfIP0cIWvdzNcrm:uJPb1em3dSPjKrZYtWntk0wvdzh |
MD5: | 60FA3C0614B8FB2F394FA29944C21540 |
SHA1: | 42C8AE79841C592A26633F10EE9A26C75BCF9273 |
SHA-256: | C1DC87F99C7FF228806117D58F085C6C573057FA237228081802B7D8D3CF7684 |
SHA-512: | C921362A52F3187224849EB566E297E48842D121E88C33449A5C6C1193FD4842BBD3EF181D770ADE9707011EB6F4078947B8165FAD51C72C17F43B592439FFF4 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 200 |
Entropy (8bit): | 5.177017569671991 |
Encrypted: | false |
SSDEEP: | 3:0SYWFFWlIYCT9RI5XwDKLRIHDfFS/w7fqzrZqcdaQEhUbzBwwhpE+JaroYARNin:0IFFT9+56ZN7izlpdaQEmwoNin |
MD5: | 299E5536FF21691E44E713F5159F0144 |
SHA1: | 87E21E6574830098ED6148DD4C85FDDA79A190A2 |
SHA-256: | 2A4CD4B8CB518E6C2A54DCB5AF6DD4E31C7B2DB95885618374790567B570FDDE |
SHA-512: | C2AA36CD1762FAF41CDE8D1B61098B48A24E151455AA8BF995B0AC6644B123A8DC5DF7F33B64F876BC70FB7FB3DDD573EAF4FCD77D94D2E26E2C3632868C62E7 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://themes.googleusercontent.com/fonts/css?kit=fND5XPYKrF2tQDwwfWZJI_esZW2xOQ-xsNqO47m55DA |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 5430 |
Entropy (8bit): | 3.6534652184263736 |
Encrypted: | false |
SSDEEP: | 48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B |
MD5: | F3418A443E7D841097C714D69EC4BCB8 |
SHA1: | 49263695F6B0CDD72F45CF1B775E660FDC36C606 |
SHA-256: | 6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770 |
SHA-512: | 82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://www.google.com/favicon.ico |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 12049 |
Entropy (8bit): | 7.93004560955902 |
Encrypted: | false |
SSDEEP: | 192:CkHcS55FDTSY98UnT4oO33jhNGESADIzUcHGxepbSKECd+vw/LCem:7HcKOg8QTG3lNGESPQ8eepbTE9w/hm |
MD5: | 725E08D8355D5E5EF594BC7F24A201ED |
SHA1: | 5E0A8C9049263DCBF536D4C7578B4FBDEB7AD24F |
SHA-256: | B8B87775AC7705E550594D7D55725C3B71F20EDCBA59F480F39B4C58F9678974 |
SHA-512: | 18BB56EE5BFB5D99C636E7548D4B1AE7077E012BED84735DC370D4B63652DD8E7755D294B95D26B1D2075F916D1D116ED0BB96D312735AB6731A55F6647D56BB |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://lh4.googleusercontent.com/592S7q3HqTUOgiQvkzddFGMOaqBqKIpIo48LskWavhxGbCFORGwwPJB3K3jyWmt0xYjvSY2UR7CZhkg-926OjSMhfal75tLD0ppJ97g17xceT_YJ2MgwMCMh2R9lfOYiUNwJgL9DmQ8 |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 29387 |
Entropy (8bit): | 7.922876676354205 |
Encrypted: | false |
SSDEEP: | 768:OPO3ZDhE75ouUQLxayXkuWvz0k2myVg+OBd6BYivMi7LNCA:OPcFhcokEugOOBwJUidCA |
MD5: | 531849F0619292487D853DD849FCF7E0 |
SHA1: | 5B2BB8260E32AC1A42B53554CCD6CD94444BEFC6 |
SHA-256: | B78D196123C38608C682D18044393EE9ED9B856F2B714FAC148EC70BFBC13413 |
SHA-512: | A9C2AA4DC9B31768B15B08BA3F2565CDC38762DAAE2E87F784B050D2BCA7860192FD664F4201F99053031B941D1CF856D0E73D08D6F2574D80C2ADF7A5C6EE4F |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://lh4.googleusercontent.com/4lqrNCf-I_g3G-ZRjSCrk4CzHer9-aZGLVZMAv1E5urrkm5iZ-6srIQnL3bv29zPMlpUBQWj5ytAEAT5v7oOq4QJUkQeGVggtZOPl1H3A1MKCWmkAnLJsliSgdV0_yyZGkrYG797Rlg |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 27552 |
Entropy (8bit): | 5.599495403334055 |
Encrypted: | false |
SSDEEP: | 768:eXSFQp52xbbSBhyseWv/qUKTRAaUy/d3Lq2h:QSwqbbChyuqUKnU+h |
MD5: | B7580D63B1D39780442FC9B04A46CDF1 |
SHA1: | 63F54A69C62E23062802A11323A1A7EC40233CB4 |
SHA-256: | ECB8DFB88C6FBED4FB520BF0BE78DB5CA9B0A7275CE9E3D325F0910E540A5BEC |
SHA-512: | AA7CDF009BF5AABDA3DBA55705473CD720F0EE6E7137EB69B657B4AE2149BB8688AD8B8E3305400C831DF4DB6EFA22E3F6B58803577BB3F7E47957D576828EA7 |
Malicious: | true |
Yara Hits: |
|
Reputation: | low |
IE Cache URL: | https://docs.google.com/document/d/e/2PACX-1vS36Y8R0dZPmbkK0kzlhwl7QP56-1X6JRq34lZp4A2cukPSL9y0gFPCpMx8sjlWiW2dB5LySYzIsG8o/pub |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 61388 |
Entropy (8bit): | 7.993967349078421 |
Encrypted: | true |
SSDEEP: | 1536:hhX7ypR+h5H9tqSqyA77uzVYx82cApc4jyQCbRzGo+MV:hpypRs9tJTe7CYizPbVN |
MD5: | CFB5C0742DA82A266683A456BD187A65 |
SHA1: | 72AC8AE58D8D0C0D3993AA0E0CA10FA73DD368CF |
SHA-256: | BEC58022290FCB93EF158217B1E44E84D157676661F32397C24325F7075B95FE |
SHA-512: | CC7D93AB38DECC9253E152AFFF6DE65E14187D2EC0B50471645CA64468451C3947A586BE3B917B082F0AB98FDDC0FCC96DCDD9CF16CB3253A6C65B585783B4C1 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://fonts.gstatic.com/s/comfortaa/v30/1Pt_g8LJRfWJmhDAuUsSQamb1W0lwk4S4Y_LPrc.woff |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 18614 |
Entropy (8bit): | 7.979504934178646 |
Encrypted: | false |
SSDEEP: | 384:Vm5PquWXN88M8o0fXOJ5n4RxcJBhfmk6sdddN3OIsTpt8+:V5vo9G84jcJLfmk6sdd/cptH |
MD5: | 0E3159ED1CEE1DF6B6A60296D3B18AAC |
SHA1: | E002ACC6972C907FFD019D02D8CA7920FF22F932 |
SHA-256: | 55E029B8C2321F0511F2B35A30EB2293A84C7AC9495AC27C611DD7759AFFE4D6 |
SHA-512: | 6762EE042B89581A99ED9B08A35750DBE35F33CC72C30028696F94B1DC6FA5A3D733221DA5F707D8813920911A42AC607706D53056417E2EEB1ACA0B2CCBD6C8 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://lh3.googleusercontent.com/FCtkh_cVMnq9w0w2EefouDOYE-kLx6conTHn_lapO1sUkLA_arG-RSCq96SJ6DsgqqVWiXiJCCzuTPizqbHocOwbMXoUwK6Y9cclsPnDcIvwaJtunw6rWNOeV1DCKq6I3kSU0Y1ai4A |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 385 |
Entropy (8bit): | 5.245699587623391 |
Encrypted: | false |
SSDEEP: | 6:wBzkrQWR0iYBtqW3kUWPq2JlKIOhlKX0nxSk7uR1lKX0n+i71QrizYhlKX0nzYP:4krY1trWPqf9lKOa1lKO+yQrphlKOzW |
MD5: | 2CAC2C892785EBED250299E211CEA207 |
SHA1: | C5D1BC01ED9231537522A9E779D44540686AC2BE |
SHA-256: | 62ECD67771DE62B2C2646A6FA1E67D193227D899448819D93301B1D761904CF4 |
SHA-512: | D5B17CA7B9C9F57701473F049BCA0838CEC26A59719FAA98D4D523D1A69C0EA9FB38CA3C668F3DD5F1E5BDD9AE2772A02551A3E1BDE864C577CC38077F614B71 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://www.google.com/url?q=https://sistema.grutorax.com.br/deliver.php&sa=D&source=editors&ust=1614001527126000&usg=AOvVaw0GiDoyOTkh628z3iR_UBkW |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 175 |
Entropy (8bit): | 5.036499950322848 |
Encrypted: | false |
SSDEEP: | 3:0SYWFFWlIYCzHRiRI5XwDKLRIHDfFRWdFTfqzrZqcdAqsKTFEfENRgVoYARNin:0IFFli+56ZRWHTizlpdAxIFGVuNin |
MD5: | 941B0F885D63EB60090D1DE0B493F1E2 |
SHA1: | 456CBAE17E153391F0745E190A2FE44B9AD39A20 |
SHA-256: | 4B1CEC019735D77E1DCB6911A520BFA438A2B5E027BD2799DE1EB83F2A110659 |
SHA-512: | 01572411E7BA21E1B6FDCF7DFB6BA4BB17D14D8EAD7DE76018FE98753AA3DF5939A3B9DA46BE4EFB30041CDA5BA869B08F2658A134D0ABD738AB0C6B1F2F83EE |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://fonts.googleapis.com/css?family=Roboto |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 256 |
Entropy (8bit): | 5.0467196072933 |
Encrypted: | false |
SSDEEP: | 6:U+4OUr940FF/5+56ZRWHTizlpdAqoSENin:UJO6940FF5O6ZRoT6pWqoSEY |
MD5: | B32DCA61F65F0FBBB5C2BAFFFA93DEC6 |
SHA1: | 8A003419BFC888A206D39568184924AE04132779 |
SHA-256: | 104B5902DA8676DD427E84A0C0D78B98A0DABA5A889BD39FF20776A8B802E502 |
SHA-512: | 2CA56DF9F7C13D390E50A83718918B0C0B2CC729E780E44A686AC454F3C7762DB79310DCE2E8545001E8EF5B6D166C7185F1A3A29481A2DB856B8BD70ED37D13 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://fonts.googleapis.com/css?family=Google+Sans |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 24838 |
Entropy (8bit): | 2.2699128030598548 |
Encrypted: | false |
SSDEEP: | 12:vqUaRqwaRQnaRgnaRqwaRSC2mxiUkatcQaxbgdUeZeZY8rTrivkqoeZhcEay:CUODTuXC2mxTgxCV8rTruBHhSy |
MD5: | 833F495423709EE4A2C87EE1E4C2A7AA |
SHA1: | E2CB41D31524366260AE3DA9A6A33ED67D2514FF |
SHA-256: | D40E9376B2F8C8FA5E0372C3DDACB5F6044539CF1D264BBCBEE8057DAF71ED96 |
SHA-512: | BE6843273049316C87962417FBE97719DFDF1C81B1B1CD9A3AA41DA3A4DB2EDFB8843A261DB7D11FD6B7493763845D1883F4749BE9566D6F2ED836EA9C2042D3 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://ssl.gstatic.com/docs/documents/images/kix-favicon7.ico |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13029 |
Entropy (8bit): | 0.4802844706621096 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9loW9loG9lWLplBLv:kBqoIRX9lh |
MD5: | 4BC594F8DDB646ABE45BDD0ED577BCFD |
SHA1: | 9BA74D0F29A8FFD695BA1FA304F6B035FFAD6910 |
SHA-256: | D36278CB1378BF4B5317425ED14F7D39AAAF190791747F2A2BCBDCE31507DA82 |
SHA-512: | E0CC74272258A8524E8A5518B512FED7A9ACE79EC9DACC1029D7C2126784954D2E19F39E046357D70CCA358E9AE50D9EF30C8B828CD3544E13CFF643AB48E4C6 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 25441 |
Entropy (8bit): | 0.2879420929574197 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laAVX0X:kBqoxxJhHWSVSEaby |
MD5: | 36596CACD520D8F7144D4A8CB75643F7 |
SHA1: | 8723A12E9A8A0AF5951AF4E515698B2CD0C9DD62 |
SHA-256: | AC425D4E10B51CFB1FA6DCDFB271B4DD53E6243ECED374250F225B0EB4FECEFD |
SHA-512: | 241C765910992B23FDCAA256DB651F3F8DFCC669D4926D1F55EAC962763209693B74719E3FEA65F10B9661660A617080A379071F460B25E4C4172BC52B6F5A8E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 48809 |
Entropy (8bit): | 0.6443837718611066 |
Encrypted: | false |
SSDEEP: | 192:kBqoxKAuqR+QWMNWZVU4U1hyU6UCtUdKVUoAY5jYT5:kBqoxKAuqR+QWMNWZiTvNFr0iot5UT5 |
MD5: | E2B3411C19850115607E7DEB6E81AE55 |
SHA1: | 8A7FB30D3B36D6AE0F8AC195344DE8A4AEDD127A |
SHA-256: | 4E2DFF000E54ED8C7129669780336A6CC00FB289BC8BBC7768CA4CF8104860C0 |
SHA-512: | E9A39DF49942F26A2D4F400F08CBB2903F88D1596658AA22EB50E197BBC772C90E5A6FA57FD4AA677CDC17EC0796C1CF6DD48D50347722515B34C10BC0A27CD6 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
No static file info |
---|
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 22, 2021 13:47:42.843142986 CET | 49722 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.844665051 CET | 49723 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.846417904 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.846636057 CET | 49725 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.847922087 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.848042011 CET | 49727 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.891593933 CET | 443 | 49722 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.891690969 CET | 49722 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.892630100 CET | 49722 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.894856930 CET | 443 | 49724 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.894948959 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.895775080 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.895833969 CET | 443 | 49723 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.895912886 CET | 49723 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.896183968 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.896212101 CET | 443 | 49727 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.896255970 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.896378040 CET | 49727 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.897777081 CET | 443 | 49725 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.897876978 CET | 49725 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.904458046 CET | 49723 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.904592037 CET | 49725 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.904628038 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.909485102 CET | 49727 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.940928936 CET | 443 | 49722 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.944108009 CET | 443 | 49724 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.947987080 CET | 443 | 49722 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.948012114 CET | 443 | 49722 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.948026896 CET | 443 | 49722 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.948043108 CET | 443 | 49722 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.948054075 CET | 49722 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.948076963 CET | 49722 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.948890924 CET | 49722 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.951179981 CET | 443 | 49724 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.951209068 CET | 443 | 49724 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.951227903 CET | 443 | 49724 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.951246023 CET | 443 | 49724 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.951297998 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.951338053 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.952976942 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.955667019 CET | 443 | 49725 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.955689907 CET | 443 | 49723 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.957799911 CET | 443 | 49727 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.958120108 CET | 49722 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.958318949 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.958770037 CET | 49722 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.958906889 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.959026098 CET | 49722 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.959059000 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.960130930 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.960154057 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.960170984 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.960186958 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.960199118 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.960242033 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.962675095 CET | 443 | 49723 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.962702036 CET | 443 | 49723 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.962718010 CET | 443 | 49723 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.962774992 CET | 49723 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.962794065 CET | 443 | 49723 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.962819099 CET | 49723 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.962866068 CET | 49723 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.963296890 CET | 443 | 49725 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.963315010 CET | 443 | 49725 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.963335991 CET | 443 | 49725 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.963352919 CET | 443 | 49725 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.963356018 CET | 49725 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.963388920 CET | 49725 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.963445902 CET | 49725 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.964932919 CET | 443 | 49727 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.965008020 CET | 49727 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.965017080 CET | 443 | 49727 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.965039968 CET | 443 | 49727 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.965058088 CET | 443 | 49727 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:42.965121031 CET | 49727 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.965135098 CET | 49727 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.965138912 CET | 49727 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.965468884 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.965908051 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.966466904 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.966872931 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.969964027 CET | 49723 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.970381975 CET | 49723 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.971132994 CET | 49725 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.971517086 CET | 49725 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.971852064 CET | 49727 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:42.972348928 CET | 49727 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.009294033 CET | 443 | 49722 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.009325027 CET | 443 | 49722 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.009351015 CET | 443 | 49724 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.009371042 CET | 49722 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.009376049 CET | 443 | 49724 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.009414911 CET | 49722 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.009464025 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.009479046 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.009773016 CET | 443 | 49722 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.009843111 CET | 49722 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.009865046 CET | 443 | 49724 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.009910107 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.010364056 CET | 49722 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.010373116 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.014720917 CET | 443 | 49724 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.015876055 CET | 443 | 49722 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.016129971 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.016191006 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.016194105 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.016233921 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.016305923 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.016347885 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.017035007 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.017338991 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.019051075 CET | 443 | 49722 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.019079924 CET | 443 | 49722 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.019098043 CET | 443 | 49722 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.019109964 CET | 443 | 49722 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.019117117 CET | 49722 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.019432068 CET | 49722 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.019443035 CET | 49722 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.020324945 CET | 443 | 49727 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.020347118 CET | 443 | 49727 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.020399094 CET | 49727 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.020438910 CET | 49727 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.020642996 CET | 443 | 49727 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.020776987 CET | 49727 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.021158934 CET | 49727 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.021657944 CET | 443 | 49723 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.021678925 CET | 443 | 49723 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.021753073 CET | 443 | 49723 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.021754026 CET | 49723 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.021792889 CET | 49723 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.021797895 CET | 49723 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.022490025 CET | 443 | 49725 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.022579908 CET | 49725 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.022588968 CET | 443 | 49725 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.022653103 CET | 49725 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.023053885 CET | 443 | 49725 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.023133993 CET | 49725 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.023159027 CET | 49725 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.023550034 CET | 49723 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.058871984 CET | 443 | 49724 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.064137936 CET | 443 | 49722 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.067806005 CET | 443 | 49722 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.069468975 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.074421883 CET | 443 | 49727 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.079305887 CET | 443 | 49723 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.079466105 CET | 443 | 49725 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.143589973 CET | 443 | 49724 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.143624067 CET | 443 | 49724 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.143642902 CET | 443 | 49724 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.143660069 CET | 443 | 49724 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.143687010 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.143712997 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.147001982 CET | 443 | 49724 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.147032976 CET | 443 | 49724 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.147088051 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.147126913 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.150367975 CET | 443 | 49724 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.150397062 CET | 443 | 49724 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.150439024 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.150469065 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.153811932 CET | 443 | 49724 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.153850079 CET | 443 | 49724 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.153892040 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.156160116 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.157172918 CET | 443 | 49724 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.157212973 CET | 443 | 49724 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.157241106 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.157258034 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.160583973 CET | 443 | 49724 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.160612106 CET | 443 | 49724 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.160835981 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.163989067 CET | 443 | 49724 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.164022923 CET | 443 | 49724 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.164073944 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.164093018 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.164345026 CET | 49724 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.189261913 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.189307928 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.189332008 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.189346075 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.189352036 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.189379930 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.189420938 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.192584991 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.192620039 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.192656994 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.192682981 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.196012020 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.196065903 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.196075916 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.196111917 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.199384928 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.199415922 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.199568033 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.202778101 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.202812910 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.202856064 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.202882051 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.206131935 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.206161022 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.206199884 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.206223011 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.209558964 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.209594965 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.209687948 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.212744951 CET | 443 | 49724 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.212821007 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.212891102 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.237699986 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.237726927 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.237772942 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.237796068 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.239408016 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.239434958 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.239465952 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.242789984 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.242819071 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.242845058 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.242878914 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.246222019 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.246252060 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.246296883 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.246320963 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.246690989 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.249557018 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.249588013 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.249619961 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.249641895 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.253015041 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.253055096 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.253108978 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.253132105 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.256361008 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.256397963 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.256428957 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.256458044 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.259761095 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.259797096 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:47:43.260241032 CET | 49726 | 443 | 192.168.2.5 | 142.250.186.33 |
Feb 22, 2021 13:47:43.294923067 CET | 443 | 49726 | 142.250.186.33 | 192.168.2.5 |
Feb 22, 2021 13:48:03.170290947 CET | 49740 | 443 | 192.168.2.5 | 198.57.186.221 |
Feb 22, 2021 13:48:03.170317888 CET | 49741 | 443 | 192.168.2.5 | 198.57.186.221 |
Feb 22, 2021 13:48:03.353754997 CET | 443 | 49740 | 198.57.186.221 | 192.168.2.5 |
Feb 22, 2021 13:48:03.353781939 CET | 443 | 49741 | 198.57.186.221 | 192.168.2.5 |
Feb 22, 2021 13:48:03.353868008 CET | 49740 | 443 | 192.168.2.5 | 198.57.186.221 |
Feb 22, 2021 13:48:03.353918076 CET | 49741 | 443 | 192.168.2.5 | 198.57.186.221 |
Feb 22, 2021 13:48:03.355197906 CET | 49740 | 443 | 192.168.2.5 | 198.57.186.221 |
Feb 22, 2021 13:48:03.355492115 CET | 49741 | 443 | 192.168.2.5 | 198.57.186.221 |
Feb 22, 2021 13:48:03.538676023 CET | 443 | 49740 | 198.57.186.221 | 192.168.2.5 |
Feb 22, 2021 13:48:03.538788080 CET | 443 | 49741 | 198.57.186.221 | 192.168.2.5 |
Feb 22, 2021 13:48:03.542156935 CET | 443 | 49741 | 198.57.186.221 | 192.168.2.5 |
Feb 22, 2021 13:48:03.542181015 CET | 443 | 49740 | 198.57.186.221 | 192.168.2.5 |
Feb 22, 2021 13:48:03.542192936 CET | 443 | 49740 | 198.57.186.221 | 192.168.2.5 |
Feb 22, 2021 13:48:03.542201996 CET | 443 | 49740 | 198.57.186.221 | 192.168.2.5 |
Feb 22, 2021 13:48:03.542215109 CET | 443 | 49741 | 198.57.186.221 | 192.168.2.5 |
Feb 22, 2021 13:48:03.542223930 CET | 443 | 49741 | 198.57.186.221 | 192.168.2.5 |
Feb 22, 2021 13:48:03.542332888 CET | 49741 | 443 | 192.168.2.5 | 198.57.186.221 |
Feb 22, 2021 13:48:03.542433977 CET | 49740 | 443 | 192.168.2.5 | 198.57.186.221 |
Feb 22, 2021 13:48:03.542457104 CET | 49740 | 443 | 192.168.2.5 | 198.57.186.221 |
Feb 22, 2021 13:48:03.543632984 CET | 49741 | 443 | 192.168.2.5 | 198.57.186.221 |
Feb 22, 2021 13:48:03.555727005 CET | 49741 | 443 | 192.168.2.5 | 198.57.186.221 |
Feb 22, 2021 13:48:03.556659937 CET | 49741 | 443 | 192.168.2.5 | 198.57.186.221 |
Feb 22, 2021 13:48:03.563060999 CET | 49740 | 443 | 192.168.2.5 | 198.57.186.221 |
Feb 22, 2021 13:48:03.740750074 CET | 443 | 49741 | 198.57.186.221 | 192.168.2.5 |
Feb 22, 2021 13:48:03.740967035 CET | 49741 | 443 | 192.168.2.5 | 198.57.186.221 |
Feb 22, 2021 13:48:03.749710083 CET | 443 | 49740 | 198.57.186.221 | 192.168.2.5 |
Feb 22, 2021 13:48:03.749821901 CET | 49740 | 443 | 192.168.2.5 | 198.57.186.221 |
Feb 22, 2021 13:48:03.780376911 CET | 443 | 49741 | 198.57.186.221 | 192.168.2.5 |
Feb 22, 2021 13:48:03.802350044 CET | 443 | 49741 | 198.57.186.221 | 192.168.2.5 |
Feb 22, 2021 13:48:03.802459002 CET | 49741 | 443 | 192.168.2.5 | 198.57.186.221 |
Feb 22, 2021 13:48:03.807432890 CET | 443 | 49741 | 198.57.186.221 | 192.168.2.5 |
Feb 22, 2021 13:48:03.807564974 CET | 49741 | 443 | 192.168.2.5 | 198.57.186.221 |
Feb 22, 2021 13:48:03.868493080 CET | 49741 | 443 | 192.168.2.5 | 198.57.186.221 |
Feb 22, 2021 13:48:04.052089930 CET | 443 | 49741 | 198.57.186.221 | 192.168.2.5 |
Feb 22, 2021 13:48:04.055861950 CET | 443 | 49741 | 198.57.186.221 | 192.168.2.5 |
Feb 22, 2021 13:48:04.055980921 CET | 49741 | 443 | 192.168.2.5 | 198.57.186.221 |
Feb 22, 2021 13:48:09.060528040 CET | 443 | 49741 | 198.57.186.221 | 192.168.2.5 |
Feb 22, 2021 13:48:09.060597897 CET | 443 | 49741 | 198.57.186.221 | 192.168.2.5 |
Feb 22, 2021 13:48:09.060632944 CET | 49741 | 443 | 192.168.2.5 | 198.57.186.221 |
Feb 22, 2021 13:48:09.060751915 CET | 49741 | 443 | 192.168.2.5 | 198.57.186.221 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 22, 2021 13:47:28.579488039 CET | 53 | 54795 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:47:29.081240892 CET | 49557 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:47:29.130018950 CET | 53 | 49557 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:47:29.213445902 CET | 61733 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:47:29.270680904 CET | 53 | 61733 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:47:30.177751064 CET | 65447 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:47:30.231750965 CET | 53 | 65447 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:47:31.330466032 CET | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:47:31.389437914 CET | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:47:32.383229017 CET | 62176 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:47:32.432071924 CET | 53 | 62176 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:47:34.732259989 CET | 59596 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:47:34.783767939 CET | 53 | 59596 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:47:36.261358976 CET | 65296 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:47:36.312880993 CET | 53 | 65296 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:47:37.544635057 CET | 63183 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:47:37.603614092 CET | 53 | 63183 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:47:40.839432955 CET | 60151 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:47:40.890913963 CET | 53 | 60151 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:47:41.899943113 CET | 56969 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:47:41.951435089 CET | 53 | 56969 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:47:42.125833035 CET | 55161 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:47:42.196686029 CET | 53 | 55161 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:47:42.737571955 CET | 54757 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:47:42.743611097 CET | 49992 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:47:42.759917021 CET | 60075 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:47:42.771945953 CET | 55016 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:47:42.806308985 CET | 53 | 54757 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:47:42.823281050 CET | 53 | 49992 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:47:42.838263988 CET | 53 | 55016 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:47:42.841267109 CET | 53 | 60075 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:47:43.041116953 CET | 64345 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:47:43.118774891 CET | 53 | 64345 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:47:43.191967010 CET | 57128 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:47:43.240489960 CET | 53 | 57128 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:47:43.527733088 CET | 54791 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:47:43.595779896 CET | 53 | 54791 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:47:58.134505987 CET | 50463 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:47:58.196333885 CET | 53 | 50463 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:48:00.391664028 CET | 50394 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:48:00.440352917 CET | 53 | 50394 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:48:02.617014885 CET | 58530 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:48:02.668056011 CET | 53 | 58530 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:48:03.110430002 CET | 53813 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:48:03.167943954 CET | 53 | 53813 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:48:07.579848051 CET | 63732 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:48:07.631057978 CET | 53 | 63732 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:48:08.588836908 CET | 63732 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:48:08.639566898 CET | 53 | 63732 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:48:09.604624987 CET | 63732 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:48:09.632874966 CET | 57344 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:48:09.653196096 CET | 53 | 63732 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:48:09.681458950 CET | 53 | 57344 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:48:11.633071899 CET | 63732 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:48:11.684047937 CET | 53 | 63732 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:48:11.862690926 CET | 54450 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:48:11.914146900 CET | 53 | 54450 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:48:12.871073008 CET | 54450 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:48:12.924257994 CET | 53 | 54450 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 13:48:13.870352983 CET | 54450 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 13:48:13.921763897 CET | 53 | 54450 | 8.8.8.8 | 192.168.2.5 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Feb 22, 2021 13:47:42.743611097 CET | 192.168.2.5 | 8.8.8.8 | 0xb2da | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:47:42.759917021 CET | 192.168.2.5 | 8.8.8.8 | 0x6715 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:47:42.771945953 CET | 192.168.2.5 | 8.8.8.8 | 0x1674 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 13:48:03.110430002 CET | 192.168.2.5 | 8.8.8.8 | 0x9634 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Feb 22, 2021 13:47:42.823281050 CET | 8.8.8.8 | 192.168.2.5 | 0xb2da | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
Feb 22, 2021 13:47:42.823281050 CET | 8.8.8.8 | 192.168.2.5 | 0xb2da | No error (0) | 142.250.186.33 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:47:42.838263988 CET | 8.8.8.8 | 192.168.2.5 | 0x1674 | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
Feb 22, 2021 13:47:42.838263988 CET | 8.8.8.8 | 192.168.2.5 | 0x1674 | No error (0) | 142.250.186.33 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:47:42.841267109 CET | 8.8.8.8 | 192.168.2.5 | 0x6715 | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
Feb 22, 2021 13:47:42.841267109 CET | 8.8.8.8 | 192.168.2.5 | 0x6715 | No error (0) | 142.250.186.33 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 13:48:03.167943954 CET | 8.8.8.8 | 192.168.2.5 | 0x9634 | No error (0) | 198.57.186.221 | A (IP address) | IN (0x0001) |
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Feb 22, 2021 13:47:42.948043108 CET | 142.250.186.33 | 443 | 192.168.2.5 | 49722 | CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US | CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 | Tue Jan 26 10:05:02 CET 2021 Thu Jun 15 02:00:42 CEST 2017 | Tue Apr 20 11:05:01 CEST 2021 Wed Dec 15 01:00:42 CET 2021 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=GTS CA 1O1, O=Google Trust Services, C=US | CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 | Thu Jun 15 02:00:42 CEST 2017 | Wed Dec 15 01:00:42 CET 2021 | |||||||
Feb 22, 2021 13:47:42.951246023 CET | 142.250.186.33 | 443 | 192.168.2.5 | 49724 | CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US | CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 | Tue Jan 26 10:05:02 CET 2021 Thu Jun 15 02:00:42 CEST 2017 | Tue Apr 20 11:05:01 CEST 2021 Wed Dec 15 01:00:42 CET 2021 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=GTS CA 1O1, O=Google Trust Services, C=US | CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 | Thu Jun 15 02:00:42 CEST 2017 | Wed Dec 15 01:00:42 CET 2021 | |||||||
Feb 22, 2021 13:47:42.960186958 CET | 142.250.186.33 | 443 | 192.168.2.5 | 49726 | CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US | CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 | Tue Jan 26 10:05:02 CET 2021 Thu Jun 15 02:00:42 CEST 2017 | Tue Apr 20 11:05:01 CEST 2021 Wed Dec 15 01:00:42 CET 2021 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=GTS CA 1O1, O=Google Trust Services, C=US | CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 | Thu Jun 15 02:00:42 CEST 2017 | Wed Dec 15 01:00:42 CET 2021 | |||||||
Feb 22, 2021 13:47:42.962794065 CET | 142.250.186.33 | 443 | 192.168.2.5 | 49723 | CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US | CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 | Tue Jan 26 10:05:02 CET 2021 Thu Jun 15 02:00:42 CEST 2017 | Tue Apr 20 11:05:01 CEST 2021 Wed Dec 15 01:00:42 CET 2021 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=GTS CA 1O1, O=Google Trust Services, C=US | CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 | Thu Jun 15 02:00:42 CEST 2017 | Wed Dec 15 01:00:42 CET 2021 | |||||||
Feb 22, 2021 13:47:42.963352919 CET | 142.250.186.33 | 443 | 192.168.2.5 | 49725 | CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US | CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 | Tue Jan 26 10:05:02 CET 2021 Thu Jun 15 02:00:42 CEST 2017 | Tue Apr 20 11:05:01 CEST 2021 Wed Dec 15 01:00:42 CET 2021 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=GTS CA 1O1, O=Google Trust Services, C=US | CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 | Thu Jun 15 02:00:42 CEST 2017 | Wed Dec 15 01:00:42 CET 2021 | |||||||
Feb 22, 2021 13:47:42.965058088 CET | 142.250.186.33 | 443 | 192.168.2.5 | 49727 | CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US | CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 | Tue Jan 26 10:05:02 CET 2021 Thu Jun 15 02:00:42 CEST 2017 | Tue Apr 20 11:05:01 CEST 2021 Wed Dec 15 01:00:42 CET 2021 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=GTS CA 1O1, O=Google Trust Services, C=US | CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 | Thu Jun 15 02:00:42 CEST 2017 | Wed Dec 15 01:00:42 CET 2021 | |||||||
Feb 22, 2021 13:48:03.542192936 CET | 198.57.186.221 | 443 | 192.168.2.5 | 49740 | CN=sistema.grutorax.com.br CN=R3, O=Let's Encrypt, C=US | CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co. | Thu Jan 21 04:24:15 CET 2021 Wed Oct 07 21:21:40 CEST 2020 | Wed Apr 21 05:24:15 CEST 2021 Wed Sep 29 21:21:40 CEST 2021 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=R3, O=Let's Encrypt, C=US | CN=DST Root CA X3, O=Digital Signature Trust Co. | Wed Oct 07 21:21:40 CEST 2020 | Wed Sep 29 21:21:40 CEST 2021 | |||||||
Feb 22, 2021 13:48:03.542215109 CET | 198.57.186.221 | 443 | 192.168.2.5 | 49741 | CN=sistema.grutorax.com.br CN=R3, O=Let's Encrypt, C=US | CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co. | Thu Jan 21 04:24:15 CET 2021 Wed Oct 07 21:21:40 CEST 2020 | Wed Apr 21 05:24:15 CEST 2021 Wed Sep 29 21:21:40 CEST 2021 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=R3, O=Let's Encrypt, C=US | CN=DST Root CA X3, O=Digital Signature Trust Co. | Wed Oct 07 21:21:40 CEST 2020 | Wed Sep 29 21:21:40 CEST 2021 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 13:47:36 |
Start date: | 22/02/2021 |
Path: | C:\Program Files\internet explorer\iexplore.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d2ed0000 |
File size: | 823560 bytes |
MD5 hash: | 6465CB92B25A7BC1DF8E01D8AC5E7596 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 13:47:40 |
Start date: | 22/02/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1e0000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Disassembly |
---|