Analysis Report https://nliwierfrf.gb.net/xcvbn/?sicmalsnj3f3=83djnskjac4fr#gladhjef@wcps.k12.md.us
Overview
General Information
Detection
Score: | 72 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Dropped Files |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_HtmlPhish_10 | Yara detected HtmlPhish_10 | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Antivirus / Scanner detection for submitted sample | Show sources |
Source: | SlashNext: | |||
Source: | UrlScan: | Perma Link |
Antivirus detection for URL or domain | Show sources |
Source: | UrlScan: | Perma Link |
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Phishing: |
---|
Yara detected HtmlPhish_10 | Show sources |
Source: | File source: | ||
Source: | File source: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | Sample URL: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Compliance: |
---|
Uses new MSVCR Dlls | Show sources |
Source: | File opened: | Jump to behavior |
Uses secure TLS version for HTTPS connections | Show sources |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Process Injection1 | Masquerading1 | OS Credential Dumping | File and Directory Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Encrypted Channel2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Process Injection1 | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
100% | SlashNext | Fake Login Page type: Phishing & Social Engineering | ||
100% | UrlScan | phishing brand: generic email | Browse |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
6% | Virustotal | Browse | ||
8% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | UrlScan | phishing brand: generic email | Browse | |
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
nliwierfrf.gb.net | 104.129.25.9 | true | true |
| unknown |
www.politikesgeuseis.gr | 35.214.201.112 | true | false |
| unknown |
cdnjs.cloudflare.com | 104.16.18.94 | true | false | high | |
stackpath.bootstrapcdn.com | unknown | unknown | false | high | |
ka-f.fontawesome.com | unknown | unknown | false | high | |
code.jquery.com | unknown | unknown | false | high | |
kit.fontawesome.com | unknown | unknown | false | high | |
maxcdn.bootstrapcdn.com | unknown | unknown | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true | unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
true |
| unknown | ||
false | high | |||
true |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| low | ||
false |
| low | ||
false | high | |||
true |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
true |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.129.25.9 | unknown | United States | 8100 | ASN-QUADRANET-GLOBALUS | true | |
35.214.201.112 | unknown | United States | 19527 | GOOGLE-2US | false | |
104.16.18.94 | unknown | United States | 13335 | CLOUDFLARENETUS | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 356081 |
Start date: | 22.02.2021 |
Start time: | 14:36:43 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 3m 8s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://nliwierfrf.gb.net/xcvbn/?sicmalsnj3f3=83djnskjac4fr#gladhjef@wcps.k12.md.us |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal72.phis.win@3/31@9/3 |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30296 |
Entropy (8bit): | 1.8533863097316883 |
Encrypted: | false |
SSDEEP: | 192:r0ZzZK2nWLtBifUIyzMk6BKUDAsfCIbjX:rkVpWpelTV/v |
MD5: | 9DA6421315A10A5CB0F82E9AA7A003FC |
SHA1: | 603AE3CCD52F5B09EAB9FE5AAF1FF0BE6D735C92 |
SHA-256: | 2FED78E124B62302CDFAB77D93BE25E0CD95B82CECCE52CD3EE10844939E753B |
SHA-512: | 91C3B7AA44FAE09A5B45A9190A91AFEACD5B4BD7BC700F83C3012C625A6B7E08F70305D383BB156702BA31E4C7456FA3E10414DE4D902FEA1143A6524BF76B28 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | modified |
Size (bytes): | 55668 |
Entropy (8bit): | 2.8559994943456606 |
Encrypted: | false |
SSDEEP: | 192:r7ZIQw6Gkljx2ZW/MTHWwtTqTV9TX3ykkKTV9TX3yzVg5hRVgZlVo/C5Vgh:rNxbHBgI0jD45FLSSD |
MD5: | 01E7FA87552D4429992249828EE11BF7 |
SHA1: | 226AE1C63A1AD61CCE36C20C38BB5E37DCCF214E |
SHA-256: | 904C382B7901C006D8EF7C2761ADCE4151B2A5ED28730A1860BC96E9F89339FF |
SHA-512: | 5EC8E3B59BBF09A10FA63C5AFEFC9F5EE45D774EC0B48FEC631CCDF0094768699380E1A0BF6B139B2F0650BE79B5DF774749F4B97582E333D10D460C1E959F55 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16984 |
Entropy (8bit): | 1.564198573244267 |
Encrypted: | false |
SSDEEP: | 48:IwqGcprrGwpadG4pQlGrapbSLGQpK/G7HpRJTGIpG:rOZlQf6VBSlAOTvA |
MD5: | 329E4B5C16AACCB299790C57A05459EC |
SHA1: | 830C8B2CE0C98313DA15004E21C2E87197C83B43 |
SHA-256: | B8CB2C5F1B98564AF0A202AA4610A0609B656819E96998956C79B2EDFC9DE819 |
SHA-512: | AC7376826376B5D86F079597BE8692DDE149D095D53E138D9074AB2F5BFE4DA7BFCF33C8C9E747A91C4DFF2CCCDBA9C190C937294543F52EE01A91358FF572CB |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 853 |
Entropy (8bit): | 7.156829091896504 |
Encrypted: | false |
SSDEEP: | 24:EwD7SByEH9bArPVO/XfF1NjjkJGHSE8ITlD:EwD7SUEdsTgfd1eJGHr1 |
MD5: | 626AE921F95AC9F569FC939CC71AF3A5 |
SHA1: | E42D5AC3317ECEDA6C4318751D40DED38761859F |
SHA-256: | 19DD7BE73C35E2D316FC415BA54E682F1D40C50699B950777F5259DFECCFBFE6 |
SHA-512: | 388C8495639ADCCD995E90237A761F9023C28E813804A5EC93CFBB816D539223BE23F882A62442846F7BA08D4FFF4C57EAB660F416F1741F20D9305DC9CFBAFA |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 23825 |
Entropy (8bit): | 6.062338874803593 |
Encrypted: | false |
SSDEEP: | 384:Dwlk0vnywO1C3LGI0WDysoIAlwrtCN9by5Qkmcy77GAoIC44CGKM0iU:8lk0BbPAv9b4kcyHfNC44BU |
MD5: | 88E0927736DF6F074C4F125351D99369 |
SHA1: | 01AC5A3743B2A7988EB011A423EA5403EC39536A |
SHA-256: | 44CA8E4A5A72D889A6BCD0A0F3B6C61FD0CA4A75D99B9CEFA82B8B596CAD7F32 |
SHA-512: | 21A3F336639D040CBC192C033B791879A93B6399E3E1A11BDFABC60AD3C128E179D44345F9648F4E1B973AED9FED3081435D4FAED9AD5940BB31D038D6FE4E44 |
Malicious: | true |
Yara Hits: |
|
Reputation: | low |
IE Cache URL: | https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y/?Key=QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y&rand=13InboxLightaspxn_QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y_MzRRc1FBNzZlcWdkRjlZ-&d7410d2ca94e005b22cf0a37c379149e2f2aab88fd8c965f38f02b4abdc333f4 |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 48944 |
Entropy (8bit): | 5.272507874206726 |
Encrypted: | false |
SSDEEP: | 768:9VG5R15WbHVKZrycEHSYro34CrSLB6WU/6DqBf4l1B:9VIRuo53XiwWTvl1B |
MD5: | 14D449EB8876FA55E1EF3C2CC52B0C17 |
SHA1: | A9545831803B1359CFEED47E3B4D6BAE68E40E99 |
SHA-256: | E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B |
SHA-512: | 00D9069B9BD29AD0DAA0503F341D67549CCE28E888E1AFFD1A2A45B64A4C1BC460D81CFC4751857F991F2F4FB3D2572FD97FCA651BA0C2B0255530209B182F22 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 51039 |
Entropy (8bit): | 5.247253437401007 |
Encrypted: | false |
SSDEEP: | 768:E9Yw7GuJM+HV0cen/7Kh5rM7V4RxCKg8FW/xsXQUd+FiID65r48Hgp5HRl+:E9X7PMIM7V4R5LFAxTWyuHHgp5HRl+ |
MD5: | 67176C242E1BDC20603C878DEE836DF3 |
SHA1: | 27A71B00383D61EF3C489326B3564D698FC1227C |
SHA-256: | 56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4 |
SHA-512: | 9FA75814E1B9F7DB38FE61A503A13E60B82D83DB8F4CE30351BD08A6B48C0D854BAF472D891AF23C443C8293380C2325C7B3361B708AF9971AA0EA09A25CDD0A |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 726 |
Entropy (8bit): | 5.180796546063191 |
Encrypted: | false |
SSDEEP: | 12:jFMO6ZRoT6pIFqFMO6ZN76pYnJqF/iO6ZRoT6pixuGEqF/iO6ZN76pixuyvJY:5MOYsiMOYN7q/iOYsNxDv/iOYN7Nxw |
MD5: | 22502A622488078B8DE4406FD548E1E5 |
SHA1: | 78475040F2A19CE19AE97F70AB5086C52161F707 |
SHA-256: | 37EFD16EBE120F8057C19B36BE006601E83EB64772A25897E07293891C4F3BC0 |
SHA-512: | D03E79E23C2CBC8017CF43CF24A57DE4397CC58EC6291070E8E96998670F8DC42394709C5DC38B03199D3AE8E2A40563A5E3A41DC4148859A7FB472137991625 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 31000 |
Entropy (8bit): | 4.746143404849733 |
Encrypted: | false |
SSDEEP: | 384:wHu5yWeTUKW+KlkJ5de2UYDyVfwYUas2l8yQ/8dwmaU8G:wwlr+Klk3Yi+fwYUf2l8yQ/e9vf |
MD5: | 269550530CC127B6AA5A35925A7DE6CE |
SHA1: | 512C7D79033E3028A9BE61B540CF1A6870C896F8 |
SHA-256: | 799AEB25CC0373FDEE0E1B1DB7AD6C2F6A0E058DFADAA3379689F583213190BD |
SHA-512: | 49F4E24E55FA924FAA8AD7DEBE5FFB2E26D439E25696DF6B6F20E7F766B50EA58EC3DBD61B6305A1ACACD2C80E6E659ACCEE4140F885B9C9E71008E9001FBF4B |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://firebasestorage.googleapis.com/v0/b/dellcssfile.appspot.com/o/font-awesome.min.css?alt=media&token=e6f19ce7-a9ca-457e-80df-0f4823412ad5 |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 121200 |
Entropy (8bit): | 5.0982146191887106 |
Encrypted: | false |
SSDEEP: | 768:Vy3Gxw/Vc/QWlJxtQOIuiHlq5mzI4X8OAduFKbv2ctg2Bd8JP7ecQVvH1FS:nw/a1fIuiHlq5mN8lDbNmPbh |
MD5: | EC3BB52A00E176A7181D454DFFAEA219 |
SHA1: | 6527D8BF3E1E9368BAB8C7B60F56BC01FA3AFD68 |
SHA-256: | F75E846CC83BD11432F4B1E21A45F31BC85283D11D372F7B19ACCD1BF6A2635C |
SHA-512: | E8C5DAF01EAE68ED7C1E277A6E544C7AD108A0FA877FB531D6D9F2210769B7DA88E4E002C7B0BE3B72154EBF7CBF01A795C8342CE2DAD368BD6351E956195F8B |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://firebasestorage.googleapis.com/v0/b/dellcssfile.appspot.com/o/bootstrap.min.css?alt=media&token=ec34bc68-b721-48e5-a02a-8deed9a44325 |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 223 |
Entropy (8bit): | 5.142612311542767 |
Encrypted: | false |
SSDEEP: | 6:0IFFDK+Q+56ZRWHMqh7izlpdRSRk68k3tg9EFNin:jFI+QO6ZRoMqt6p3Tk9g9CY |
MD5: | 72C5D331F2135E52DA2A95F7854049A3 |
SHA1: | 572F349BB65758D377CCBAE434350507341ACD7B |
SHA-256: | C3A12D7E8F6B2B1F5E4CD0C9938DFC79532AEF90802B424EE910093F156586DA |
SHA-512: | 9EA12CC277C9858524083FEBBE1A3E61FDECE5268F63B14C9FFAFE29396C7CCDB3B07BE10E829936BCCD8F3B9E39DCFA6BC4316F189E4CEA914F1D06916DB66B |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://fonts.googleapis.com/css?family=Archivo+Narrow&display=swap |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 34350 |
Entropy (8bit): | 6.319416398409097 |
Encrypted: | false |
SSDEEP: | 384:2TILSQt3owpXUazLuDULbNVTH/oOkKQB3I+89AyI6WcRwkw8cQUtR:2ULSe3yy6DOP/oDB29uc5w8cQUL |
MD5: | 73570FCA80D5237954C19C20BDA58A70 |
SHA1: | E27F09071CA6B858A1B96B1CD02B2B34BCE85178 |
SHA-256: | 75BAC9C568E4B2DF8C25F96513A92FA4740D4B11E58FB0ADB88E2F4DADC7FFCD |
SHA-512: | 60632D9B3893631C82FDC7D56741A8EFA52BA9333BF4FECA083330B9B1454CC6F4A1AEEDF621EBF92CFF634A0BA91F4EB1F0DF6009A69C6BD14A0A39908E8B99 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://ka-f.fontawesome.com/releases/v5.15.2/webfonts/free-fa-regular-400.eot? |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 204814 |
Entropy (8bit): | 6.343269877413605 |
Encrypted: | false |
SSDEEP: | 6144:9t+zd6McnODzpN2BDXTIRSwRKSK3NC59M4:iELnODze58Rjg+5b |
MD5: | AD5381B40F2857CE48DC73585FC92294 |
SHA1: | B404BB9916EDFD272560C27CFD09C032EC9F9B96 |
SHA-256: | 2D45F4A3844BEFB918111DF65049A4FA71577D5E8FF009934B62E647E4702AB0 |
SHA-512: | 69409725FE954403937CA22F5CDE811574FA2EBDBE24BF7CD5566826259A2427692251BFC90E663696C6A425F6C2DB95C8946495B4A5228B3BA8FEA10F79C2F5 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://ka-f.fontawesome.com/releases/v5.15.2/webfonts/free-fa-solid-900.eot? |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 85578 |
Entropy (8bit): | 5.366055229017455 |
Encrypted: | false |
SSDEEP: | 1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2 |
MD5: | 2F6B11A7E914718E0290410E85366FE9 |
SHA1: | 69BB69E25CA7D5EF0935317584E6153F3FD9A88C |
SHA-256: | 05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E |
SHA-512: | 0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 830 |
Entropy (8bit): | 5.7045908853377485 |
Encrypted: | false |
SSDEEP: | 12:J0+ox0RJWWPboKqVTIfCccbqVTIfCccXSUqVTIfCccJIvmKD1AT:y+OWPbjqVTIfsqVTIfZUqVTIf8IuK2 |
MD5: | 55A2F2C2F7FD02E3EC843A0B5DD7BDC9 |
SHA1: | 3F2F1FD8D955B07D96C6A66C22369630C79277F5 |
SHA-256: | 673687FA69ABD36E46E6FA918088738E19B10CE4196160776F27C19D916B7B03 |
SHA-512: | 5A33A54A04FFC1310BE0AF5220573578B2799A04361C799AC8D1A20EA2517E295F1BC53E9029F5F8C36B86F7B292E8E38CF0B2B8301A3DD06D038F97C28D1114 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 410 |
Entropy (8bit): | 7.1505149338619995 |
Encrypted: | false |
SSDEEP: | 6:6v/lhPysn9+H/GaB3RbRtsUUOqW906ZMIteZ3hyerzK/S7UYSSsR/+BqymCzQX2c:6v/7HkdRts6KygTyEzKagxShUAc |
MD5: | E4D0C70B753B2AE3AA28F2BBCB1F3978 |
SHA1: | A65701DC3DA06436129AD937722B6F6E10C3B9FB |
SHA-256: | 3CC7592C40DBE6B04FF0682D7865EAE3D8B48F1B7C8BC6C166E4DDD7F9DFE402 |
SHA-512: | C804C6C731959FE8A2AE6EB96BDC9D952D72D2B09E209841C095A31B6BFCC31FC083AA3FD0F3AEE6839219655179A747873C2BDF23A80A7FEA767AA2A16B8506 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://www.google.com/s2/favicons?domain=wcps.k12.md.us |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 26701 |
Entropy (8bit): | 4.82979949483045 |
Encrypted: | false |
SSDEEP: | 192:SP6hT1bIl4w0QUmQ10PwKLaAu5CwWavpHo4O6wgLPbJVR8XD7mycP:5hal4w0QK+PwK05eavpmgPPeXD7mycP |
MD5: | 1848E71668F42835079E5FA2AF6CF4A8 |
SHA1: | 6AE345E2FEB8C2A524E7CF9E22A3A87BAEE60593 |
SHA-256: | D7CC3C57F9BDA4C6DCB83BB3C19F2F2AA86ECEC6274E243CD4EC315AE8E30101 |
SHA-512: | 24E0AF4EC32A9AAB61D9E1AF9B2083F2D13CC98961B5E32BB613A02FEEF63F5F30C3B21C6308A4A204D981D77C86F09E221D0DB7B051A3538ACE07E727F29F58 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://ka-f.fontawesome.com/releases/v5.15.2/css/free-v4-shims.min.css?token=585b051251 |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 60351 |
Entropy (8bit): | 4.728636851806783 |
Encrypted: | false |
SSDEEP: | 768:5Uh31IPiyXNq4YxBowbgJlkwF//zMQyYJYX9Bft6VSz8:5U0PxXE4YXJgndFTfy9lt5Q |
MD5: | 4ECC071B77D6B1790FA9FB8A5173F972 |
SHA1: | B44FCBAAC4F3AA7381D71DE20064AC84B0B729D1 |
SHA-256: | 8C7BBA7DEB64FF95E98F7AC8CD0D3B675A4BCF02F302E57EDC5A1D6FA3D6CF94 |
SHA-512: | 7CC1D04078B5917269025B6F37C7DDD83A0A5A0C5840E2A6E99ADFE2FB3E2242C626F25315480ADCD725C855AD2881DDF672B6FC1D793377C2D16FF38EAF69E9 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://ka-f.fontawesome.com/releases/v5.15.2/css/free.min.css?token=585b051251 |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 18900 |
Entropy (8bit): | 7.96514104643824 |
Encrypted: | false |
SSDEEP: | 384:nejx4dDcsFhu/3v79dEAUdH6XSw1fz9fKQm9LQNG/X1epB:ejadDrhYTf3Udaieza98Nbz |
MD5: | 1F85E92D8FF443980BC0F83AD7B23B60 |
SHA1: | EE8642C4FAE325BB460EC29C0C2C9AD8A4C7817D |
SHA-256: | EA20E5DB3BA915C503173FAE268445FC2745FC9A5DCE2F58D47F5A355E1CDB18 |
SHA-512: | F34099C30F35F782C8BB2B92D7F44549013D90E9EEDE13816D4C7380147D5B2C8373CC4D858CDF3248AAA8A73948350340EE57DAE9734038FC80615848C7133E |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhv.woff |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 19188 |
Entropy (8bit): | 5.212814407014048 |
Encrypted: | false |
SSDEEP: | 384:+CbuG4xGNoDic2UjKPafxwC5b/4xQviOJU7QzxzivDdE3pcGdjkd/9jt3B+Kb964:zb4xGmiJfaf7gxQvVU7eziv+cSjknZ3f |
MD5: | 70D3FDA195602FE8B75E0097EED74DDE |
SHA1: | C3B977AA4B8DFB69D651E07015031D385DED964B |
SHA-256: | A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66 |
SHA-512: | 51AFFB5A8CFD2F93B473007F6987B19A0A1A0FB970DDD59EF45BD77A355D82ABBBD60468837A09823496411E797F05B1F962AE93C725ED4C00D514BA40269D14 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1159 |
Entropy (8bit): | 5.1328878916132075 |
Encrypted: | false |
SSDEEP: | 24:D5KqVTIfgIcIDFI5Kc/IYiIyhLXdP+oYwBgb:vTFZid7dWoYIe |
MD5: | CC51C88E532F188EBAD2DB4DF3006F49 |
SHA1: | A331E205196EFFB490F17B330D0332698CBE2CB5 |
SHA-256: | 4ADFB4E7BCBCB339DC754909D31CB668F9A1B4EE01A81D6397B4A1D6561A8651 |
SHA-512: | AAACE0BCD86044E4AF65B86CAD414314D33D70203C8E3E8A2DAF8D7AA05FE0C3A93E4418FF05347E118212A2476FCA52FE6F82EFA6A8273E6C223403CA3956D6 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 10866 |
Entropy (8bit): | 5.182477446178365 |
Encrypted: | false |
SSDEEP: | 192:BBHN42S+9SZRvACpiIthFzoXnemF+shSGnZ+PPxQDqv7jh81Q5l8OcchIlzbCn:HRCfhFzevnEZ/h81Q5l8OsE |
MD5: | 4B900F0AF3BBDA85E1077C8EC8C83831 |
SHA1: | 7E7015965195F25AFA3A47BE2108278AD6A0A4AC |
SHA-256: | 7943D6D067DB8587E9FB675F0D2CC78D6C90C91B187CF8642A3F52FF91381685 |
SHA-512: | 2CD82E0DCD1381447522CFFD610136513323E5D2980FAE730801FE8BBA580FF7FDF9CB8D2E9AC794D6F2FB59C724EDA71BECE7CAA72C775BC963E1A54B30EBCB |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://kit.fontawesome.com/585b051251.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 20356 |
Entropy (8bit): | 7.972919215442608 |
Encrypted: | false |
SSDEEP: | 384:of+dt1ebKR28EPpAXxR5wthZZv4B8Te/h4+ctr5NH9NwZaUp4VsEgm:of+P1eeRcU8Hqdy+UHHbEw/ |
MD5: | ADCDE98F1D584DE52060AD7B16373DA3 |
SHA1: | 0A9B76D81989A7A45336EBD7B48ED25803F344B9 |
SHA-256: | 806EA46C426AF8FC24E5CF42A210228739696933D36299EB28AEE64F69FC71F1 |
SHA-512: | 7B1D6CC0D841A9E5EFEC540387BC5F9B47E07A21FDC3DC4CE029BB0E3C74664BBC9F1BCCFD8FB575B595C2CC1FD16925C533E062C4C82EEE0C310FFD2B4C2927 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 20268 |
Entropy (8bit): | 7.970212610239314 |
Encrypted: | false |
SSDEEP: | 384:LyfRPUY1e32pJd75q1DzPjsnouCrZsZtetWFNFfIP0cIWvdzNcrm:uJPb1em3dSPjKrZYtWntk0wvdzh |
MD5: | 60FA3C0614B8FB2F394FA29944C21540 |
SHA1: | 42C8AE79841C592A26633F10EE9A26C75BCF9273 |
SHA-256: | C1DC87F99C7FF228806117D58F085C6C573057FA237228081802B7D8D3CF7684 |
SHA-512: | C921362A52F3187224849EB566E297E48842D121E88C33449A5C6C1193FD4842BBD3EF181D770ADE9707011EB6F4078947B8165FAD51C72C17F43B592439FFF4 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 689 |
Entropy (8bit): | 7.547514317403399 |
Encrypted: | false |
SSDEEP: | 12:6v/7aH90mJv85rPVOlNXbmMFb6IL9LjjPcQOJPQqG+GS+tVpAiz+1O4MbsDN:hH9bArPVO/XfF1NjjkJGHSE8ITG |
MD5: | 6F45B2E7280E12B8D0DF8280FDE4C155 |
SHA1: | 7F4912503B0710270A047F0D1F2820FAE7B849E0 |
SHA-256: | B5BA52047193427D28D3F169FB3E4A2835C0FA1CA6F59192381BAA79CE74FBFB |
SHA-512: | 5C8C9114C682080337FD2BD2067D8C58C5E0D7E5B2DDEF64AE735E95AA5392AD15AE84153D7E15A113FF509B19B929616D74F5C65E2E583C2C7E3D122062F39F |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 86709 |
Entropy (8bit): | 5.367391365596119 |
Encrypted: | false |
SSDEEP: | 1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5 |
MD5: | E071ABDA8FE61194711CFC2AB99FE104 |
SHA1: | F647A6D37DC4CA055CED3CF64BBC1F490070ACBA |
SHA-256: | 85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF |
SHA-512: | 53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://code.jquery.com/jquery-3.1.1.min.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 69597 |
Entropy (8bit): | 5.369216080582935 |
Encrypted: | false |
SSDEEP: | 1536:qNhEyjjTikEJO4edXXe9J578go6MWX2xkjVe4c4j2ll2Ac7pK3F71QDU8CuT:Exc2yjq4j2uYnQDU8CuT |
MD5: | 5F48FC77CAC90C4778FA24EC9C57F37D |
SHA1: | 9E89D1515BC4C371B86F4CB1002FD8E377C1829F |
SHA-256: | 9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398 |
SHA-512: | CAB8C4AFA1D8E3A8B7856EE29AE92566D44CEEAD70C8D533F2C98A976D77D0E1D314719B5C6A473789D8C6B21EBB4B89A6B0EC2E1C9C618FB1437EBC77D3A269 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://code.jquery.com/jquery-3.2.1.slim.min.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 18100 |
Entropy (8bit): | 7.962027637722169 |
Encrypted: | false |
SSDEEP: | 384:aHQHZuiZQFFIimUy1oml4hN2Vmw1Qa57YC74ObDDj08X0UJQiXc:1ZQT0UySml4bEmAP5EC7PbDH4U1M |
MD5: | DE0869E324680C99EFA1250515B4B41C |
SHA1: | 8033A128504F11145EA791E481E3CF79DCD290E2 |
SHA-256: | 81F0EC27796225EA29F9F1C7B74F083EDCD7BC97A09D5FC4E8D03C0134E62445 |
SHA-512: | CD616DB99B91C6CBF427969F715197D54287BAFA60C3B58B93FF7837C21A6AAC1A984451AEEB9E07FD5B1B0EC465FE020ACBE1BFF8320E1628E970DDF37B0F0E |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0d.woff |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 62670 |
Entropy (8bit): | 1.8936106827958605 |
Encrypted: | false |
SSDEEP: | 768:gu3Oukkk/abn8u3Oukkk/abou3Oukkk/aa:W |
MD5: | 59F87613C5BC506230F3306D3CD82937 |
SHA1: | 308E682E20C6C4BE940EF8EF9ABBD8146E13F566 |
SHA-256: | 17C8FEDB6C777F797DCD229E572046BD8A8C1476D859EC7B3590F19EC0C3F9DD |
SHA-512: | C6568592FA2C91A8F4BF0B24115297E591852C4E0C90B9BF536F7AE15D9171D3C4ED5D661DCC6DEB1B72A5E9633A812827CB13AC8BDFFDD6AA0EAC2F057A6944 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 25441 |
Entropy (8bit): | 1.0709942163039183 |
Encrypted: | false |
SSDEEP: | 48:kBqoxxJhHWSVSEabN+7+QB+Xq0h7is+7+QB+Xq0p7is+7+QB+Xq0t77iZ:kBqoxDhHWSVSE+HqQqkqa+ |
MD5: | B38856D54C4C66846250BB47B00936F7 |
SHA1: | E20911E157C24C896FDDDBDCC47F9BA9F562D274 |
SHA-256: | D215977158BE5D422A7F51A38DEF3C15451A36AA9937AB5B55732D881CBF4427 |
SHA-512: | 964FBD35D54E09AFD01625F872D85121A74E989ED3790AA9A3FE81DD3C750ACD1308E74AF8D96A01B7E58260412D05DFC6EDC82597345877B6278C767134D7AE |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13029 |
Entropy (8bit): | 0.4800413028390838 |
Encrypted: | false |
SSDEEP: | 12:c9lCg5/9lCgeK9l26an9l26an9l8fRqk9l8fRq09lTqqU68ZKWK6qKaqK0K+UDfT:c9lLh9lLh9lIn9lIn9lo39lo39lWNNI |
MD5: | 4DD04DAF1119673BC230743F6159DAC4 |
SHA1: | 227746AD550DC6E3149BEEFCD1EBF5A71285AC88 |
SHA-256: | C3F3FE47943FCB916196A8C496D886B802EB4574C6E723DDABFF4843A2C6765C |
SHA-512: | 41BA9ACABB442EB74E220501906086565A0A06DECC74C0FB77661EE93AF13C81D13EDB51B71D1846BD8B0B84B050CC2BDE8E6FEFB32AFF56E3356D6FA39468E3 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
No static file info |
---|
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 22, 2021 14:37:30.877618074 CET | 49709 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:30.878508091 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:31.019853115 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:31.019891024 CET | 443 | 49709 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:31.019999027 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:31.020065069 CET | 49709 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:31.026719093 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:31.027880907 CET | 49709 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:31.166362047 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:31.168520927 CET | 443 | 49709 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:31.171300888 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:31.171346903 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:31.171371937 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:31.171380043 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:31.171401978 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:31.171411037 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:31.171458960 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:31.172265053 CET | 443 | 49709 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:31.172308922 CET | 443 | 49709 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:31.172333956 CET | 443 | 49709 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:31.172362089 CET | 443 | 49709 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:31.172418118 CET | 49709 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:31.172444105 CET | 49709 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:31.172446966 CET | 49709 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:31.245989084 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:31.249464035 CET | 49709 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:31.252384901 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:31.386023045 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:31.386181116 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:31.390394926 CET | 443 | 49709 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:31.390717030 CET | 49709 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:31.431849003 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:31.648036003 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:31.648101091 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:31.648169041 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:31.648210049 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:32.231791019 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:32.371797085 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.372787952 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.372822046 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.372869015 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:32.372896910 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:32.377088070 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:32.518215895 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.518255949 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.518273115 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.518296957 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.518318892 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.518336058 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.518358946 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.518379927 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:32.518388033 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.518408060 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.518429995 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.518440962 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:32.518460989 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.518469095 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:32.518491030 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.518496990 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:32.518507004 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.518541098 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:32.561476946 CET | 49709 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:32.658423901 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.658452988 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.658468008 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.658490896 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.658510923 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:32.658516884 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.658535004 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.658546925 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:32.658560038 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.658586979 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:32.658618927 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:32.658684015 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.658701897 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.658725023 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:32.658726931 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.658751011 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.658766031 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.658775091 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:32.658790112 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.658791065 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:32.658813953 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.658837080 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:32.658859015 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:32.703099966 CET | 443 | 49709 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:32.703238964 CET | 49709 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:32.736635923 CET | 49721 | 443 | 192.168.2.7 | 104.16.18.94 |
Feb 22, 2021 14:37:32.738181114 CET | 49722 | 443 | 192.168.2.7 | 104.16.18.94 |
Feb 22, 2021 14:37:32.781255960 CET | 443 | 49721 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:32.781369925 CET | 49721 | 443 | 192.168.2.7 | 104.16.18.94 |
Feb 22, 2021 14:37:32.781908989 CET | 49721 | 443 | 192.168.2.7 | 104.16.18.94 |
Feb 22, 2021 14:37:32.782800913 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:32.782888889 CET | 49722 | 443 | 192.168.2.7 | 104.16.18.94 |
Feb 22, 2021 14:37:32.783862114 CET | 49722 | 443 | 192.168.2.7 | 104.16.18.94 |
Feb 22, 2021 14:37:32.829209089 CET | 443 | 49721 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:32.829971075 CET | 443 | 49721 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:32.829991102 CET | 443 | 49721 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:32.830040932 CET | 49721 | 443 | 192.168.2.7 | 104.16.18.94 |
Feb 22, 2021 14:37:32.830089092 CET | 49721 | 443 | 192.168.2.7 | 104.16.18.94 |
Feb 22, 2021 14:37:32.831037998 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:32.831675053 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:32.831690073 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:32.831758976 CET | 49722 | 443 | 192.168.2.7 | 104.16.18.94 |
Feb 22, 2021 14:37:32.905038118 CET | 49722 | 443 | 192.168.2.7 | 104.16.18.94 |
Feb 22, 2021 14:37:32.905353069 CET | 49721 | 443 | 192.168.2.7 | 104.16.18.94 |
Feb 22, 2021 14:37:32.913199902 CET | 49722 | 443 | 192.168.2.7 | 104.16.18.94 |
Feb 22, 2021 14:37:32.914400101 CET | 49721 | 443 | 192.168.2.7 | 104.16.18.94 |
Feb 22, 2021 14:37:32.915576935 CET | 49722 | 443 | 192.168.2.7 | 104.16.18.94 |
Feb 22, 2021 14:37:32.949599028 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:32.949801922 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:32.949860096 CET | 49722 | 443 | 192.168.2.7 | 104.16.18.94 |
Feb 22, 2021 14:37:32.949862957 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:32.949922085 CET | 49722 | 443 | 192.168.2.7 | 104.16.18.94 |
Feb 22, 2021 14:37:32.949955940 CET | 443 | 49721 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:32.950090885 CET | 443 | 49721 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:32.950149059 CET | 49721 | 443 | 192.168.2.7 | 104.16.18.94 |
Feb 22, 2021 14:37:32.950186968 CET | 443 | 49721 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:32.950229883 CET | 49721 | 443 | 192.168.2.7 | 104.16.18.94 |
Feb 22, 2021 14:37:32.950834990 CET | 49721 | 443 | 192.168.2.7 | 104.16.18.94 |
Feb 22, 2021 14:37:32.951030970 CET | 49722 | 443 | 192.168.2.7 | 104.16.18.94 |
Feb 22, 2021 14:37:32.957742929 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:32.957762957 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:32.957837105 CET | 49722 | 443 | 192.168.2.7 | 104.16.18.94 |
Feb 22, 2021 14:37:32.959096909 CET | 443 | 49721 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:32.959115028 CET | 443 | 49721 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:32.959243059 CET | 49721 | 443 | 192.168.2.7 | 104.16.18.94 |
Feb 22, 2021 14:37:32.966907024 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:32.966929913 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:32.966942072 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:32.967009068 CET | 49722 | 443 | 192.168.2.7 | 104.16.18.94 |
Feb 22, 2021 14:37:32.967039108 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:32.967050076 CET | 49722 | 443 | 192.168.2.7 | 104.16.18.94 |
Feb 22, 2021 14:37:32.967055082 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:32.967068911 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:32.967138052 CET | 49722 | 443 | 192.168.2.7 | 104.16.18.94 |
Feb 22, 2021 14:37:32.968033075 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:32.968091965 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:32.968612909 CET | 49722 | 443 | 192.168.2.7 | 104.16.18.94 |
Feb 22, 2021 14:37:32.969053030 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:32.969137907 CET | 49722 | 443 | 192.168.2.7 | 104.16.18.94 |
Feb 22, 2021 14:37:33.043442011 CET | 443 | 49721 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:33.045514107 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.7 |
Feb 22, 2021 14:37:37.523600101 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:37.523641109 CET | 443 | 49710 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:37.523694038 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:37.523750067 CET | 49710 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:37.708483934 CET | 443 | 49709 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:37.708549976 CET | 443 | 49709 | 104.129.25.9 | 192.168.2.7 |
Feb 22, 2021 14:37:37.708633900 CET | 49709 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:37.708690882 CET | 49709 | 443 | 192.168.2.7 | 104.129.25.9 |
Feb 22, 2021 14:37:49.479244947 CET | 49746 | 443 | 192.168.2.7 | 35.214.201.112 |
Feb 22, 2021 14:37:49.479325056 CET | 49745 | 443 | 192.168.2.7 | 35.214.201.112 |
Feb 22, 2021 14:37:49.532459021 CET | 443 | 49745 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.532617092 CET | 49745 | 443 | 192.168.2.7 | 35.214.201.112 |
Feb 22, 2021 14:37:49.533518076 CET | 49745 | 443 | 192.168.2.7 | 35.214.201.112 |
Feb 22, 2021 14:37:49.539016962 CET | 443 | 49746 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.539439917 CET | 49746 | 443 | 192.168.2.7 | 35.214.201.112 |
Feb 22, 2021 14:37:49.540118933 CET | 49746 | 443 | 192.168.2.7 | 35.214.201.112 |
Feb 22, 2021 14:37:49.587356091 CET | 443 | 49745 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.591756105 CET | 443 | 49745 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.591830015 CET | 443 | 49745 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.591877937 CET | 443 | 49745 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.591891050 CET | 49745 | 443 | 192.168.2.7 | 35.214.201.112 |
Feb 22, 2021 14:37:49.591934919 CET | 49745 | 443 | 192.168.2.7 | 35.214.201.112 |
Feb 22, 2021 14:37:49.591942072 CET | 49745 | 443 | 192.168.2.7 | 35.214.201.112 |
Feb 22, 2021 14:37:49.600408077 CET | 443 | 49746 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.602622986 CET | 49745 | 443 | 192.168.2.7 | 35.214.201.112 |
Feb 22, 2021 14:37:49.603192091 CET | 49745 | 443 | 192.168.2.7 | 35.214.201.112 |
Feb 22, 2021 14:37:49.603303909 CET | 49745 | 443 | 192.168.2.7 | 35.214.201.112 |
Feb 22, 2021 14:37:49.604037046 CET | 443 | 49746 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.604068041 CET | 443 | 49746 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.604083061 CET | 443 | 49746 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.604162931 CET | 49746 | 443 | 192.168.2.7 | 35.214.201.112 |
Feb 22, 2021 14:37:49.610955954 CET | 49746 | 443 | 192.168.2.7 | 35.214.201.112 |
Feb 22, 2021 14:37:49.611399889 CET | 49746 | 443 | 192.168.2.7 | 35.214.201.112 |
Feb 22, 2021 14:37:49.653909922 CET | 443 | 49745 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.654457092 CET | 443 | 49745 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.654478073 CET | 443 | 49745 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.655797005 CET | 443 | 49745 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.658267975 CET | 49745 | 443 | 192.168.2.7 | 35.214.201.112 |
Feb 22, 2021 14:37:49.666656017 CET | 443 | 49745 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.667331934 CET | 49745 | 443 | 192.168.2.7 | 35.214.201.112 |
Feb 22, 2021 14:37:49.667584896 CET | 49745 | 443 | 192.168.2.7 | 35.214.201.112 |
Feb 22, 2021 14:37:49.669919968 CET | 443 | 49746 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.669946909 CET | 443 | 49746 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.674951077 CET | 443 | 49746 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.675048113 CET | 443 | 49746 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.675077915 CET | 49746 | 443 | 192.168.2.7 | 35.214.201.112 |
Feb 22, 2021 14:37:49.675118923 CET | 49746 | 443 | 192.168.2.7 | 35.214.201.112 |
Feb 22, 2021 14:37:49.675806046 CET | 49746 | 443 | 192.168.2.7 | 35.214.201.112 |
Feb 22, 2021 14:37:49.718745947 CET | 443 | 49745 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.735105038 CET | 443 | 49746 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.739558935 CET | 443 | 49745 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.739590883 CET | 443 | 49745 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.739614964 CET | 443 | 49745 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.739638090 CET | 443 | 49745 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.739659071 CET | 443 | 49745 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.739679098 CET | 443 | 49745 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.739696026 CET | 443 | 49745 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.739707947 CET | 49745 | 443 | 192.168.2.7 | 35.214.201.112 |
Feb 22, 2021 14:37:49.739716053 CET | 443 | 49745 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.739732981 CET | 49745 | 443 | 192.168.2.7 | 35.214.201.112 |
Feb 22, 2021 14:37:49.739737034 CET | 443 | 49745 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.739753008 CET | 443 | 49745 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.739754915 CET | 49745 | 443 | 192.168.2.7 | 35.214.201.112 |
Feb 22, 2021 14:37:49.739777088 CET | 49745 | 443 | 192.168.2.7 | 35.214.201.112 |
Feb 22, 2021 14:37:49.739814997 CET | 49745 | 443 | 192.168.2.7 | 35.214.201.112 |
Feb 22, 2021 14:37:49.792581081 CET | 443 | 49745 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.792622089 CET | 443 | 49745 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.792645931 CET | 443 | 49745 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.792665005 CET | 49745 | 443 | 192.168.2.7 | 35.214.201.112 |
Feb 22, 2021 14:37:49.792668104 CET | 443 | 49745 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.792689085 CET | 443 | 49745 | 35.214.201.112 | 192.168.2.7 |
Feb 22, 2021 14:37:49.792695999 CET | 49745 | 443 | 192.168.2.7 | 35.214.201.112 |
Feb 22, 2021 14:37:49.792730093 CET | 49745 | 443 | 192.168.2.7 | 35.214.201.112 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 22, 2021 14:37:20.558984995 CET | 56590 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:20.609910011 CET | 53 | 56590 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:20.671821117 CET | 60501 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:20.703818083 CET | 53775 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:20.723824978 CET | 53 | 60501 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:20.755734921 CET | 53 | 53775 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:21.755023956 CET | 51837 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:21.803776026 CET | 53 | 51837 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:22.614783049 CET | 55411 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:22.674195051 CET | 53 | 55411 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:22.736778975 CET | 63668 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:22.786186934 CET | 53 | 63668 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:23.704505920 CET | 54640 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:23.753158092 CET | 53 | 54640 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:24.731990099 CET | 58739 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:24.780512094 CET | 53 | 58739 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:25.835668087 CET | 60338 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:25.884316921 CET | 53 | 60338 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:26.915956974 CET | 58717 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:26.964548111 CET | 53 | 58717 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:28.125936031 CET | 59762 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:28.174848080 CET | 53 | 59762 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:28.473176956 CET | 54329 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:28.531650066 CET | 53 | 54329 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:29.677958965 CET | 58052 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:30.679775000 CET | 58052 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:30.854752064 CET | 53 | 58052 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:32.533967972 CET | 54008 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:32.541718960 CET | 59451 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:32.552170992 CET | 52914 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:32.566406012 CET | 64569 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:32.577702999 CET | 52816 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:32.593029976 CET | 53 | 59451 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:32.601480961 CET | 53 | 52914 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:32.601562023 CET | 53 | 54008 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:32.615281105 CET | 53 | 64569 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:32.645457983 CET | 53 | 52816 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:32.682753086 CET | 50781 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:32.688536882 CET | 54230 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:32.691732883 CET | 54911 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:32.734066010 CET | 53 | 50781 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:32.739972115 CET | 53 | 54230 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:32.740305901 CET | 53 | 54911 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:32.860807896 CET | 49958 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:32.912432909 CET | 53 | 49958 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:32.987962008 CET | 50860 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:33.039870024 CET | 53 | 50860 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:33.853785038 CET | 50452 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:33.902584076 CET | 53 | 50452 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:34.283879042 CET | 59730 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:34.364212036 CET | 53 | 59730 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:34.829427004 CET | 59310 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:34.880867958 CET | 53 | 59310 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:35.880539894 CET | 51919 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:35.940969944 CET | 53 | 51919 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:37.168045998 CET | 64296 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:37.216872931 CET | 53 | 64296 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:38.879170895 CET | 56680 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:38.927872896 CET | 53 | 56680 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:39.845670938 CET | 58820 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:39.897480965 CET | 53 | 58820 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:41.106272936 CET | 60983 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:41.157876015 CET | 53 | 60983 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:42.122042894 CET | 49247 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:42.170883894 CET | 53 | 49247 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:47.627041101 CET | 52286 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:47.684161901 CET | 53 | 52286 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:48.255949020 CET | 56064 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:48.307437897 CET | 53 | 56064 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:49.227860928 CET | 63744 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:49.279387951 CET | 53 | 63744 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:49.311466932 CET | 61457 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:49.475977898 CET | 53 | 61457 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:49.956263065 CET | 58367 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:50.008083105 CET | 53 | 58367 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:50.427438021 CET | 60599 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:50.476218939 CET | 53 | 60599 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:50.711183071 CET | 59571 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:50.771526098 CET | 53 | 59571 | 8.8.8.8 | 192.168.2.7 |
Feb 22, 2021 14:37:51.878051043 CET | 52689 | 53 | 192.168.2.7 | 8.8.8.8 |
Feb 22, 2021 14:37:51.926670074 CET | 53 | 52689 | 8.8.8.8 | 192.168.2.7 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Feb 22, 2021 14:37:29.677958965 CET | 192.168.2.7 | 8.8.8.8 | 0x59c4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 14:37:30.679775000 CET | 192.168.2.7 | 8.8.8.8 | 0x59c4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 14:37:32.541718960 CET | 192.168.2.7 | 8.8.8.8 | 0xe1a6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 14:37:32.566406012 CET | 192.168.2.7 | 8.8.8.8 | 0x47fd | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 14:37:32.682753086 CET | 192.168.2.7 | 8.8.8.8 | 0xeeca | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 14:37:32.688536882 CET | 192.168.2.7 | 8.8.8.8 | 0x9cd8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 14:37:32.691732883 CET | 192.168.2.7 | 8.8.8.8 | 0x1274 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 14:37:32.987962008 CET | 192.168.2.7 | 8.8.8.8 | 0xaaa0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 14:37:49.311466932 CET | 192.168.2.7 | 8.8.8.8 | 0x15b1 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Feb 22, 2021 14:37:30.854752064 CET | 8.8.8.8 | 192.168.2.7 | 0x59c4 | No error (0) | 104.129.25.9 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 14:37:32.593029976 CET | 8.8.8.8 | 192.168.2.7 | 0xe1a6 | No error (0) | cds.s5x3j6q5.hwcdn.net | CNAME (Canonical name) | IN (0x0001) | ||
Feb 22, 2021 14:37:32.615281105 CET | 8.8.8.8 | 192.168.2.7 | 0x47fd | No error (0) | kit.fontawesome.com.cdn.cloudflare.net | CNAME (Canonical name) | IN (0x0001) | ||
Feb 22, 2021 14:37:32.734066010 CET | 8.8.8.8 | 192.168.2.7 | 0xeeca | No error (0) | 104.16.18.94 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 14:37:32.734066010 CET | 8.8.8.8 | 192.168.2.7 | 0xeeca | No error (0) | 104.16.19.94 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 14:37:32.739972115 CET | 8.8.8.8 | 192.168.2.7 | 0x9cd8 | No error (0) | cds.j3z9t3p6.hwcdn.net | CNAME (Canonical name) | IN (0x0001) | ||
Feb 22, 2021 14:37:32.740305901 CET | 8.8.8.8 | 192.168.2.7 | 0x1274 | No error (0) | cds.j3z9t3p6.hwcdn.net | CNAME (Canonical name) | IN (0x0001) | ||
Feb 22, 2021 14:37:33.039870024 CET | 8.8.8.8 | 192.168.2.7 | 0xaaa0 | No error (0) | ka-f.fontawesome.com.cdn.cloudflare.net | CNAME (Canonical name) | IN (0x0001) | ||
Feb 22, 2021 14:37:49.475977898 CET | 8.8.8.8 | 192.168.2.7 | 0x15b1 | No error (0) | 35.214.201.112 | A (IP address) | IN (0x0001) |
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Feb 22, 2021 14:37:31.171346903 CET | 104.129.25.9 | 443 | 192.168.2.7 | 49710 | CN=*.nliwierfrf.gb.net CN=R3, O=Let's Encrypt, C=US | CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co. | Thu Jan 07 22:07:31 CET 2021 Wed Oct 07 21:21:40 CEST 2020 | Wed Apr 07 23:07:31 CEST 2021 Wed Sep 29 21:21:40 CEST 2021 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=R3, O=Let's Encrypt, C=US | CN=DST Root CA X3, O=Digital Signature Trust Co. | Wed Oct 07 21:21:40 CEST 2020 | Wed Sep 29 21:21:40 CEST 2021 | |||||||
Feb 22, 2021 14:37:31.172308922 CET | 104.129.25.9 | 443 | 192.168.2.7 | 49709 | CN=*.nliwierfrf.gb.net CN=R3, O=Let's Encrypt, C=US | CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co. | Thu Jan 07 22:07:31 CET 2021 Wed Oct 07 21:21:40 CEST 2020 | Wed Apr 07 23:07:31 CEST 2021 Wed Sep 29 21:21:40 CEST 2021 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=R3, O=Let's Encrypt, C=US | CN=DST Root CA X3, O=Digital Signature Trust Co. | Wed Oct 07 21:21:40 CEST 2020 | Wed Sep 29 21:21:40 CEST 2021 | |||||||
Feb 22, 2021 14:37:32.829991102 CET | 104.16.18.94 | 443 | 192.168.2.7 | 49721 | CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US | CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE | Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020 | Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US | CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE | Mon Jan 27 13:48:08 CET 2020 | Wed Jan 01 00:59:59 CET 2025 | |||||||
Feb 22, 2021 14:37:32.831690073 CET | 104.16.18.94 | 443 | 192.168.2.7 | 49722 | CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US | CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE | Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020 | Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US | CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE | Mon Jan 27 13:48:08 CET 2020 | Wed Jan 01 00:59:59 CET 2025 | |||||||
Feb 22, 2021 14:37:49.591830015 CET | 35.214.201.112 | 443 | 192.168.2.7 | 49745 | CN=politikesgeuseis.gr CN=R3, O=Let's Encrypt, C=US | CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co. | Tue Jan 05 10:56:34 CET 2021 Wed Oct 07 21:21:40 CEST 2020 | Mon Apr 05 11:56:34 CEST 2021 Wed Sep 29 21:21:40 CEST 2021 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=R3, O=Let's Encrypt, C=US | CN=DST Root CA X3, O=Digital Signature Trust Co. | Wed Oct 07 21:21:40 CEST 2020 | Wed Sep 29 21:21:40 CEST 2021 | |||||||
Feb 22, 2021 14:37:49.604068041 CET | 35.214.201.112 | 443 | 192.168.2.7 | 49746 | CN=politikesgeuseis.gr CN=R3, O=Let's Encrypt, C=US | CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co. | Tue Jan 05 10:56:34 CET 2021 Wed Oct 07 21:21:40 CEST 2020 | Mon Apr 05 11:56:34 CEST 2021 Wed Sep 29 21:21:40 CEST 2021 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=R3, O=Let's Encrypt, C=US | CN=DST Root CA X3, O=Digital Signature Trust Co. | Wed Oct 07 21:21:40 CEST 2020 | Wed Sep 29 21:21:40 CEST 2021 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 14:37:27 |
Start date: | 22/02/2021 |
Path: | C:\Program Files\internet explorer\iexplore.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff650a90000 |
File size: | 823560 bytes |
MD5 hash: | 6465CB92B25A7BC1DF8E01D8AC5E7596 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 14:37:28 |
Start date: | 22/02/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1370000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Disassembly |
---|