Analysis Report https://abundant-chivalrous-hedgehog.glitch.me/
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Dropped Files |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_HtmlPhish_10 | Yara detected HtmlPhish_10 | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Antivirus / Scanner detection for submitted sample | Show sources |
Source: | SlashNext: |
Phishing: |
---|
Yara detected HtmlPhish_10 | Show sources |
Source: | File source: | ||
Source: | File source: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Compliance: |
---|
Uses new MSVCR Dlls | Show sources |
Source: | File opened: | Jump to behavior |
Uses secure TLS version for HTTPS connections | Show sources |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Process Injection1 | Masquerading1 | OS Credential Dumping | File and Directory Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Encrypted Channel2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Process Injection1 | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information1 | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
100% | SlashNext | Fake Login Page type: Phishing & Social Engineering |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
cdnjs.cloudflare.com | 104.16.18.94 | true | false | high | |
abundant-chivalrous-hedgehog.glitch.me | 52.22.118.126 | true | false | high | |
stackpath.bootstrapcdn.com | unknown | unknown | false | high | |
ka-f.fontawesome.com | unknown | unknown | false | high | |
code.jquery.com | unknown | unknown | false | high | |
kit.fontawesome.com | unknown | unknown | false | high | |
maxcdn.bootstrapcdn.com | unknown | unknown | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| low | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| low | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
52.22.118.126 | unknown | United States | 14618 | AMAZON-AESUS | false | |
104.16.18.94 | unknown | United States | 13335 | CLOUDFLARENETUS | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 356142 |
Start date: | 22.02.2021 |
Start time: | 16:30:55 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 2m 33s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://abundant-chivalrous-hedgehog.glitch.me/ |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal56.phis.win@3/19@8/2 |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30296 |
Entropy (8bit): | 1.8473470094036497 |
Encrypted: | false |
SSDEEP: | 96:rHZMZul2jWuztZbfrslxKMwdxqcPxQlxfRsqx6X:rHZMZ82jW2tdfrBMzTDfRMX |
MD5: | 3420C688BCF552B9AE76923F3F7FCD46 |
SHA1: | F6C706234D4C966FE6151EC8EB3B78B610DB5F82 |
SHA-256: | DDBA7299E631BF05CF885F9D524FAAF11A4278BAEE5ED9B67B1AF9EE44EC7C34 |
SHA-512: | 36C0FC576C3C1A3A94BB74DF4737F6F0AAD8AAE99E498D4940096822A0ADDDA0C81C3D528A63B6F7FE41603F7227A0F7CE489ED7E256E3AB6809E1212EBD3EFF |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 27730 |
Entropy (8bit): | 1.812511282304039 |
Encrypted: | false |
SSDEEP: | 48:Iw7GcprGGwpamG4pQihGrapbSUGQpBfWGHHpcHTGUp8VUGzYpmC7GopZ0mNEvG+X:rhZeQW6ixBSMjfV2RWVQM2vq0SOE9tr |
MD5: | 06CD2A984DFACBD10BAA8E5F1C3B3351 |
SHA1: | F4AD663B60466ADBF1F1A62C87C507FB97C75F2E |
SHA-256: | D56F4826633FFD6C923E47A3C6C03E2081878C59D5CC4574030F9B7C2D03018E |
SHA-512: | 9EA9D3DE37EAD59B62EF0B5F84A016DFBB03726F9DC0FCF7186C55DDD1885DC6BD8669E17AF3FB9D32231A90D06756F61D77B43B5BE0CDD3A63B1273518DA433 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16984 |
Entropy (8bit): | 1.5620116672067232 |
Encrypted: | false |
SSDEEP: | 48:IwRGcprYGwpalG4pQpGrapbSFGQpKLG7HpRiTGIpG:rnZAQ36JBSvAKT2A |
MD5: | D92AC4C57CE9B0BDC2A6EAFB8457C4C4 |
SHA1: | B022B6471DFC091961982FB5366D13BC991B7234 |
SHA-256: | 1F8968376F62ADAD481AB53E3B3B316A1A2A43DD79DC96A5F1E172CE0D242B44 |
SHA-512: | 5E22437836626C95BFE4AEFDE7ABBEB850975774E7A0273B51D6BC83410B9521E8C1D6F36C796337D43889592207A42D35B92D6AB60A44B5CA88C2E02559C409 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 48944 |
Entropy (8bit): | 5.272507874206726 |
Encrypted: | false |
SSDEEP: | 768:9VG5R15WbHVKZrycEHSYro34CrSLB6WU/6DqBf4l1B:9VIRuo53XiwWTvl1B |
MD5: | 14D449EB8876FA55E1EF3C2CC52B0C17 |
SHA1: | A9545831803B1359CFEED47E3B4D6BAE68E40E99 |
SHA-256: | E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B |
SHA-512: | 00D9069B9BD29AD0DAA0503F341D67549CCE28E888E1AFFD1A2A45B64A4C1BC460D81CFC4751857F991F2F4FB3D2572FD97FCA651BA0C2B0255530209B182F22 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 223 |
Entropy (8bit): | 5.142612311542767 |
Encrypted: | false |
SSDEEP: | 6:0IFFDK+Q+56ZRWHMqh7izlpdRSRk68k3tg9EFNin:jFI+QO6ZRoMqt6p3Tk9g9CY |
MD5: | 72C5D331F2135E52DA2A95F7854049A3 |
SHA1: | 572F349BB65758D377CCBAE434350507341ACD7B |
SHA-256: | C3A12D7E8F6B2B1F5E4CD0C9938DFC79532AEF90802B424EE910093F156586DA |
SHA-512: | 9EA12CC277C9858524083FEBBE1A3E61FDECE5268F63B14C9FFAFE29396C7CCDB3B07BE10E829936BCCD8F3B9E39DCFA6BC4316F189E4CEA914F1D06916DB66B |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://fonts.googleapis.com/css?family=Archivo+Narrow&display=swap |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 144732 |
Entropy (8bit): | 5.452333629536582 |
Encrypted: | false |
SSDEEP: | 768:Zdy3Gxw/Vc/QWlJxtQOIuiHlq5mzI4X8OAduFKbv2ctg2Bd8JP7ecQVvH1FLRfkl:xw/a1fIuiHlq5mN8lDbNmPbbyP1R0 |
MD5: | 4904A2876C4D803200D421CCCD8FB04F |
SHA1: | 99C80A176C6A832F71AB3CE6E54F2C90A921DBD2 |
SHA-256: | 36065137A28B0771079E7DE9FA7F2BB55C0F9990342DDF5A1055173BD3BB8EE5 |
SHA-512: | D79D37994991EE58E9B0BF1725C0115680AC2808EF394654C6FF4F7CEF4DE51DC238DBBD34FA661691C58875107B88C83DFE929E01DE40E0EF9FBF852363C061 |
Malicious: | true |
Yara Hits: |
|
Reputation: | low |
IE Cache URL: | https://abundant-chivalrous-hedgehog.glitch.me/ |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 51039 |
Entropy (8bit): | 5.247253437401007 |
Encrypted: | false |
SSDEEP: | 768:E9Yw7GuJM+HV0cen/7Kh5rM7V4RxCKg8FW/xsXQUd+FiID65r48Hgp5HRl+:E9X7PMIM7V4R5LFAxTWyuHHgp5HRl+ |
MD5: | 67176C242E1BDC20603C878DEE836DF3 |
SHA1: | 27A71B00383D61EF3C489326B3564D698FC1227C |
SHA-256: | 56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4 |
SHA-512: | 9FA75814E1B9F7DB38FE61A503A13E60B82D83DB8F4CE30351BD08A6B48C0D854BAF472D891AF23C443C8293380C2325C7B3361B708AF9971AA0EA09A25CDD0A |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 26701 |
Entropy (8bit): | 4.82979949483045 |
Encrypted: | false |
SSDEEP: | 192:SP6hT1bIl4w0QUmQ10PwKLaAu5CwWavpHo4O6wgLPbJVR8XD7mycP:5hal4w0QK+PwK05eavpmgPPeXD7mycP |
MD5: | 1848E71668F42835079E5FA2AF6CF4A8 |
SHA1: | 6AE345E2FEB8C2A524E7CF9E22A3A87BAEE60593 |
SHA-256: | D7CC3C57F9BDA4C6DCB83BB3C19F2F2AA86ECEC6274E243CD4EC315AE8E30101 |
SHA-512: | 24E0AF4EC32A9AAB61D9E1AF9B2083F2D13CC98961B5E32BB613A02FEEF63F5F30C3B21C6308A4A204D981D77C86F09E221D0DB7B051A3538ACE07E727F29F58 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://ka-f.fontawesome.com/releases/v5.15.2/css/free-v4-shims.min.css?token=585b051251 |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 60351 |
Entropy (8bit): | 4.728636851806783 |
Encrypted: | false |
SSDEEP: | 768:5Uh31IPiyXNq4YxBowbgJlkwF//zMQyYJYX9Bft6VSz8:5U0PxXE4YXJgndFTfy9lt5Q |
MD5: | 4ECC071B77D6B1790FA9FB8A5173F972 |
SHA1: | B44FCBAAC4F3AA7381D71DE20064AC84B0B729D1 |
SHA-256: | 8C7BBA7DEB64FF95E98F7AC8CD0D3B675A4BCF02F302E57EDC5A1D6FA3D6CF94 |
SHA-512: | 7CC1D04078B5917269025B6F37C7DDD83A0A5A0C5840E2A6E99ADFE2FB3E2242C626F25315480ADCD725C855AD2881DDF672B6FC1D793377C2D16FF38EAF69E9 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://ka-f.fontawesome.com/releases/v5.15.2/css/free.min.css?token=585b051251 |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 85578 |
Entropy (8bit): | 5.366055229017455 |
Encrypted: | false |
SSDEEP: | 1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2 |
MD5: | 2F6B11A7E914718E0290410E85366FE9 |
SHA1: | 69BB69E25CA7D5EF0935317584E6153F3FD9A88C |
SHA-256: | 05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E |
SHA-512: | 0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 86709 |
Entropy (8bit): | 5.367391365596119 |
Encrypted: | false |
SSDEEP: | 1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5 |
MD5: | E071ABDA8FE61194711CFC2AB99FE104 |
SHA1: | F647A6D37DC4CA055CED3CF64BBC1F490070ACBA |
SHA-256: | 85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF |
SHA-512: | 53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://code.jquery.com/jquery-3.1.1.min.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 69597 |
Entropy (8bit): | 5.369216080582935 |
Encrypted: | false |
SSDEEP: | 1536:qNhEyjjTikEJO4edXXe9J578go6MWX2xkjVe4c4j2ll2Ac7pK3F71QDU8CuT:Exc2yjq4j2uYnQDU8CuT |
MD5: | 5F48FC77CAC90C4778FA24EC9C57F37D |
SHA1: | 9E89D1515BC4C371B86F4CB1002FD8E377C1829F |
SHA-256: | 9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398 |
SHA-512: | CAB8C4AFA1D8E3A8B7856EE29AE92566D44CEEAD70C8D533F2C98A976D77D0E1D314719B5C6A473789D8C6B21EBB4B89A6B0EC2E1C9C618FB1437EBC77D3A269 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://code.jquery.com/jquery-3.2.1.slim.min.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 10866 |
Entropy (8bit): | 5.182477446178365 |
Encrypted: | false |
SSDEEP: | 192:BBHN42S+9SZRvACpiIthFzoXnemF+shSGnZ+PPxQDqv7jh81Q5l8OcchIlzbCn:HRCfhFzevnEZ/h81Q5l8OsE |
MD5: | 4B900F0AF3BBDA85E1077C8EC8C83831 |
SHA1: | 7E7015965195F25AFA3A47BE2108278AD6A0A4AC |
SHA-256: | 7943D6D067DB8587E9FB675F0D2CC78D6C90C91B187CF8642A3F52FF91381685 |
SHA-512: | 2CD82E0DCD1381447522CFFD610136513323E5D2980FAE730801FE8BBA580FF7FDF9CB8D2E9AC794D6F2FB59C724EDA71BECE7CAA72C775BC963E1A54B30EBCB |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://kit.fontawesome.com/585b051251.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 34350 |
Entropy (8bit): | 6.319416398409097 |
Encrypted: | false |
SSDEEP: | 384:2TILSQt3owpXUazLuDULbNVTH/oOkKQB3I+89AyI6WcRwkw8cQUtR:2ULSe3yy6DOP/oDB29uc5w8cQUL |
MD5: | 73570FCA80D5237954C19C20BDA58A70 |
SHA1: | E27F09071CA6B858A1B96B1CD02B2B34BCE85178 |
SHA-256: | 75BAC9C568E4B2DF8C25F96513A92FA4740D4B11E58FB0ADB88E2F4DADC7FFCD |
SHA-512: | 60632D9B3893631C82FDC7D56741A8EFA52BA9333BF4FECA083330B9B1454CC6F4A1AEEDF621EBF92CFF634A0BA91F4EB1F0DF6009A69C6BD14A0A39908E8B99 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://ka-f.fontawesome.com/releases/v5.15.2/webfonts/free-fa-regular-400.eot? |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 204814 |
Entropy (8bit): | 6.343269877413605 |
Encrypted: | false |
SSDEEP: | 6144:9t+zd6McnODzpN2BDXTIRSwRKSK3NC59M4:iELnODze58Rjg+5b |
MD5: | AD5381B40F2857CE48DC73585FC92294 |
SHA1: | B404BB9916EDFD272560C27CFD09C032EC9F9B96 |
SHA-256: | 2D45F4A3844BEFB918111DF65049A4FA71577D5E8FF009934B62E647E4702AB0 |
SHA-512: | 69409725FE954403937CA22F5CDE811574FA2EBDBE24BF7CD5566826259A2427692251BFC90E663696C6A425F6C2DB95C8946495B4A5228B3BA8FEA10F79C2F5 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://ka-f.fontawesome.com/releases/v5.15.2/webfonts/free-fa-solid-900.eot? |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 19188 |
Entropy (8bit): | 5.212814407014048 |
Encrypted: | false |
SSDEEP: | 384:+CbuG4xGNoDic2UjKPafxwC5b/4xQviOJU7QzxzivDdE3pcGdjkd/9jt3B+Kb964:zb4xGmiJfaf7gxQvVU7eziv+cSjknZ3f |
MD5: | 70D3FDA195602FE8B75E0097EED74DDE |
SHA1: | C3B977AA4B8DFB69D651E07015031D385DED964B |
SHA-256: | A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66 |
SHA-512: | 51AFFB5A8CFD2F93B473007F6987B19A0A1A0FB970DDD59EF45BD77A355D82ABBBD60468837A09823496411E797F05B1F962AE93C725ED4C00D514BA40269D14 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 35491 |
Entropy (8bit): | 0.5071976319420638 |
Encrypted: | false |
SSDEEP: | 48:kBqoxKAuvScS+j9PGCICT0mNEDQNE5cQNEGNEgNEjNE/0E9:kBqoxKAuvScS+j9PGNSyOE9 |
MD5: | 626D7202C1A82CF618D35C8F11524951 |
SHA1: | B590EAF5CEB369B46716EBE362507001CA541606 |
SHA-256: | 274D0208D5EE1A22CEAC5B80F167E19AF8F5B6A578379CE8305F7830088384B0 |
SHA-512: | D876B47100201C9639509383165C825886F82D3B91CC34F6DB5E240C3C0EBD21AA34172C9A29CCFE7EC1D333130DD9B0A1D3F48748E701FF4AEC7B3C1EC6AED2 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13029 |
Entropy (8bit): | 0.4793734107392196 |
Encrypted: | false |
SSDEEP: | 12:c9lCg5/9lCgeK9l26an9l26an9l8fRvI9l8fRvY9lTqvD1CDi1efXecX/iX/p:c9lLh9lLh9lIn9lIn9loQ9log9lWYPaB |
MD5: | CC556D0FD2F6FA93A8D2291C1B64A93E |
SHA1: | 07A317740C5308A1B9F363BD85978C1A3A360586 |
SHA-256: | 72B4B597C9D7EACAF63DDA6126DFA6EC75168C0089D411C573E41F084FFD01FA |
SHA-512: | A7D4AD463FFD71CCF9D1AC07B66FF84822C6A2BFAABFC315F9D8C9BB107DF25400839B3846DCBB8B13030B2ED409AB371319C74B457152F84E5DD71E27373023 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 25441 |
Entropy (8bit): | 0.2977403157331066 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA+mml:kBqoxxJhHWSVSEab+ |
MD5: | 054FBD285767F0A92295ADC313A9D5A3 |
SHA1: | CC621C016B7CA5DA0CB72C288B623C9628E38BDD |
SHA-256: | BA024EB78232AB58864112ACB00D58B4CDADCA1AE02FC0B7F2233F9C823261AB |
SHA-512: | C73D33EF85BE8887590BF0005345ABB3AC03B8E34A8992C7D954A7DF50A46609866C178BB7CBA7491F2678928145D18A196DEED845D05367B6F87C6E6A47FFB7 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
No static file info |
---|
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 22, 2021 16:31:40.418378115 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.419375896 CET | 49708 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.547672987 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.547776937 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.548598051 CET | 443 | 49708 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.548722029 CET | 49708 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.553586960 CET | 49708 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.553667068 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.682365894 CET | 443 | 49708 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.682411909 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.683198929 CET | 443 | 49708 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.683222055 CET | 443 | 49708 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.683239937 CET | 443 | 49708 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.683255911 CET | 443 | 49708 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.683273077 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.683284998 CET | 49708 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.683290005 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.683306932 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.683321953 CET | 49708 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.683325052 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.683351994 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.683368921 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.717628002 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.717835903 CET | 49708 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.723854065 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.723988056 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.724031925 CET | 49708 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.844254971 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.844289064 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.844347000 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.844366074 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.844513893 CET | 443 | 49708 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.844552040 CET | 443 | 49708 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.844647884 CET | 49708 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.844696999 CET | 49708 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.845284939 CET | 49708 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.845338106 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.850326061 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.850435972 CET | 443 | 49708 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.850450039 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.850508928 CET | 49708 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.892841101 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.971738100 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.992973089 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.993041992 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.993083000 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.993160009 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.996982098 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.997020006 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.997051001 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.997114897 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.997153044 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.997157097 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.997198105 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.997268915 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.997294903 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.997308016 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.997373104 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:40.997492075 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:40.997566938 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.012847900 CET | 443 | 49708 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.119468927 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.119520903 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.119573116 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.119590998 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.119618893 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.119668961 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.119688034 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.119720936 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.122857094 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.123897076 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.123944044 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.123985052 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.124007940 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.124023914 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.124061108 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.124082088 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.124126911 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.124142885 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.124171019 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.124198914 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.124243975 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.124254942 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.124290943 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.124311924 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.124352932 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.124370098 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.124407053 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.124425888 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.124464989 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.124480963 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.124517918 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.124535084 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.124582052 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.124593019 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.124628067 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.124654055 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.124696016 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.124712944 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.124747038 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.124769926 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.124816895 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.247196913 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.247242928 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.247306108 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.247323990 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.247580051 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.247628927 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.247649908 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.247693062 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.247718096 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.247771025 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.247802973 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.247844934 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.247862101 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.247891903 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.247929096 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.247996092 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.252700090 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.252743959 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.252784967 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.252810955 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.252825975 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.252878904 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.252892017 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.252932072 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.252948046 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.252988100 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.253004074 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.253036022 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.253060102 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.253098965 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.253114939 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.253160000 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.253170967 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.253215075 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.253226042 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.253269911 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.253279924 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.253319025 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.253334999 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.253374100 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.253411055 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.253433943 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.253482103 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.253524065 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.253542900 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.253580093 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.253597975 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.253637075 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.253653049 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.253690958 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.253705978 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.253732920 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.253766060 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.253807068 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.253824949 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.253855944 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.253890991 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.253932953 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.253948927 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.253988028 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.254003048 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.254041910 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.254056931 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.254095078 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.254123926 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.254179001 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.254192114 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.254230976 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.254261971 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.254317045 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.254328966 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.254369974 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.254398108 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.254452944 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.254465103 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.254503965 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.254534006 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.254589081 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.254601002 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.254657984 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.374686003 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.374733925 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.374771118 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.374789953 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.374850988 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.374907017 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.374919891 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.374953985 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.375055075 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.375099897 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.375111103 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.375144958 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.375195980 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.375247955 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.375279903 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.375328064 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.375339031 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.375374079 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.375394106 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.375438929 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.375449896 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.375483036 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.375511885 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.375566959 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.375597000 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.375670910 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.375689030 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.375735998 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.375746012 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.375781059 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.375801086 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.375845909 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.381177902 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.381217957 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.381237984 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.381268024 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.381304979 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.381355047 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.381366968 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.381414890 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.381475925 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.381527901 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.381540060 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.381573915 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.381594896 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.381633997 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.381650925 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.381684065 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.381707907 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.381757021 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.381784916 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.381824970 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.381844044 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.381879091 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.381899118 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.381944895 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.381956100 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.381990910 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.382010937 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.382055998 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.382066011 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.382102013 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.382121086 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.382159948 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.382174969 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.382206917 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.382230043 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.382267952 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.382285118 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.382320881 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.382339954 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.382379055 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.382395029 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.382428885 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.382450104 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.382488012 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.382504940 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.382539034 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.382560015 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.382597923 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.382613897 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.382649899 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.382678032 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.382730961 CET | 443 | 49707 | 52.22.118.126 | 192.168.2.5 |
Feb 22, 2021 16:31:41.382744074 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.382778883 CET | 49707 | 443 | 192.168.2.5 | 52.22.118.126 |
Feb 22, 2021 16:31:41.552236080 CET | 49722 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.553786039 CET | 49723 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.597064972 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.5 |
Feb 22, 2021 16:31:41.597198009 CET | 49722 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.597758055 CET | 49722 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.598352909 CET | 443 | 49723 | 104.16.18.94 | 192.168.2.5 |
Feb 22, 2021 16:31:41.598498106 CET | 49723 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.598953962 CET | 49723 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.642431974 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.5 |
Feb 22, 2021 16:31:41.643632889 CET | 443 | 49723 | 104.16.18.94 | 192.168.2.5 |
Feb 22, 2021 16:31:41.643836975 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.5 |
Feb 22, 2021 16:31:41.643861055 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.5 |
Feb 22, 2021 16:31:41.644006014 CET | 49722 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.644289970 CET | 443 | 49723 | 104.16.18.94 | 192.168.2.5 |
Feb 22, 2021 16:31:41.644309044 CET | 443 | 49723 | 104.16.18.94 | 192.168.2.5 |
Feb 22, 2021 16:31:41.644352913 CET | 49722 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.644443035 CET | 49723 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.644546986 CET | 49723 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.656384945 CET | 49722 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.657965899 CET | 49722 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.659643888 CET | 49722 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.701220036 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.5 |
Feb 22, 2021 16:31:41.701349020 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.5 |
Feb 22, 2021 16:31:41.701397896 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.5 |
Feb 22, 2021 16:31:41.701437950 CET | 49722 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.701472044 CET | 49722 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.702558041 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.5 |
Feb 22, 2021 16:31:41.702591896 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.5 |
Feb 22, 2021 16:31:41.703629017 CET | 49722 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.705991030 CET | 49723 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.706302881 CET | 49722 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.706537008 CET | 49723 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.711905003 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.5 |
Feb 22, 2021 16:31:41.711949110 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.5 |
Feb 22, 2021 16:31:41.712018967 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.5 |
Feb 22, 2021 16:31:41.712038994 CET | 49722 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.712054014 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.5 |
Feb 22, 2021 16:31:41.712076902 CET | 49722 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.712093115 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.5 |
Feb 22, 2021 16:31:41.712110043 CET | 49722 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.712132931 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.5 |
Feb 22, 2021 16:31:41.712163925 CET | 49722 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.712203979 CET | 49722 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.712877989 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.5 |
Feb 22, 2021 16:31:41.712928057 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.5 |
Feb 22, 2021 16:31:41.712975979 CET | 49722 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.713535070 CET | 49722 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.713804960 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.5 |
Feb 22, 2021 16:31:41.713882923 CET | 49722 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.750752926 CET | 443 | 49723 | 104.16.18.94 | 192.168.2.5 |
Feb 22, 2021 16:31:41.750792980 CET | 443 | 49723 | 104.16.18.94 | 192.168.2.5 |
Feb 22, 2021 16:31:41.750879049 CET | 443 | 49723 | 104.16.18.94 | 192.168.2.5 |
Feb 22, 2021 16:31:41.750896931 CET | 49723 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.750955105 CET | 49723 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.751133919 CET | 443 | 49723 | 104.16.18.94 | 192.168.2.5 |
Feb 22, 2021 16:31:41.751167059 CET | 443 | 49723 | 104.16.18.94 | 192.168.2.5 |
Feb 22, 2021 16:31:41.751223087 CET | 49723 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.751678944 CET | 49723 | 443 | 192.168.2.5 | 104.16.18.94 |
Feb 22, 2021 16:31:41.791357040 CET | 443 | 49722 | 104.16.18.94 | 192.168.2.5 |
Feb 22, 2021 16:31:41.796252966 CET | 443 | 49723 | 104.16.18.94 | 192.168.2.5 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 22, 2021 16:31:31.036736012 CET | 52212 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:31.096919060 CET | 53 | 52212 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:31:31.202008009 CET | 54302 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:31.250919104 CET | 53 | 54302 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:31:31.791153908 CET | 53784 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:31.839829922 CET | 53 | 53784 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:31:32.082638979 CET | 65307 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:32.144129038 CET | 53 | 65307 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:31:32.875243902 CET | 64344 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:32.926532030 CET | 53 | 64344 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:31:33.021528006 CET | 62060 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:33.071028948 CET | 53 | 62060 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:31:33.136549950 CET | 61805 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:33.210441113 CET | 53 | 61805 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:31:33.644208908 CET | 54795 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:33.704052925 CET | 53 | 54795 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:31:34.848712921 CET | 49557 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:34.900336027 CET | 53 | 49557 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:31:35.659008026 CET | 61733 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:35.707987070 CET | 53 | 61733 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:31:37.281812906 CET | 65447 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:37.333599091 CET | 53 | 65447 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:31:38.418390989 CET | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:38.477488995 CET | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:31:39.244396925 CET | 62176 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:39.303349018 CET | 53 | 62176 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:31:39.559989929 CET | 59596 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:39.614506960 CET | 53 | 59596 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:31:40.347254992 CET | 65296 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:40.409357071 CET | 53 | 65296 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:31:40.815978050 CET | 63183 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:40.874720097 CET | 53 | 63183 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:31:40.923230886 CET | 60151 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:40.976378918 CET | 53 | 60151 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:31:41.042182922 CET | 56969 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:41.058099985 CET | 55161 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:41.102128029 CET | 53 | 56969 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:31:41.105117083 CET | 54757 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:41.109791994 CET | 53 | 55161 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:31:41.139417887 CET | 49992 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:41.174927950 CET | 53 | 54757 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:31:41.189409971 CET | 53 | 49992 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:31:41.427743912 CET | 60075 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:41.479260921 CET | 53 | 60075 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:31:41.599956989 CET | 55016 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:41.648545980 CET | 53 | 55016 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:31:41.685659885 CET | 64345 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:41.709222078 CET | 57128 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:41.734364033 CET | 53 | 64345 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:31:41.757931948 CET | 53 | 57128 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:31:42.995790005 CET | 54791 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:43.057534933 CET | 53 | 54791 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:31:43.785615921 CET | 50463 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:43.837239981 CET | 53 | 50463 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:31:44.935564041 CET | 50394 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:44.984468937 CET | 53 | 50394 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:31:56.745100021 CET | 58530 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:31:56.809459925 CET | 53 | 58530 | 8.8.8.8 | 192.168.2.5 |
Feb 22, 2021 16:32:03.793961048 CET | 53813 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 22, 2021 16:32:03.852885008 CET | 53 | 53813 | 8.8.8.8 | 192.168.2.5 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Feb 22, 2021 16:31:40.347254992 CET | 192.168.2.5 | 8.8.8.8 | 0xb096 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:31:41.058099985 CET | 192.168.2.5 | 8.8.8.8 | 0xd5d4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:31:41.139417887 CET | 192.168.2.5 | 8.8.8.8 | 0x86e6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:31:41.427743912 CET | 192.168.2.5 | 8.8.8.8 | 0xd386 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:31:41.599956989 CET | 192.168.2.5 | 8.8.8.8 | 0xd475 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:31:41.685659885 CET | 192.168.2.5 | 8.8.8.8 | 0x1f0c | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:31:41.709222078 CET | 192.168.2.5 | 8.8.8.8 | 0x8f81 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:31:56.745100021 CET | 192.168.2.5 | 8.8.8.8 | 0xc38f | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Feb 22, 2021 16:31:40.409357071 CET | 8.8.8.8 | 192.168.2.5 | 0xb096 | No error (0) | 52.22.118.126 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:31:40.409357071 CET | 8.8.8.8 | 192.168.2.5 | 0xb096 | No error (0) | 34.196.60.73 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:31:40.409357071 CET | 8.8.8.8 | 192.168.2.5 | 0xb096 | No error (0) | 18.215.10.11 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:31:40.409357071 CET | 8.8.8.8 | 192.168.2.5 | 0xb096 | No error (0) | 54.237.41.217 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:31:41.109791994 CET | 8.8.8.8 | 192.168.2.5 | 0xd5d4 | No error (0) | cds.s5x3j6q5.hwcdn.net | CNAME (Canonical name) | IN (0x0001) | ||
Feb 22, 2021 16:31:41.189409971 CET | 8.8.8.8 | 192.168.2.5 | 0x86e6 | No error (0) | kit.fontawesome.com.cdn.cloudflare.net | CNAME (Canonical name) | IN (0x0001) | ||
Feb 22, 2021 16:31:41.479260921 CET | 8.8.8.8 | 192.168.2.5 | 0xd386 | No error (0) | 104.16.18.94 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:31:41.479260921 CET | 8.8.8.8 | 192.168.2.5 | 0xd386 | No error (0) | 104.16.19.94 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:31:41.648545980 CET | 8.8.8.8 | 192.168.2.5 | 0xd475 | No error (0) | cds.j3z9t3p6.hwcdn.net | CNAME (Canonical name) | IN (0x0001) | ||
Feb 22, 2021 16:31:41.734364033 CET | 8.8.8.8 | 192.168.2.5 | 0x1f0c | No error (0) | ka-f.fontawesome.com.cdn.cloudflare.net | CNAME (Canonical name) | IN (0x0001) | ||
Feb 22, 2021 16:31:41.757931948 CET | 8.8.8.8 | 192.168.2.5 | 0x8f81 | No error (0) | cds.j3z9t3p6.hwcdn.net | CNAME (Canonical name) | IN (0x0001) | ||
Feb 22, 2021 16:31:56.809459925 CET | 8.8.8.8 | 192.168.2.5 | 0xc38f | No error (0) | 34.196.60.73 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:31:56.809459925 CET | 8.8.8.8 | 192.168.2.5 | 0xc38f | No error (0) | 52.22.118.126 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:31:56.809459925 CET | 8.8.8.8 | 192.168.2.5 | 0xc38f | No error (0) | 18.215.10.11 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:31:56.809459925 CET | 8.8.8.8 | 192.168.2.5 | 0xc38f | No error (0) | 54.237.41.217 | A (IP address) | IN (0x0001) |
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Feb 22, 2021 16:31:40.683255911 CET | 52.22.118.126 | 443 | 192.168.2.5 | 49708 | CN=glitch.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US | CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US | Mon Jan 18 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009 | Wed Feb 16 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US | CN=Amazon Root CA 1, O=Amazon, C=US | Thu Oct 22 02:00:00 CEST 2015 | Sun Oct 19 02:00:00 CEST 2025 | |||||||
CN=Amazon Root CA 1, O=Amazon, C=US | CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US | Mon May 25 14:00:00 CEST 2015 | Thu Dec 31 02:00:00 CET 2037 | |||||||
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US | OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US | Wed Sep 02 02:00:00 CEST 2009 | Wed Jun 28 19:39:16 CEST 2034 | |||||||
Feb 22, 2021 16:31:40.683325052 CET | 52.22.118.126 | 443 | 192.168.2.5 | 49707 | CN=glitch.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US | CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US | Mon Jan 18 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009 | Wed Feb 16 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US | CN=Amazon Root CA 1, O=Amazon, C=US | Thu Oct 22 02:00:00 CEST 2015 | Sun Oct 19 02:00:00 CEST 2025 | |||||||
CN=Amazon Root CA 1, O=Amazon, C=US | CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US | Mon May 25 14:00:00 CEST 2015 | Thu Dec 31 02:00:00 CET 2037 | |||||||
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US | OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US | Wed Sep 02 02:00:00 CEST 2009 | Wed Jun 28 19:39:16 CEST 2034 | |||||||
Feb 22, 2021 16:31:41.643861055 CET | 104.16.18.94 | 443 | 192.168.2.5 | 49722 | CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US | CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE | Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020 | Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US | CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE | Mon Jan 27 13:48:08 CET 2020 | Wed Jan 01 00:59:59 CET 2025 | |||||||
Feb 22, 2021 16:31:41.644309044 CET | 104.16.18.94 | 443 | 192.168.2.5 | 49723 | CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US | CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE | Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020 | Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US | CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE | Mon Jan 27 13:48:08 CET 2020 | Wed Jan 01 00:59:59 CET 2025 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 16:31:38 |
Start date: | 22/02/2021 |
Path: | C:\Program Files\internet explorer\iexplore.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6a0080000 |
File size: | 823560 bytes |
MD5 hash: | 6465CB92B25A7BC1DF8E01D8AC5E7596 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 16:31:39 |
Start date: | 22/02/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xc0000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Disassembly |
---|