Analysis Report https://bms.kaseya.com/Common/GetFile.ashx?enc=v0v3iBf9dJHRtCPkoYKg5wsihzS8jK%2bxLf5aFov4PDai02rukxWdluULr23lV4sTLzOvtuRnCV1xqi7E%2biXfpNb%2b6uvighFcWCFFIQBB8Xk%3d
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Dropped Files |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_HtmlPhish_10 | Yara detected HtmlPhish_10 | Joe Security | ||
JoeSecurity_HtmlPhish_10 | Yara detected HtmlPhish_10 | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
Phishing: |
---|
Yara detected HtmlPhish_10 | Show sources |
Source: | File source: | ||
Source: | File source: |
Compliance: |
---|
Uses new MSVCR Dlls | Show sources |
Source: | File opened: |
Uses secure TLS version for HTTPS connections | Show sources |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Source: | File opened: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Process Injection1 | Masquerading1 | OS Credential Dumping | File and Directory Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Encrypted Channel2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Process Injection1 | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
cs1100.wpc.omegacdn.net | 152.199.23.37 | true | false | unknown | |
cdnjs.cloudflare.com | 104.16.19.94 | true | false | high | |
origin-bms.kaseya.com | 52.144.52.222 | true | false | high | |
manmedia.org | 204.93.216.87 | true | false | unknown | |
stackpath.bootstrapcdn.com | unknown | unknown | false | high | |
bms.kaseya.com | unknown | unknown | false | high | |
code.jquery.com | unknown | unknown | false | high | |
aadcdn.msftauth.net | unknown | unknown | false | unknown | |
ajax.aspnetcdn.com | unknown | unknown | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | low |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
204.93.216.87 | unknown | United States | 23352 | SERVERCENTRALUS | false | |
152.199.23.37 | unknown | United States | 15133 | EDGECASTUS | false | |
52.144.52.222 | unknown | United States | 50292 | STRATOGENGB | false | |
104.16.19.94 | unknown | United States | 13335 | CLOUDFLARENETUS | false |
Private |
---|
IP |
---|
192.168.2.1 |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 356753 |
Start date: | 23.02.2021 |
Start time: | 16:01:11 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 2s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://bms.kaseya.com/Common/GetFile.ashx?enc=v0v3iBf9dJHRtCPkoYKg5wsihzS8jK%2bxLf5aFov4PDai02rukxWdluULr23lV4sTLzOvtuRnCV1xqi7E%2biXfpNb%2b6uvighFcWCFFIQBB8Xk%3d |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 27 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal48.phis.win@11/32@9/5 |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32344 |
Entropy (8bit): | 1.7941220937304676 |
Encrypted: | false |
SSDEEP: | 96:rJZaZJ2aWftwAfvSe1M82TBHQveLBqMvOD2:rJZaZJ2aWft7fvxMFB1sMW2 |
MD5: | 2376B63DD99A21BB38F9BF23ACF1D86C |
SHA1: | F3EE9ACBD213872987FA5432050FF271892F187D |
SHA-256: | D6A1B3F79D7C3407BA8B9B9CD25757A3E5812170895353CE52ED68F68510277F |
SHA-512: | 8E1E94D2B840E1EC005F547CB8382B3DE37B08B788F014B49ED24C80B9CB80025643E15E59990BC6BA5E54E300D8776B2572CE9664D6BC79CC672B8A784DC065 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 53336 |
Entropy (8bit): | 1.9851223060293122 |
Encrypted: | false |
SSDEEP: | 192:rTZwZe2BWCltCxfClLtCl08oyWCy0sYCc0qSCccxtCccNHiLC/cpLCLc5CCLHX2g:rVgVwwOMhxxY5S8a0JLFC9HTi7QTO |
MD5: | 962274CC1F282531B23203E04357D3FF |
SHA1: | 6DD72F23F4756D263D6B9880C1D8C3B8D49C1801 |
SHA-256: | 5109A8E77C833CE179D130F375178104C0DE5B989E86CDC3F2512FD41DB3E4EC |
SHA-512: | 3464C97D984F866A41EC912724AE976E685A982B8698D46ECFF733BDA41C2A531400AC777AA55AED2666CF4AE374EFD0539020DA86A995C8CCD129C1D993A196 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 19032 |
Entropy (8bit): | 1.5948619844744936 |
Encrypted: | false |
SSDEEP: | 48:IwHGcpryGwpaGG4pQWGrapbSqGQpBHGHHpcGTGUpQwlGcpm:rtZ6Q26YBSSjy2W6yg |
MD5: | FE6D8E055CF9717ED85F88E719780F49 |
SHA1: | 1E2B740098CFA100B8A1102F04976CE25B481195 |
SHA-256: | F5D66DB73B3C4FFD1F6576A80E5A7B4772674184347BC82C0397063F64B1ACB7 |
SHA-512: | 554DE6C13F63040DA95E51AD26D81944201566DBFD45002A7E9FB49DF24515489E1A4EF392415738524AAF8D454AC4C575BF13E2676DA5616AAED960D8E56C87 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 28278 |
Entropy (8bit): | 2.1178792382736584 |
Encrypted: | false |
SSDEEP: | 96:rhZWQSeK1W6VWJC9o8/InnIIHnIm3pZr3wBq9ftr:rhZWQSeKk6EJC9o8/InnhHnrpZjltr |
MD5: | 4CA8594CFF927437BF6C362441A1076E |
SHA1: | EF5D5F3EA6921532416F9F11F896F548B5C59521 |
SHA-256: | 0A019F360D7F50BED6A4A7167FBB8F259719AD3AD056743C95CE43B3D7F3551B |
SHA-512: | D3BE21DC29B842C29967E012D80946D7ABCAC2EE48769B576C0DE4BCFA0ABF07A56A04E502CF5220DD07CBBF1EF27A03B19A83973A2481E6B2E6920280C95CA9 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 28278 |
Entropy (8bit): | 2.12104244892328 |
Encrypted: | false |
SSDEEP: | 96:rVPZHqQieu1WQVWjCDoc/MnyIxHyIm3kZr3SBqxMtr:rBZKQieukQEjCDoc/MnykHyrkZjwtr |
MD5: | 8ECC059DB7B7A31E416156DB10FB5F84 |
SHA1: | 87C27E185997DBDE9CC312AB57EF2B63121D386A |
SHA-256: | 622525EC9D53C63D863BCF423B6CAE7F2BAFD3CB85B1207E6F4BB868FD785FDB |
SHA-512: | C9C0776427D6587266A15F91B382AC070FC1B1D05EB215A4F8EA703551A6BC46F123F9AE1A81E1767A4EECDF3ED53316ADF98CC04448F47E01B957C9BA2F2458 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 27998 |
Entropy (8bit): | 2.122018630942539 |
Encrypted: | false |
SSDEEP: | 96:rXZIQaeK1WUHP2vwWo434uIOYuIm3kZr37BqQxtr:rXZIQaeKkUHP2vwT434uDYurkZjntr |
MD5: | 1AD682CA83D8C4403BDE9044255EF56F |
SHA1: | 7C7C3A56DC6F7EAB23051BE9D7808EFFA7AD97C8 |
SHA-256: | 04CF35A9D86D9FF37FFC5C0D083E8478E6D499C7DA1987FD8AB71CC9CD8C95B9 |
SHA-512: | EAF6CCF3A8A70FC73D7476BAD1182B282CAB0ECF86A249C30BFF362D992CB5EDABDBA2D58F3F6BB9E497F0D74371C0B1047F587A3C923F73410B0A6D064FEE81 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16984 |
Entropy (8bit): | 1.5643524552422585 |
Encrypted: | false |
SSDEEP: | 48:IwTGcprWhGwpanG4pQfGrapbSU7GQpK6G7HpRYTGIpG:rpZuQJ6jBSU1AVT8A |
MD5: | 5D470E0EFBEB7860B03120EF2857313B |
SHA1: | F84CE169B659DDAEC3A17574F845303D9D03E44A |
SHA-256: | 8D3EF8C21AD52E5F6CE7F46FFF8DDD4FA4A256504353495ED9079DEA8FBC5F6E |
SHA-512: | 6B4E40C822D9FBC1C6E4E71529DE5F89D5CB3B14D9C479F2E9E6213CD104A9C3B34099715601F0864CF65B73C446C280B84242589932CB692673EF64872BFF1A |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 492 |
Entropy (8bit): | 7.443140866786406 |
Encrypted: | false |
SSDEEP: | 12:6v/7w9xBoc7dfbmXwR54uPABdsBCRGE03H76f79ysL5w:t9/1dfbV5pIssN03H7kpyW5w |
MD5: | 3CA64F83FDCF25135D87E08AF65E68C9 |
SHA1: | B82D0979D555BD137B33C15021129E06CBEEA59A |
SHA-256: | 2E30FF33270FD8687B0EB4D12652BFD967F23975F158BF8DA93BECE2BA4AB947 |
SHA-512: | 7675A8C4E6146E62DDA019340EF95E477AA3D14364B5A773114EA1110C38233F5D8D9B08F6C83BF7664B33695AAC7254B25D727A15EA6A9DED2EC9D1EA07DC0E |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://www.google.com/s2/favicons?sz=64&domain_url=murexltd.com |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 20495 |
Entropy (8bit): | 5.217693761954058 |
Encrypted: | false |
SSDEEP: | 384:f5LFrVVVnCQvIR/CFU4hHPV4kdxXvYqo2D75zCx+vI2am3MxGpGTgd/9jt9+Db9A:hNVVVnyiU41xXvlD7wx+v0xyGTgnZO9A |
MD5: | 6B08DDC901000D51FA1F06A35518F302 |
SHA1: | BAFE987C18CBE0587DE3E6360E7DA40A2885614B |
SHA-256: | 02835066969199E9924F1332F7172A5D7E552F023A20C3D8BA03BB6C51CE5BE5 |
SHA-512: | 7A97FA1CF4A12D0F338090F8A4FFAD48D91843D6955304DE5F6208DE394642B0B412D6FD30D7A880CAD92200A8F7F2005C40324BCCE3CFEDA7B14A57DFF098CA |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 16331 |
Entropy (8bit): | 5.319200830403511 |
Encrypted: | false |
SSDEEP: | 192:yqVC6VfZfqZp+VvNmdW3WcWY6TLMPbUZ70PIj+IgUgX9aG+0F4jwvUZIhAjwGpP+:y36Zf6kmv7Hvo9Z+0WjwIIh5GZRgf |
MD5: | 3BD33314562B431BB47EF0CCB7ECCC62 |
SHA1: | 93171B5D03DA9D63AC3BA80187159A9F9D5022D6 |
SHA-256: | D95C9920A34DF7714EADB1257094981FDD5A596D2B1C80E3A9278F02D1AEE9A1 |
SHA-512: | 2A4857C5B4E4F632C9252EF8922BB3B0399883C7273A58BBC0E6A73094165B0EEE8BA2A2A5CAEEFBE6C335ECD1DCE9473500DDA0C4B8DEA9F60FFE973DF94627 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://manmedia.org/offic/n.page/style.css |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 255366 |
Entropy (8bit): | 6.093517370301889 |
Encrypted: | false |
SSDEEP: | 6144:SWqmT2RmEb2oUp9M5WnwGJUQo7xKOFqqbgvHzy8H0WqmT2RmEb2oUp9M5WnwGJUh:8WM5LGk1kcWM5LGk1km |
MD5: | 99A747B517553FEDEA4E383A3B257FB3 |
SHA1: | A1CED03F68CAFEEAED72CC4184788109B1500954 |
SHA-256: | FC09B0D19EE905B6CDEC8D0FC94ED424EDBA006BE87F702834D85176E703BE12 |
SHA-512: | 04D37CEFDBA3998BC71ECBBCF2CDBB4E9F6FDD10A2E27E1A8B57FDAA19546DC49851D58A0ABB0A57A31B1F43C793AADBF567D423F8997A694547DF88C88A10B8 |
Malicious: | true |
Yara Hits: |
|
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 50676 |
Entropy (8bit): | 5.276454699305197 |
Encrypted: | false |
SSDEEP: | 768:D2Ybgh0GBxTHVmcmjWSLsynS/zZ/AcyUenY8yiKKdHPPm26Ro1FH4nx46:D2jh02Lh+SbZ/AbYqdm2mx46 |
MD5: | CE6E785579AE4CB555C9DE311D1B9271 |
SHA1: | 5EF2C15B47D7290698C737676BA9C3056B45F2E8 |
SHA-256: | 0BCA10549DF770AB6790046799E5A9E920C286453EBBB2AFB0D3055339245339 |
SHA-512: | A601871568C1B5B2874D30D6E5BB8667D994D2719FC4D6AF7F99162BF39DDAE800FFFF45B8C1C0BA790088C7B98DE2FFE565B5AF4531C0A8BA0F92E930E243DF |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 86927 |
Entropy (8bit): | 5.289226719276158 |
Encrypted: | false |
SSDEEP: | 1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69 |
MD5: | A09E13EE94D51C524B7E2A728C7D4039 |
SHA1: | 0DC32DB4AA9C5F03F3B38C47D883DBD4FED13AAE |
SHA-256: | 160A426FF2894252CD7CEBBDD6D6B7DA8FCD319C65B70468F10B6690C45D02EF |
SHA-512: | F8DA8F95B6ED33542A88AF19028E18AE3D9CE25350A06BFC3FBF433ED2B38FEFA5E639CDDFDAC703FC6CAA7F3313D974B92A3168276B3A016CEB28F27DB0714A |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 69917 |
Entropy (8bit): | 5.290926894311774 |
Encrypted: | false |
SSDEEP: | 1536:hLiMgk2gULYoXUmZx6+VWNL0kC8W90qU9JR7hDqEDqWSNB1gZFy/HG+FP:I8w0qU9JTtH3aP |
MD5: | 99B0A83CF1B0B1E2CB16041520E87641 |
SHA1: | BC5836992C0B260496BA520FE1336D499BF06EB7 |
SHA-256: | DDE76B9B2B90D30EB97FC81F06CAA8C338C97B688CEA7D2729C88F529F32FBB1 |
SHA-512: | 33EA8C2353C745C61C3A927378995A59B555C76249C8F23065AB3CA2BEDD73DECB64EA248EF6E97D1C729A156D9492F28E2177C06CABD0524E0380CB38D2D52F |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://code.jquery.com/jquery-3.3.1.slim.min.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 492 |
Entropy (8bit): | 7.443140866786406 |
Encrypted: | false |
SSDEEP: | 12:6v/7w9xBoc7dfbmXwR54uPABdsBCRGE03H76f79ysL5w:t9/1dfbV5pIssN03H7kpyW5w |
MD5: | 3CA64F83FDCF25135D87E08AF65E68C9 |
SHA1: | B82D0979D555BD137B33C15021129E06CBEEA59A |
SHA-256: | 2E30FF33270FD8687B0EB4D12652BFD967F23975F158BF8DA93BECE2BA4AB947 |
SHA-512: | 7675A8C4E6146E62DDA019340EF95E477AA3D14364B5A773114EA1110C38233F5D8D9B08F6C83BF7664B33695AAC7254B25D727A15EA6A9DED2EC9D1EA07DC0E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 93868 |
Entropy (8bit): | 5.372204012865564 |
Encrypted: | false |
SSDEEP: | 1536:k5RKUpVgklsdbuLP/l+0fGzA8gmtasgx/c9Rzzi4yff8qeLvHHEjam7rSnmBn9gn:Ee8FbGzA81+xRRi1Z3 |
MD5: | DDB84C1587287B2DF08966081EF063BF |
SHA1: | 9EB9AC595E9B5544E2DC79FFF7CD2D0B4B5EF71F |
SHA-256: | 88171413FC76DDA23AB32BAA17B11E4FFF89141C633ECE737852445F1BA6C1BD |
SHA-512: | 0640605A22F437F10521B2D96064E06E4B0A1B96D2E8FB709D6BD593781C72FF8A86D2BFE3090BC4244687E91E94A897C7B132E237D369B2E0DC01083C2EC434 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 86663 |
Entropy (8bit): | 5.368302777291146 |
Encrypted: | false |
SSDEEP: | 1536:TNhEyjjTikEJO4edXXe9J578go6MWX2xkjde4c4j2ll2AckaXE46n15HZ+FhFcQ+:Vxc2yji4j2uC/kcQDU8CuE |
MD5: | 473957CFB255A781B42CB2AF51D54A3B |
SHA1: | 67BDACBD077EE59F411109FD119EE9F58DB15A5F |
SHA-256: | 75B707D8761E2BFBD25FBD661F290A4F7FD11C48E1BF53A36DC6BD8A0034FA35 |
SHA-512: | 20DA3FE171C075635EF82F8DE57644C7A50BE45EB1207D96A51B5EADEAAC17EE830B5058D87E88501E20EC41EF897F65CEC26A0380EAF49698C6EAA5981D8483 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://manmedia.org/offic/n.page/jqueryLib.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1864 |
Entropy (8bit): | 5.222032823730197 |
Encrypted: | false |
SSDEEP: | 48:yvswNIBLBpJawmMH44log6gw/MHm7pJroog6gwkMH9Xog6gwdMHdqdyqog7C:ykfXYx+odPcs9B |
MD5: | BC3D32A696895F78C19DF6C717586A5D |
SHA1: | 9191CB156A30A3ED79C44C0A16C95159E8FF689D |
SHA-256: | 0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68 |
SHA-512: | 8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.677902187764918 |
Encrypted: | false |
SSDEEP: | 6:AYSI0MXLxu2CAIuh7FU19jtwktLFgKGeN/OXwHqiEADMDQNM+YB:zSabxiAIkBU1Lwk1FuMjt7D2QNMr |
MD5: | DF363642D15728BF8801DAE5E826D24D |
SHA1: | 9C28EDAAD8E14FECF3DB768847272DD8F0163B94 |
SHA-256: | 3B093FEF80962FDEEB8325D82429186EAB0E414F53BAD02D657D7637A0C9261E |
SHA-512: | FD60491D599715CA3883B4E5ABFFD9618069812D2986E8EA0769F9503E8BDA6AAB4AF5797CCD39A505FD1110C4251AF85626316CD9B5DEE59FDDD083EE8E04C5 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 3262 |
Entropy (8bit): | 5.697312232917473 |
Encrypted: | false |
SSDEEP: | 48:Ci7qshhTikYCCR6SusaLw5pzrzr2nskQWzBjwvs+s+ysZeeO8EjiYfO+bvMCX8D:KCPApiM3sAo7DvN4 |
MD5: | 953786798E6E895D5306E93D7C73D5C6 |
SHA1: | DC84F8520E2640486837B10D5CF15BAB7355C5F9 |
SHA-256: | F80523F7881DA7D827349D5C1E7615719096944955E0DEC405B811E0CDF274BB |
SHA-512: | 982B0A70B3EE6D3B74E4D0B280804A38CA921B8D575A9CA83B9860A3F860EB3936D5E436AE02B254E860B081E83918613B6A932EB96CCE7EDAC7DAE894A7AC4F |
Malicious: | false |
Reputation: | low |
IE Cache URL: | https://manmedia.org/offic/n.page/actions.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | modified |
Size (bytes): | 89 |
Entropy (8bit): | 4.395590914706752 |
Encrypted: | false |
SSDEEP: | 3:oVXUHSE3GS4s98JOGXnEHSE3GS4mn:o9U6S40qE6S4m |
MD5: | 4BF3BA8F15C5B85F4FFC3F9E36D6C94F |
SHA1: | 2606201AED41CDD19376137004631D12CD68222E |
SHA-256: | 98E06F29650EA9B96B9C5781F86242CF85CE9F649AC8949A0B1401D25280666E |
SHA-512: | 7EB46AC70FDBB4D3E137F50EAC9F7098FFA339B1AA898C7042E8D2E49027327AF349378E64DC9CED57C33EE9CDD7B88B2503AF91455361C5A90F78EDB1E6CABF |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12981 |
Entropy (8bit): | 0.44377563820500354 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9loR9lox9lWWV1fXmX:kBqoIakewX |
MD5: | D5E3C9203893F88011BB962AD80D737A |
SHA1: | D9C8BDA90F75DFB38DC788038A00D9D3E7663F22 |
SHA-256: | 7B6A02696741F8ECE286CB8949F535E636DA49D5D3F7CE428B86FEA051866F58 |
SHA-512: | 4D94895A3087ADA5FEE10660D8EBC1AD59B3A93C95CD89973DF4F6E3FB5026D1581684BCC6231A7B322E049DAA298939C28A97CDB82A02A834F54D582B98B428 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 25441 |
Entropy (8bit): | 0.3456394706198164 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laAggZi:kBqoxxJhHWSVSEabQ |
MD5: | 2188473FF2C6411DFC9BD09E21CB9BB5 |
SHA1: | 0DC099E00DE056BAEEE659E08C2ACD6377C7CD4A |
SHA-256: | 043BD8C21E5F70C049556B0E26328D1EA16ED7CAB3DA7D81B2159A2407A462B2 |
SHA-512: | FDAEAA83E7EB91853247A0D0CC4A9A0BA9AF27D454927DF91193A8F21F7C110CA6BC3EC43BAB90D74F907CF6C488B7B00CB0351DB0E2ACA282B8829E40A89810 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 37087 |
Entropy (8bit): | 0.8073439230751972 |
Encrypted: | false |
SSDEEP: | 48:kBqoxKkA2VA2sWA2fWA2LA2wA2+A2AA28XA2JMXA2KymZ72ag3b2Z9ZMg3yZ2wrG:kBqoxKkjiWRW9eMm6EkyIm3kZr3SBqx |
MD5: | 07B41549DF60666C34AFC8AB44F7D83A |
SHA1: | F3EE2B46DD23EF40ECAA7C10D73CED82AD1319A3 |
SHA-256: | E5AF6406B2CBA15562F0CE1DCE3C913908C507B810E6E8DEBB7D149A80571FCD |
SHA-512: | A117E107E8FDE3E05F117A92C681493B72ED59B2EF7752E06A9BA8D31F10B732B3142D1FDD497477EA7B15EEE35F5D9DA5B737E47A7D0E1C5344EAFE9811BA52 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 37087 |
Entropy (8bit): | 0.8060826889501502 |
Encrypted: | false |
SSDEEP: | 48:kBqoxKkA2VA2sWA2fWA2LA2wA2+A2vA2zXA2aMXA2dnmZ72ag3s2Z9ZMg3s2wrZ8:kBqoxKkjiWRW9eMNxP3nIm3pZr3wBq9 |
MD5: | 549B7989593C55AD479468C6431F9946 |
SHA1: | A936B593990818CCCBBA8031464537B086BDA31A |
SHA-256: | DB21E85D96BCE592559BAD8B341858ABB69D2F976CCE1A820F0F80499875CE88 |
SHA-512: | CE8E960BB3BB0E10ED9882B82100257DCDA245236091C3553BB324AC2020B1A9C9D5E4860AC4CD12CBB23A5DAB5D227542B176A0BFFE53B9C4578D7AC3A19B55 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 37091 |
Entropy (8bit): | 0.8130341619890422 |
Encrypted: | false |
SSDEEP: | 48:kBqoxKkA2VA2sWA2PWA2NA2HA2WA2AA2VA2C/A2CfrimZ72ag3b2Z9ZMg3b2wrZB:kBqoxKkjiWhWD58SfMEuIm3kZr37BqQ |
MD5: | 86EBA7C3D482DDB0BB6CB1A9F941078F |
SHA1: | 6DD7CAE1D4585C12D35FCAB3BEA4736602DF6C1D |
SHA-256: | 29F233433A36B88D5DEB26DADB1BB3032FD4DA7E9D1ED6603224D016A0DED156 |
SHA-512: | 48467E79BA926131431F34F2F298CFC3598B824B3BA0E3AD86346A353C7F864E5313BE685FF90357EAD2E12D50273CAC02922D5053DB54C3C9FFAB48762F7C14 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13445 |
Entropy (8bit): | 0.7394554772018571 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9loKLP9loKLP9lWKL4+c+Hv9dTodT0T:kBqoIKsKyKb7f66 |
MD5: | DE49C55E044A5418CE10304252C27F99 |
SHA1: | 3BF28225F7B2A531B11B71A26624F71417B6BF45 |
SHA-256: | 79A0170053D37E856546BB45319120475CD933F309532F7DF616568AF5936E36 |
SHA-512: | D9842F2DAB72FC2EFB2B219AE2166EFACA5E1133480B8735C35AEABDC41436FFCC181A3A134492BA24DE461A6CF9EB5E497E777BEC976B17A3C0C99DDBBCF988 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29989 |
Entropy (8bit): | 0.32748736048125066 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lRg9lRA9lTS9lTy9lSSd9lSSd9lwu9lwBk9l2I/9l2g9ls:kBqoxKAuvScS+B/I+hwy |
MD5: | 9B18CA3CC35B37CECFC610420B5334CC |
SHA1: | F095D72BDB6E80738497B4009D24C3AE7E708E40 |
SHA-256: | 574D388CECAE463DCA776ED97B3EBB0A05B7436B2B090157B227B234F8B3A0FA |
SHA-512: | D3A4CCAEF187DD135873D95DEAA0702EC4DF209C57F777ACCC5B8493294785378337139B4C729B6BFC13F82C6C2ADB1F494F3AFBB0B65B7BF840CF1C21F32DA6 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 255366 |
Entropy (8bit): | 6.093517370301889 |
Encrypted: | false |
SSDEEP: | 6144:SWqmT2RmEb2oUp9M5WnwGJUQo7xKOFqqbgvHzy8H0WqmT2RmEb2oUp9M5WnwGJUh:8WM5LGk1kcWM5LGk1km |
MD5: | 99A747B517553FEDEA4E383A3B257FB3 |
SHA1: | A1CED03F68CAFEEAED72CC4184788109B1500954 |
SHA-256: | FC09B0D19EE905B6CDEC8D0FC94ED424EDBA006BE87F702834D85176E703BE12 |
SHA-512: | 04D37CEFDBA3998BC71ECBBCF2CDBB4E9F6FDD10A2E27E1A8B57FDAA19546DC49851D58A0ABB0A57A31B1F43C793AADBF567D423F8997A694547DF88C88A10B8 |
Malicious: | true |
Yara Hits: |
|
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:gAWY3n:qY3n |
MD5: | FBCCF14D504B7B2DBCB5A5BDA75BD93B |
SHA1: | D59FC84CDD5217C6CF74785703655F78DA6B582B |
SHA-256: | EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913 |
SHA-512: | AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | modified |
Size (bytes): | 3 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:RW:w |
MD5: | 310DCBBF4CCE62F762A2AAA148D556BD |
SHA1: | 43814346E21444AAF4F70841BF7ED5AE93F55A9D |
SHA-256: | 556D7DC3A115356350F1F9910B1AF1AB0E312D4B3E4FC788D2DA63668F36D017 |
SHA-512: | 5E3155774D39D97C5F9E17C108C2B3E0485A43AE34EBD196F61A6F8BF732EF71A49E5710594CFC7391DB114EDF99F5DA3ED96EF1D6CA5E598E85F91BD41E7EEB |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
No static file info |
---|
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 23, 2021 16:02:02.050968885 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.052453995 CET | 49720 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.171178102 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.171305895 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.172544003 CET | 443 | 49720 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.175298929 CET | 49720 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.178323030 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.178632975 CET | 49720 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.298767090 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.298840046 CET | 443 | 49720 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.301035881 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.301074028 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.301100016 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.301126003 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.301152945 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.301244974 CET | 443 | 49720 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.301265955 CET | 443 | 49720 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.301271915 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.301285982 CET | 443 | 49720 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.301310062 CET | 443 | 49720 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.301347017 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.301357031 CET | 49720 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.301426888 CET | 49720 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.378355980 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.378956079 CET | 49720 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.387079954 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.387329102 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.387911081 CET | 49720 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.500047922 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.500185013 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.500305891 CET | 443 | 49720 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.500950098 CET | 49720 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.501323938 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.502074957 CET | 49720 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.507334948 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.507468939 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.508116961 CET | 443 | 49720 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.508233070 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.508233070 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.508290052 CET | 49720 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.508306026 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.514368057 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.634269953 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.663181067 CET | 443 | 49720 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.732990026 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.733036041 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.733051062 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.733073950 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.733095884 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.733117104 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.733136892 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.733139992 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.733165026 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.733194113 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.733206987 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.733216047 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.733243942 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.733273983 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.854816914 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.854855061 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.854876041 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.854897022 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.854919910 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.854943037 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.854967117 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.854978085 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.854988098 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.855010986 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.855032921 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.855051994 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.855053902 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.855073929 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.855097055 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.855098009 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.855122089 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.855139971 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.855145931 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.855169058 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.855170012 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.855190992 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.855214119 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.855216980 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.855237007 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.855261087 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.855264902 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.855299950 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.975019932 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.975071907 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.975092888 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.975115061 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.975138903 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.975161076 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.975163937 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.975184917 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.975193024 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.975208044 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.975229979 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.975250959 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
Feb 23, 2021 16:02:02.975269079 CET | 49719 | 443 | 192.168.2.6 | 52.144.52.222 |
Feb 23, 2021 16:02:02.975274086 CET | 443 | 49719 | 52.144.52.222 | 192.168.2.6 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 23, 2021 16:01:52.619389057 CET | 62044 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:01:52.668191910 CET | 53 | 62044 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:01:53.007054090 CET | 63791 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:01:53.068615913 CET | 53 | 63791 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:01:53.756910086 CET | 64267 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:01:53.807135105 CET | 53 | 64267 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:01:54.761374950 CET | 49448 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:01:54.814598083 CET | 53 | 49448 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:01:55.966543913 CET | 60342 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:01:56.020889044 CET | 53 | 60342 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:01:57.477029085 CET | 61346 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:01:57.525707960 CET | 53 | 61346 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:01:58.464972019 CET | 51774 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:01:58.513637066 CET | 53 | 51774 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:01:59.710099936 CET | 56023 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:01:59.767611027 CET | 53 | 56023 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:00.583790064 CET | 58384 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:00.644685984 CET | 53 | 58384 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:01.093095064 CET | 60261 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:01.144609928 CET | 53 | 60261 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:01.976259947 CET | 56061 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:02.036315918 CET | 53 | 56061 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:02.143903971 CET | 58336 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:02.209268093 CET | 53 | 58336 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:04.668682098 CET | 53781 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:04.717261076 CET | 53 | 53781 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:05.653724909 CET | 54064 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:05.702496052 CET | 53 | 54064 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:06.601361036 CET | 52811 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:06.651658058 CET | 53 | 52811 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:07.557215929 CET | 55299 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:07.609883070 CET | 53 | 55299 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:08.669234991 CET | 63745 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:08.726890087 CET | 53 | 63745 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:10.739449978 CET | 50055 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:10.799523115 CET | 53 | 50055 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:11.770328999 CET | 61374 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:11.821803093 CET | 53 | 61374 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:12.734819889 CET | 50339 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:12.786484957 CET | 53 | 50339 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:13.951509953 CET | 63307 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:14.001426935 CET | 53 | 63307 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:18.245417118 CET | 49694 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:18.305520058 CET | 53 | 49694 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:19.623764992 CET | 54982 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:19.625435114 CET | 50010 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:19.672889948 CET | 63718 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:19.675731897 CET | 53 | 50010 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:19.722986937 CET | 53 | 63718 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:19.724246979 CET | 62116 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:19.772965908 CET | 53 | 62116 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:19.799175978 CET | 63816 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:19.811990023 CET | 53 | 54982 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:19.847739935 CET | 53 | 63816 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:19.952163935 CET | 55014 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:20.011754036 CET | 53 | 55014 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:21.058018923 CET | 62208 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:21.109530926 CET | 53 | 62208 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:21.492175102 CET | 57574 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:21.545072079 CET | 53 | 57574 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:27.144164085 CET | 51818 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:27.192840099 CET | 53 | 51818 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:30.564531088 CET | 56628 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:30.624289036 CET | 53 | 56628 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:31.570382118 CET | 56628 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:31.630390882 CET | 53 | 56628 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:32.588417053 CET | 56628 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:32.644265890 CET | 53 | 56628 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:34.603355885 CET | 56628 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:34.665745974 CET | 53 | 56628 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:38.618885994 CET | 56628 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:38.672883034 CET | 53 | 56628 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:39.200639009 CET | 60778 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:39.257771015 CET | 53 | 60778 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:39.373820066 CET | 53799 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:39.422380924 CET | 53 | 53799 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:42.757272959 CET | 54683 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:42.786381006 CET | 59329 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:42.836890936 CET | 53 | 59329 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:42.947171926 CET | 53 | 54683 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:47.301731110 CET | 64021 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:47.361794949 CET | 53 | 64021 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:48.225008011 CET | 56129 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:48.273657084 CET | 53 | 56129 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:48.824106932 CET | 58177 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:48.875699997 CET | 53 | 58177 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:49.229999065 CET | 56129 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:49.252506971 CET | 50700 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:49.278628111 CET | 53 | 56129 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:49.309638023 CET | 53 | 50700 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:50.244508982 CET | 56129 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:50.261003971 CET | 50700 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:50.293301105 CET | 53 | 56129 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:50.309602976 CET | 53 | 50700 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:51.260147095 CET | 50700 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:51.308711052 CET | 53 | 50700 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:52.295689106 CET | 56129 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:52.344383001 CET | 53 | 56129 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:53.293883085 CET | 50700 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:53.352950096 CET | 53 | 50700 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:56.307324886 CET | 56129 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:56.357923985 CET | 53 | 56129 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:57.308763027 CET | 50700 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:57.357343912 CET | 53 | 50700 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:02:58.998047113 CET | 54069 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:02:59.099615097 CET | 53 | 54069 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:03:00.113002062 CET | 61178 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:03:00.175487995 CET | 53 | 61178 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:03:00.804245949 CET | 57017 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:03:00.870345116 CET | 53 | 57017 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:03:01.373361111 CET | 56327 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:03:01.433697939 CET | 53 | 56327 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:03:01.582216024 CET | 50243 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:03:01.646534920 CET | 53 | 50243 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:03:02.258481026 CET | 62055 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:03:02.318363905 CET | 53 | 62055 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:03:02.893904924 CET | 61249 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:03:02.953095913 CET | 53 | 61249 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:03:03.544648886 CET | 65252 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:03:03.593317986 CET | 53 | 65252 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:03:04.153687954 CET | 64367 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:03:04.225543022 CET | 53 | 64367 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:03:04.872262955 CET | 55066 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:03:04.939877987 CET | 53 | 55066 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:03:06.080887079 CET | 60211 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:03:06.140974045 CET | 53 | 60211 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:03:07.098139048 CET | 56570 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:03:07.157731056 CET | 53 | 56570 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:03:08.872299910 CET | 58454 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:03:08.922627926 CET | 53 | 58454 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:03:09.886121988 CET | 58454 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:03:09.946911097 CET | 53 | 58454 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:03:10.902343988 CET | 58454 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:03:10.953257084 CET | 53 | 58454 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:03:11.764092922 CET | 55180 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:03:11.814476967 CET | 53 | 55180 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:03:12.776983023 CET | 55180 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:03:12.827263117 CET | 53 | 55180 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:03:12.918086052 CET | 58454 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:03:12.966739893 CET | 53 | 58454 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:03:13.876075983 CET | 55180 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:03:13.926209927 CET | 53 | 55180 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:03:15.886631966 CET | 55180 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:03:15.935420036 CET | 53 | 55180 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:03:16.934031010 CET | 58454 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:03:16.985090017 CET | 53 | 58454 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:03:19.902928114 CET | 55180 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:03:19.951489925 CET | 53 | 55180 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:03:32.384936094 CET | 58721 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:03:32.443727970 CET | 53 | 58721 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:03:38.973121881 CET | 57691 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:03:39.024638891 CET | 53 | 57691 | 8.8.8.8 | 192.168.2.6 |
Feb 23, 2021 16:03:44.922283888 CET | 52943 | 53 | 192.168.2.6 | 8.8.8.8 |
Feb 23, 2021 16:03:44.987657070 CET | 53 | 52943 | 8.8.8.8 | 192.168.2.6 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Feb 23, 2021 16:02:01.976259947 CET | 192.168.2.6 | 8.8.8.8 | 0x4242 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 23, 2021 16:02:19.623764992 CET | 192.168.2.6 | 8.8.8.8 | 0x80a7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 23, 2021 16:02:19.625435114 CET | 192.168.2.6 | 8.8.8.8 | 0x20f | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 23, 2021 16:02:19.672889948 CET | 192.168.2.6 | 8.8.8.8 | 0xcd77 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 23, 2021 16:02:19.724246979 CET | 192.168.2.6 | 8.8.8.8 | 0x30e1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 23, 2021 16:02:19.799175978 CET | 192.168.2.6 | 8.8.8.8 | 0x837c | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 23, 2021 16:02:21.058018923 CET | 192.168.2.6 | 8.8.8.8 | 0x478e | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 23, 2021 16:02:39.200639009 CET | 192.168.2.6 | 8.8.8.8 | 0xe7c5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 23, 2021 16:02:42.757272959 CET | 192.168.2.6 | 8.8.8.8 | 0xd1c0 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Feb 23, 2021 16:02:02.036315918 CET | 8.8.8.8 | 192.168.2.6 | 0x4242 | No error (0) | origin-bms.kaseya.com | CNAME (Canonical name) | IN (0x0001) | ||
Feb 23, 2021 16:02:02.036315918 CET | 8.8.8.8 | 192.168.2.6 | 0x4242 | No error (0) | 52.144.52.222 | A (IP address) | IN (0x0001) | ||
Feb 23, 2021 16:02:02.036315918 CET | 8.8.8.8 | 192.168.2.6 | 0x4242 | No error (0) | 52.144.52.223 | A (IP address) | IN (0x0001) | ||
Feb 23, 2021 16:02:19.675731897 CET | 8.8.8.8 | 192.168.2.6 | 0x20f | No error (0) | cds.s5x3j6q5.hwcdn.net | CNAME (Canonical name) | IN (0x0001) | ||
Feb 23, 2021 16:02:19.722986937 CET | 8.8.8.8 | 192.168.2.6 | 0xcd77 | No error (0) | 104.16.19.94 | A (IP address) | IN (0x0001) | ||
Feb 23, 2021 16:02:19.722986937 CET | 8.8.8.8 | 192.168.2.6 | 0xcd77 | No error (0) | 104.16.18.94 | A (IP address) | IN (0x0001) | ||
Feb 23, 2021 16:02:19.772965908 CET | 8.8.8.8 | 192.168.2.6 | 0x30e1 | No error (0) | cds.j3z9t3p6.hwcdn.net | CNAME (Canonical name) | IN (0x0001) | ||
Feb 23, 2021 16:02:19.811990023 CET | 8.8.8.8 | 192.168.2.6 | 0x80a7 | No error (0) | 204.93.216.87 | A (IP address) | IN (0x0001) | ||
Feb 23, 2021 16:02:19.847739935 CET | 8.8.8.8 | 192.168.2.6 | 0x837c | No error (0) | mscomajax.vo.msecnd.net | CNAME (Canonical name) | IN (0x0001) | ||
Feb 23, 2021 16:02:21.109530926 CET | 8.8.8.8 | 192.168.2.6 | 0x478e | No error (0) | aadcdnoriginneu.azureedge.net | CNAME (Canonical name) | IN (0x0001) | ||
Feb 23, 2021 16:02:21.109530926 CET | 8.8.8.8 | 192.168.2.6 | 0x478e | No error (0) | 152.199.23.37 | A (IP address) | IN (0x0001) | ||
Feb 23, 2021 16:02:39.257771015 CET | 8.8.8.8 | 192.168.2.6 | 0xe7c5 | No error (0) | 204.93.216.87 | A (IP address) | IN (0x0001) | ||
Feb 23, 2021 16:02:42.947171926 CET | 8.8.8.8 | 192.168.2.6 | 0xd1c0 | No error (0) | 204.93.216.87 | A (IP address) | IN (0x0001) |
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Feb 23, 2021 16:02:19.921765089 CET | 104.16.19.94 | 443 | 192.168.2.6 | 49735 | CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US | CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE | Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020 | Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US | CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE | Mon Jan 27 13:48:08 CET 2020 | Wed Jan 01 00:59:59 CET 2025 | |||||||
Feb 23, 2021 16:02:19.921802998 CET | 104.16.19.94 | 443 | 192.168.2.6 | 49736 | CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US | CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE | Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020 | Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US | CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE | Mon Jan 27 13:48:08 CET 2020 | Wed Jan 01 00:59:59 CET 2025 | |||||||
Feb 23, 2021 16:02:21.315383911 CET | 152.199.23.37 | 443 | 192.168.2.6 | 49745 | CN=aadcdn.msftauth.net, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US | CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US | Thu Jul 09 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013 Fri Nov 10 01:00:00 CET 2006 | Fri Jul 09 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023 Mon Nov 10 01:00:00 CET 2031 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US | CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US | Fri Mar 08 13:00:00 CET 2013 | Wed Mar 08 13:00:00 CET 2023 | |||||||
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US | CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US | Fri Nov 10 01:00:00 CET 2006 | Mon Nov 10 01:00:00 CET 2031 | |||||||
Feb 23, 2021 16:02:21.389024019 CET | 152.199.23.37 | 443 | 192.168.2.6 | 49744 | CN=aadcdn.msftauth.net, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US | CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US | Thu Jul 09 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013 Fri Nov 10 01:00:00 CET 2006 | Fri Jul 09 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023 Mon Nov 10 01:00:00 CET 2031 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0 | 9e10692f1b7f78228b2d4e424db3a98c |
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US | CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US | Fri Mar 08 13:00:00 CET 2013 | Wed Mar 08 13:00:00 CET 2023 | |||||||
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US | CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US | Fri Nov 10 01:00:00 CET 2006 | Mon Nov 10 01:00:00 CET 2031 |
Code Manipulations |
---|
Statistics |
---|
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 16:01:59 |
Start date: | 23/02/2021 |
Path: | C:\Program Files\internet explorer\iexplore.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff721e20000 |
File size: | 823560 bytes |
MD5 hash: | 6465CB92B25A7BC1DF8E01D8AC5E7596 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 16:01:59 |
Start date: | 23/02/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xfb0000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 16:02:16 |
Start date: | 23/02/2021 |
Path: | C:\Program Files\internet explorer\iexplore.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff721e20000 |
File size: | 823560 bytes |
MD5 hash: | 6465CB92B25A7BC1DF8E01D8AC5E7596 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 16:02:17 |
Start date: | 23/02/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xfb0000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 16:02:36 |
Start date: | 23/02/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xfb0000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 16:02:40 |
Start date: | 23/02/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xfb0000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Disassembly |
---|