Play interactive tourEdit tour
Analysis Report https://myeducation.netc.navy.mil/webta/home.html
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
No high impact signatures.
Classification
Analysis Advice |
---|
Joe Sandbox was unable to browse the URL (domain or webserver down or HTTPS issue), try to browse the URL again later |
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis |
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Process Injection1 | Masquerading1 | OS Credential Dumping | File and Directory Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Encrypted Channel2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Process Injection1 | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Application Layer Protocol2 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol3 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Ingress Tool Transfer1 | SIM Card Swap | Carrier Billing Fraud |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
pki.strac.org | 172.67.10.220 | true | false | unknown | |
d1j5ckqeil9o7.cloudfront.net | 13.32.240.46 | true | false | high | |
myeducation.netc.navy.mil | 205.85.30.125 | true | false | high | |
tscp-aia.symauth.com | unknown | unknown | false | high | |
repo.fpki.gov | unknown | unknown | false | unknown | |
crl.disa.mil | unknown | unknown | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
205.85.30.125 | myeducation.netc.navy.mil | United States | 665 | DNIC-ASBLK-00616-00665US | false | |
13.32.240.46 | d1j5ckqeil9o7.cloudfront.net | United States | 16509 | AMAZON-02US | false | |
172.67.10.220 | pki.strac.org | United States | 13335 | CLOUDFLARENETUS | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 387996 |
Start date: | 15.04.2021 |
Start time: | 19:26:33 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 2m 39s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://myeducation.netc.navy.mil/webta/home.html |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 5 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | UNKNOWN |
Classification: | unknown0.win@3/30@6/3 |
Cookbook Comments: |
|
Warnings: | Show All
|
Errors: |
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8794 |
Entropy (8bit): | 7.189814377213339 |
Encrypted: | false |
SSDEEP: | 192:LxBo2jekcxBoVnMOSbhxdp7GNRm3q6Utr3edsi8V:M2jeqnSDYmHo6G |
MD5: | 8B067EC4C0E0C2353D990EDD05108442 |
SHA1: | 6D4372624F0B9A836D24F8BA403DEDA10EAE98CE |
SHA-256: | 8644951D5D9822792F8CF3FB51804223704C6CCAE6FACFB819FE4760E382D908 |
SHA-512: | 671E521B78A9AAB28F84EFA208822207A170D1B81E9311B7D02E18807277AFA031261C477D83F86249B6F42F030ED8D8F5DA336ADE3ACE872EE29E528E21B031 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3222 |
Entropy (8bit): | 7.0573837188650606 |
Encrypted: | false |
SSDEEP: | 96:ZkHZkrdeER7FYQeIIYGkW0Wb4Sf/kHZkrdeER7FYQeIIYGkW0Wb4Sft:ZkHZkrnROQeIDZW0WBkHZkrnROQeIDZI |
MD5: | 24315E9EB2D7FC93B5CD2D5163E81ABF |
SHA1: | 121CE7D9F39AE809B3B9CAB096163FF76ED27F29 |
SHA-256: | AD0FCCB2C4EBFFDDA9F335AF231FD6EE8D676E3376F1C2DA98527C90D188DC7B |
SHA-512: | 2C976D9D7F5DC045E5261C8EC9991F74E53C410078391E3B5AEA1C38F964C9B853C08486A4C742389688E2191793186C98F6698EEA80842A7299C148BD858329 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 22804 |
Entropy (8bit): | 7.055289524775974 |
Encrypted: | false |
SSDEEP: | 384:pjtflgT3u/0qD5wtSfOSmYmXvIjtflgT3u/0qD5wtSfOSmYmXvS:JttgT+/VNNmYttgT+/VNNma |
MD5: | 3A687F8A3C44C5A365A1D07B5A6794EE |
SHA1: | 96BE03CB5230A86370E69EEB515C323C3A148EED |
SHA-256: | E72270E736AD9D9D4F8BBB1DD7B8A7142733DBCE1CD4D6008C8038BB7CF7893E |
SHA-512: | 7F21E5F573870E9BF2825DBCA6A527E1AA4C4D7976F8CAD2AEFC62CFD3A33A94EE3980619A34314B3B6459754D15B8138F2DD95209FD1CFB0D51A1481FB4B9BC |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3674 |
Entropy (8bit): | 6.864983277306207 |
Encrypted: | false |
SSDEEP: | 48:3wlbakE0OdTh98EsaK4fpfyCLCevKmfliJfA6fka9eaBh+6hwlbakE0OdTh98Esv:1kQdThmFSbb8V9kQdThmFSbb8V/ |
MD5: | 361FFBA8D70AA0F452164A539EF08BB4 |
SHA1: | B405699FDDD703865ECD9EBE9018354028DC92DD |
SHA-256: | 77F1D59DC3266A222E162C1FDA2B25162E453A0C2D7EB181544CCD9A9D9C86BD |
SHA-512: | AD10C9138DC048AB6B0C5F8A75462B41971656C83BEAF4D345F8766E99C05941F21C683184B3D044A639CA6350558DD82909BAA7D9333E64CCE868CD84312262 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2342 |
Entropy (8bit): | 7.271019156557249 |
Encrypted: | false |
SSDEEP: | 48:hakWHuwk3teRrPVyqQEakWHuwk3teRrPVyqQi:gkxwkkr/Kkxwkkr/V |
MD5: | 6D3B82B83C29FFFDD4EBA47BE280290E |
SHA1: | AC5FAF8CFBB8C238B89AEEFA1F8867782A086D58 |
SHA-256: | 8DBBDD5E0DB08DEED15C48B14367E7DF1BC5068707355626AF0F8CFB470BF9EF |
SHA-512: | 58351E69ED630012F178251D36AFA3A3586D8EF169C9214883260605C860A44875C6B6178033009DA4BF8F1BC9A5178F25F585FB22E5281F44CE462256880E6A |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11948 |
Entropy (8bit): | 7.0146207866693135 |
Encrypted: | false |
SSDEEP: | 192:9OBiYIFTaTzTIYEIRglV6MQ1ZbTOBiYIFTaTzTIYEIRglV6MQ1ZbJ:9LTKREe1ZPLTKREe1Zd |
MD5: | B8B7C7DFAA295310349F77C9C9EF6D6A |
SHA1: | 999D1D214C90BA26D92DE17A02E4208284D789BE |
SHA-256: | 2B6C767E9DBACBF57D683630072B5DDB7D5E5A28522F21F5C797E4E5234BD35C |
SHA-512: | 638257B07F32A7137475DDD72703119ABC1358E7660E67833429623CCDB6F8E4A44E0C0C62F77A5855C41F1896E538E06E9C4A8A0A9582C57BD9EC27CEA5692B |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 58596 |
Entropy (8bit): | 7.995478615012125 |
Encrypted: | true |
SSDEEP: | 1536:J7r25qSSheImS2zyCvg3nB/QPsBbgwYkGrLMQ:F2qSSwIm1m/QEBbgb1oQ |
MD5: | 61A03D15CF62612F50B74867090DBE79 |
SHA1: | 15228F34067B4B107E917BEBAF17CC7C3C1280A8 |
SHA-256: | F9E23DC21553DAA34C6EB778CD262831E466CE794F4BEA48150E8D70D3E6AF6D |
SHA-512: | 5FECE89CCBBF994E4F1E3EF89A502F25A72F359D445C034682758D26F01D9F3AA20A43010B9A87F2687DA7BA201476922AA46D4906D442D56EB59B2B881259D3 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2678 |
Entropy (8bit): | 7.2151403986024105 |
Encrypted: | false |
SSDEEP: | 48:3CakE0/akWBhMsoI1fe0fgXfoV6ZsAWvuNak+y0CakWBhMsoI18WW1bqplsoVKpx:3DkUkKhAIE0YXTXWv5kGkKhAI6WyGpg7 |
MD5: | F424D34156A7546A06265F49032CC83A |
SHA1: | AE531100FD3F7A464FB95EA341B333DA124F6ABD |
SHA-256: | 160A85CE2C392C2AA9D45450E0A4BB598FA9815CCD97648A6C4F680DD58B4F3F |
SHA-512: | 26F36A7C722EAD0C1ACC150B9993D41ED597C351EF7605F2FF060FA79372122DC09ADCFE44C852244F971DD48C9141CA45473A9DC44B610C32FC0F2BC7BB5807 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | modified |
Size (bytes): | 282 |
Entropy (8bit): | 3.055560822389197 |
Encrypted: | false |
SSDEEP: | 3:kkFklfz/XfllXlE/u+e7ldlll1aMKxtDolNWFIwILqyt+61MbA+6lklLdS0HnOl5:kKsrrllKbc8F/ImR0ME+rS3eMalAl5t |
MD5: | D9ABFF3A50DFBFDE7431311664DE1576 |
SHA1: | 58D3ABC0C82BC6E781D5D160B32ECE3F3E9DA53C |
SHA-256: | D32B990C7B6AF2D4BE049671B7F618EDE3DAF3DB953E5015029A53E64BFFF16A |
SHA-512: | 83EB960193DB957AF9C6728E3C10094ABAABEC38FFDA6571D12615B250E6C30A49B2571317421EE815D200A48D8A2FDD0BB5E1E3162FF486E576B77F0863256A |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 680 |
Entropy (8bit): | 3.3661563829433523 |
Encrypted: | false |
SSDEEP: | 12:vQlhMN42l2myuqwpOvHwIjQlhMN42l2myuqwpOvHwIz:vDNnyuqfzDNnyuqfD |
MD5: | DEC6D62C7E60DF6767BEDC47D777674C |
SHA1: | 24998C91C77CBA55D8EDA4F443012D3B600FC9FE |
SHA-256: | EAF81967F526103D18677A35AF3F11EA8D8D2D8F6A25EC2925E4AA7260AC858F |
SHA-512: | FD2B7B43C47B717B1DF809A6D7DCA557260BE89A33244B254EF4A7CDD77384FCDB630216350AA7C9EB25EE89F442CDDBD897B4B06772B0D13938197DDDD776EA |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 532 |
Entropy (8bit): | 3.2269132061645687 |
Encrypted: | false |
SSDEEP: | 12:r/IkL3/OdpwFNtktuSKVyOdpwFNtktuSKz:zIkL3ip6/ktuSYyKp6/ktuS8 |
MD5: | 9913ACE52DF62C82ECE4B9D8B134AB7B |
SHA1: | B76B587507C7DD543F194E474D08C73A9D1FD677 |
SHA-256: | 1548FCFCAFF975A51139404CB5C2E05522898BE50EA03B8EFE9D529963E2857E |
SHA-512: | CBDDC5E8AAA0F7C47F2EF7A326F7085CABD75DB93DE24E20EC65FF4C504CC9F434EE45DA330165310270D30D9ACFD7A5820BA6AAC4D0B9D37D6CCDC0A1AAC54A |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 656 |
Entropy (8bit): | 3.3497903198617016 |
Encrypted: | false |
SSDEEP: | 12:pCI4rlnR2MNumCqwTpInsd6bCI4rlnR2MNumCqwTpInsd6/:pVCN6qoIn9bVCN6qoIn9/ |
MD5: | 71DE166D0D2B2B0A152DD9342C8CC7D8 |
SHA1: | CCD78852E407F479D1693E186782DBDB4B076B9C |
SHA-256: | FD258ED542F6C913374DC03541FC6BCA4E3134B665C7BFA0152F7EB889C2E568 |
SHA-512: | F25468AC53A3A8C62155EB647EDF12B84AB24EBA726FB148024DB634606AE3A0963A9677701DF3BE8B4AD5DC3E7A08C120D287414DADADE4BC9594D3D0A154A6 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 564 |
Entropy (8bit): | 3.1890360612633852 |
Encrypted: | false |
SSDEEP: | 12:ea19ln3lmB2oM8dxEl7lN/a19ln3lmB2oM8dxEl7lW:esXIAoVdxKhN/sXIAoVdxKhW |
MD5: | EA380E830ECB258B1AA51239DE7FB84C |
SHA1: | 878DD2B785CB2BED11BE2EF28CB974727C4C3315 |
SHA-256: | 949D576A27661BEECEE31B7D14D26EF567476ECFC0C11D9AA268302527EF8E57 |
SHA-512: | 084E177DD4CB677BA5AD3BE078A0CB607FB6EDE7D82EEBB1E213A48B11993278CD6EC040492737C819E4B33E7CBCBB45BAD536A90238653820835032F492075E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 504 |
Entropy (8bit): | 3.0768516116662443 |
Encrypted: | false |
SSDEEP: | 6:kKdz+li9ldCgilKH+IwUQo1ByJKDFz+li9ldCgilKH+IwUQo1Byo:F5Egila3p/1Uk5Egila3p/1Uo |
MD5: | 89AC8348DDA153E48E3BE5834EE5D8A3 |
SHA1: | 47D1C923EFF18DB1CFD2704B8FB03778F3CE41EA |
SHA-256: | F83E004411AE34F094BAE03CBED95C80C783DC1EA5E8FF768C8578DFDFA55D6D |
SHA-512: | 7E291983486537525786DC56DB9660EAAEA73109145C9BF6DC1CA3664D6C7D6484358426B43E3D0ADBB9813877ECF0224255EB11F3B4A03A629DC7DECF61F9C7 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 3.11466556781601 |
Encrypted: | false |
SSDEEP: | 6:kKGHlywTJ6YN+SkQlPlEGYRMY9z+4KlDA3RUe0ht:uFywTJ6HkPlE99SNxAhUe0ht |
MD5: | 8566DB40C5F235CAD7799C6938C38EA2 |
SHA1: | 45B1AE338BCD9D3A248443A328B9A23CFC1E7134 |
SHA-256: | 154B29CA1B2D0F71A6592DE715834DE44B486B2C1106474D7246D6B1F80B66E5 |
SHA-512: | B386180B16D07C1066F14F90991EFA927FA59783F5A6CEAFBECDBF5A50496B73F862E467F9BDF86977E99A546F0415A01396B498483EE27B260B3DAE1BA6C010 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 296 |
Entropy (8bit): | 3.2393977152987743 |
Encrypted: | false |
SSDEEP: | 3:kkFklg+azllXfllXlE/dDzOlz/l7hD8x3eJ1tTD7a3QnbxlRTHVIdTklURl39lUL:kKZDllSmRlEMtnuAbVZIylC9lUwdGhh |
MD5: | 0EEDDA9D3C5F56E26DC48404109F2C2C |
SHA1: | 4CCAAAE232FAC8189D6ABEDB5B8CD27C7E4DB3F5 |
SHA-256: | 02966996A8F2ACE506EB31D1ECCBF0ED6AA17672CC29549B30955C30768F5A3D |
SHA-512: | CB32A86369C9C7A9FA8D92CDEFC215BDED5489F711175CF795B458D6AFD0B85A601675845A6CF8ADEA6078A1365B3445A7C2114E88D736D31F6909B738826684 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30296 |
Entropy (8bit): | 1.8532784143208823 |
Encrypted: | false |
SSDEEP: | 192:rFZcpZhk25fWvetxifMpHzMHPBq1D5sfQpWjX:rLc/hz5uveOdZ28J |
MD5: | 2631DAF4AC5B2A4BDFBFC633F8F1CAC1 |
SHA1: | 9B7E4CBB3F3907F4257B5E6A312D799CE9F7B29E |
SHA-256: | 371ED28A4A32CA91A2A268EB0149ACE8C41F2A654AA106841DEA72B74EBD4A4E |
SHA-512: | 65E79A21BFC4474A59B9A909A205254788DAF7B24963DC244E0B3DBF52E1678FEA62D5E6C51623D6861AFCA56D1A9870800ED89586D43294FD10F1A9C13D1CF8 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24208 |
Entropy (8bit): | 1.6365163764091282 |
Encrypted: | false |
SSDEEP: | 48:IwCGcprnGwpaQMG4pQW+GrapbSMGQpBiGHHpcnTGUp8qGzYpm+XGopFkkgoGCXpm:r2ZxQB6bBSEj52xWWMSrAWg |
MD5: | D30FE6F44C0340A66DCF56DDFFE29B97 |
SHA1: | 7768F345401619AF55EC57F3B03CEC4E3656630C |
SHA-256: | EA2617C7E8F8695D30128D606A67DF69EFB535AD36005E8CC9DDFE6EAE87FB03 |
SHA-512: | BD85504D333C30FB7D2CD6D22B932E87D8535E09DE45129743A98468AEA50F9D85D29A5CAF15E8F25A5EA1DD6AAB4FC6F433AFC90F73C13133DEB840A8CBEC57 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16984 |
Entropy (8bit): | 1.563909790018671 |
Encrypted: | false |
SSDEEP: | 48:Iw5GcprQGwpan1G4pQxnGrapbSSGQpKxG7HpR+TGIpG:rfZ4Qn6tBS6AgT6A |
MD5: | 260D19692FF9D29C3EBB07448AA83A16 |
SHA1: | 5186DAF1ACF2D86125E69469C582EB0AC22D770A |
SHA-256: | A4AA8858A9A67B293781672729E8CD441BB7216619309A4A28D27A7DC4138111 |
SHA-512: | 568058AA0B29D1C77435ECA4DF91D224169D066A5E54F2807D45A43857BF72EBD8A51588BB398F532E7AD640BA176C1859EB26E341B4941530A19BDE15B64B58 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1612 |
Entropy (8bit): | 4.869554560514657 |
Encrypted: | false |
SSDEEP: | 24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk |
MD5: | DFEABDE84792228093A5A270352395B6 |
SHA1: | E41258C9576721025926326F76063C2305586F76 |
SHA-256: | 77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075 |
SHA-512: | E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD |
Malicious: | false |
Reputation: | low |
IE Cache URL: | res://ieframe.dll/newErrorPageTemplate.css |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 17542 |
Entropy (8bit): | 5.098535207562026 |
Encrypted: | false |
SSDEEP: | 192:y0lg+tOJclE3toiTKNJP8TWhmikcl9DppA2ecyg39u3RwXx1hWrERtSb:yEtOJ5NS0TSkEVeKKRwXxTWriSb |
MD5: | 7AC3FA54ED226CA44CEB994249E5C306 |
SHA1: | 5FB7BE5D722DA876F62F0ADEF5C9A7D86D05688C |
SHA-256: | AA2C5D165A9D1C383EB954B2BAFD118B6FE5200AA7EE3D83501D6F08149B825F |
SHA-512: | B64351D281939F5B65C9BF0076C228182B86BDAC09959B8B2D530919AA747C840779EEA877B99938F2D33F359BB766095940974606D18C56B574B4691AE81BFF |
Malicious: | false |
Reputation: | low |
IE Cache URL: | res://ieframe.dll/shieldcheck.ico |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 748 |
Entropy (8bit): | 7.249606135668305 |
Encrypted: | false |
SSDEEP: | 12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE |
MD5: | C4F558C4C8B56858F15C09037CD6625A |
SHA1: | EE497CC061D6A7A59BB66DEFEA65F9A8145BA240 |
SHA-256: | 39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781 |
SHA-512: | D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | res://ieframe.dll/down.png |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 2865 |
Entropy (8bit): | 5.408065735824215 |
Encrypted: | false |
SSDEEP: | 48:mPntofz4/i5DjktylVDJltwNWwzyRpigHAQLWnMxTUfMAbitRpigWYTGJywzwy/z:SE4a5HlVDJANSpiCWn5fmpiee1 |
MD5: | B8889E2796DD23C19DAA9BD263AE3C26 |
SHA1: | 3B0E097ADED1C821665DA56D72909A7DB5B922E4 |
SHA-256: | 8772217BBD9517BE03DD209D1323FC2D46108D39C97DF590F2C05BF53A173C7C |
SHA-512: | 24591C6428A90ACD22688989ED340068A3D977B2F7280D8BD002A6A43FBD1C22203FC34D24E1A3D7C6AAC7865BE36C50223563CDE31CED36F4324C5AF05016FB |
Malicious: | false |
Reputation: | low |
IE Cache URL: | res://ieframe.dll/invalidcert.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 12105 |
Entropy (8bit): | 5.451485481468043 |
Encrypted: | false |
SSDEEP: | 192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f |
MD5: | 9234071287E637F85D721463C488704C |
SHA1: | CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152 |
SHA-256: | 65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649 |
SHA-512: | 87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | res://ieframe.dll/httpErrorPagesScripts.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 2747 |
Entropy (8bit): | 4.6225918717514975 |
Encrypted: | false |
SSDEEP: | 48:u7IEcY3V4VboHFmpsAgXtRkpNc7KaAkOtjH9gl:MioHsUXEG7XrOtul |
MD5: | B57B31E5FF628B5C319C902C1388164D |
SHA1: | 33E30D7CC1BC64D8C966B65F8701A3473CBF9A40 |
SHA-256: | 5F6258FE7C308635635E500903D767572372A0AEA4947C1A4BD61B4687F14036 |
SHA-512: | 077B400E107BD83A18AE46416658AD36561B2FEB87D967A957D8E67DDCB34AF83D198C5C1C422EC80803CC8B3DD70A788DD983F275B78B937FF3ECF89919C378 |
Malicious: | false |
Reputation: | low |
IE Cache URL: | res://ieframe.dll/invalidcert.htm?SSLError=16777216 |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 4720 |
Entropy (8bit): | 5.164796203267696 |
Encrypted: | false |
SSDEEP: | 96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk |
MD5: | D65EC06F21C379C87040B83CC1ABAC6B |
SHA1: | 208D0A0BB775661758394BE7E4AFB18357E46C8B |
SHA-256: | A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F |
SHA-512: | 8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E |
Malicious: | false |
Reputation: | low |
IE Cache URL: | res://ieframe.dll/errorPageStrings.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 29926 |
Entropy (8bit): | 5.629688416465816 |
Encrypted: | false |
SSDEEP: | 768:2ztZurROSBfIWD9UAv5OUcl2RCaNZ383b/gmBXqPsdEL:ld1mWJbROUclm9L8romBXqPbL |
MD5: | A6696B2897CA69CFE271504ADCC37E72 |
SHA1: | ABD3EA2B0D0A345E148A8F3503C1C30D221EE98B |
SHA-256: | F0F08719B27A039C0E9D402AD84AFC2CD8E6E9072A7D90FA0F8E33F47B9F7CEA |
SHA-512: | 857DBBBC33551CCBF63BFCD2DD03DEB8FE67E85B7753C31A82BC57028139692466D843AB1288896007CBD0BA994DDF1C80C0ACEDF1763EED0D0FC29F5AF2847B |
Malicious: | false |
Reputation: | low |
IE Cache URL: | res://ieframe.dll/shieldcritical.ico |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | modified |
Size (bytes): | 25441 |
Entropy (8bit): | 0.3896561746652212 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laAYSrPDjcOfb:kBqoxxJhHWSVSEabYSrPDQrNvXvN/O |
MD5: | 657F374CE750980EC1B1C36F51ED1F20 |
SHA1: | 3B95BC94D12E9D3BB80EBE7EB7234601AE0B43E0 |
SHA-256: | EB1B65A26C54F8FEEEDBCB78BC46F3D9E3819D7C7EDEF8E2F4E0ABA2F9073E87 |
SHA-512: | F261A02103EDE4BDA9160ACEA36DB406A680667E60961F1F77D1252EF181B6C7F297E5E06BC6051B841E839E9C58CCAE49B0657FA04A5F9B2591B09AB237091E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 34401 |
Entropy (8bit): | 0.356880123050665 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lRg9lRA9lTS9lTy9lSSd9lSSd9lwxD29lwxFc9l2xM9l25:kBqoxKAuvScS+vRT6+I+Hkkf |
MD5: | 579C1DF5AC23B418D5A6DFDD460F9A95 |
SHA1: | 9C4021CE122E322123BB9C762CB22D292072EC4A |
SHA-256: | F553D5DA75D320F1F5445C9CBCD33443C44CBA4D366ADF181BE94F65465E1653 |
SHA-512: | D883DA7D5D7178E48847C106716D0296A6FE819B36F9BCACBA302C517ED5B44D5E4B7B83A7740C8A1587B60D80DD566535B4481486B1F059EF8E72C19A74239F |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13029 |
Entropy (8bit): | 0.48184464067967564 |
Encrypted: | false |
SSDEEP: | 12:c9lCg5/9lCgeK9l26an9l26an9l8fR49l8fRI9lTqaSXQ7:c9lLh9lLh9lIn9lIn9lo49loI9lWakW |
MD5: | 94C5DD0BF29C315F4EF74BFF44D61348 |
SHA1: | 1BCB79E873BAFC4EEC7DEFD84D8DC59CEC9CA180 |
SHA-256: | 71BEB13892B8A5D95D9852FC0FEE46B7682C85CBC8134A2D3ADDC41E6B8E0B5A |
SHA-512: | 9C670DCCEB6EC676EE321EADA8A7B357DE775C137849FB3CE6C883697690EDF61150B27F12DDCF0ACA566ED28DCE92641374C4A553D67FDA31D7361A90F639A3 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
No static file info |
---|
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 15, 2021 19:27:25.314497948 CEST | 49696 | 443 | 192.168.2.7 | 205.85.30.125 |
Apr 15, 2021 19:27:25.314543009 CEST | 49697 | 443 | 192.168.2.7 | 205.85.30.125 |
Apr 15, 2021 19:27:25.508586884 CEST | 443 | 49696 | 205.85.30.125 | 192.168.2.7 |
Apr 15, 2021 19:27:25.508622885 CEST | 443 | 49697 | 205.85.30.125 | 192.168.2.7 |
Apr 15, 2021 19:27:25.508791924 CEST | 49696 | 443 | 192.168.2.7 | 205.85.30.125 |
Apr 15, 2021 19:27:25.508850098 CEST | 49697 | 443 | 192.168.2.7 | 205.85.30.125 |
Apr 15, 2021 19:27:25.550424099 CEST | 49697 | 443 | 192.168.2.7 | 205.85.30.125 |
Apr 15, 2021 19:27:25.551069021 CEST | 49696 | 443 | 192.168.2.7 | 205.85.30.125 |
Apr 15, 2021 19:27:25.746304989 CEST | 443 | 49697 | 205.85.30.125 | 192.168.2.7 |
Apr 15, 2021 19:27:25.746350050 CEST | 443 | 49697 | 205.85.30.125 | 192.168.2.7 |
Apr 15, 2021 19:27:25.746429920 CEST | 49697 | 443 | 192.168.2.7 | 205.85.30.125 |
Apr 15, 2021 19:27:25.746471882 CEST | 49697 | 443 | 192.168.2.7 | 205.85.30.125 |
Apr 15, 2021 19:27:26.043972969 CEST | 49696 | 443 | 192.168.2.7 | 205.85.30.125 |
Apr 15, 2021 19:27:26.240171909 CEST | 443 | 49696 | 205.85.30.125 | 192.168.2.7 |
Apr 15, 2021 19:27:26.240199089 CEST | 443 | 49696 | 205.85.30.125 | 192.168.2.7 |
Apr 15, 2021 19:27:26.240474939 CEST | 49696 | 443 | 192.168.2.7 | 205.85.30.125 |
Apr 15, 2021 19:27:27.642443895 CEST | 49702 | 80 | 192.168.2.7 | 13.32.240.46 |
Apr 15, 2021 19:27:27.643280983 CEST | 49703 | 80 | 192.168.2.7 | 13.32.240.46 |
Apr 15, 2021 19:27:27.690093994 CEST | 80 | 49702 | 13.32.240.46 | 192.168.2.7 |
Apr 15, 2021 19:27:27.690210104 CEST | 49702 | 80 | 192.168.2.7 | 13.32.240.46 |
Apr 15, 2021 19:27:27.690902948 CEST | 49702 | 80 | 192.168.2.7 | 13.32.240.46 |
Apr 15, 2021 19:27:27.691783905 CEST | 80 | 49703 | 13.32.240.46 | 192.168.2.7 |
Apr 15, 2021 19:27:27.691904068 CEST | 49703 | 80 | 192.168.2.7 | 13.32.240.46 |
Apr 15, 2021 19:27:27.692351103 CEST | 49703 | 80 | 192.168.2.7 | 13.32.240.46 |
Apr 15, 2021 19:27:27.738490105 CEST | 80 | 49702 | 13.32.240.46 | 192.168.2.7 |
Apr 15, 2021 19:27:27.739906073 CEST | 80 | 49703 | 13.32.240.46 | 192.168.2.7 |
Apr 15, 2021 19:27:27.742712021 CEST | 80 | 49702 | 13.32.240.46 | 192.168.2.7 |
Apr 15, 2021 19:27:27.742753983 CEST | 80 | 49702 | 13.32.240.46 | 192.168.2.7 |
Apr 15, 2021 19:27:27.742780924 CEST | 80 | 49702 | 13.32.240.46 | 192.168.2.7 |
Apr 15, 2021 19:27:27.742808104 CEST | 80 | 49702 | 13.32.240.46 | 192.168.2.7 |
Apr 15, 2021 19:27:27.742815018 CEST | 49702 | 80 | 192.168.2.7 | 13.32.240.46 |
Apr 15, 2021 19:27:27.742835045 CEST | 80 | 49702 | 13.32.240.46 | 192.168.2.7 |
Apr 15, 2021 19:27:27.742857933 CEST | 49702 | 80 | 192.168.2.7 | 13.32.240.46 |
Apr 15, 2021 19:27:27.742863894 CEST | 80 | 49702 | 13.32.240.46 | 192.168.2.7 |
Apr 15, 2021 19:27:27.742892027 CEST | 80 | 49702 | 13.32.240.46 | 192.168.2.7 |
Apr 15, 2021 19:27:27.742914915 CEST | 49702 | 80 | 192.168.2.7 | 13.32.240.46 |
Apr 15, 2021 19:27:27.742921114 CEST | 80 | 49702 | 13.32.240.46 | 192.168.2.7 |
Apr 15, 2021 19:27:27.742949963 CEST | 80 | 49702 | 13.32.240.46 | 192.168.2.7 |
Apr 15, 2021 19:27:27.742995024 CEST | 49702 | 80 | 192.168.2.7 | 13.32.240.46 |
Apr 15, 2021 19:27:27.770979881 CEST | 80 | 49703 | 13.32.240.46 | 192.168.2.7 |
Apr 15, 2021 19:27:27.771027088 CEST | 80 | 49703 | 13.32.240.46 | 192.168.2.7 |
Apr 15, 2021 19:27:27.771056890 CEST | 80 | 49703 | 13.32.240.46 | 192.168.2.7 |
Apr 15, 2021 19:27:27.771085024 CEST | 80 | 49703 | 13.32.240.46 | 192.168.2.7 |
Apr 15, 2021 19:27:27.771110058 CEST | 80 | 49703 | 13.32.240.46 | 192.168.2.7 |
Apr 15, 2021 19:27:27.771135092 CEST | 49703 | 80 | 192.168.2.7 | 13.32.240.46 |
Apr 15, 2021 19:27:27.771137953 CEST | 80 | 49703 | 13.32.240.46 | 192.168.2.7 |
Apr 15, 2021 19:27:27.771163940 CEST | 80 | 49703 | 13.32.240.46 | 192.168.2.7 |
Apr 15, 2021 19:27:27.771189928 CEST | 80 | 49703 | 13.32.240.46 | 192.168.2.7 |
Apr 15, 2021 19:27:27.771193981 CEST | 49703 | 80 | 192.168.2.7 | 13.32.240.46 |
Apr 15, 2021 19:27:27.771236897 CEST | 80 | 49703 | 13.32.240.46 | 192.168.2.7 |
Apr 15, 2021 19:27:27.771262884 CEST | 49703 | 80 | 192.168.2.7 | 13.32.240.46 |
Apr 15, 2021 19:27:27.934776068 CEST | 49703 | 80 | 192.168.2.7 | 13.32.240.46 |
Apr 15, 2021 19:27:27.983948946 CEST | 49697 | 443 | 192.168.2.7 | 205.85.30.125 |
Apr 15, 2021 19:27:28.130330086 CEST | 49707 | 80 | 192.168.2.7 | 172.67.10.220 |
Apr 15, 2021 19:27:28.139720917 CEST | 443 | 49697 | 205.85.30.125 | 192.168.2.7 |
Apr 15, 2021 19:27:28.171583891 CEST | 80 | 49707 | 172.67.10.220 | 192.168.2.7 |
Apr 15, 2021 19:27:28.171713114 CEST | 49707 | 80 | 192.168.2.7 | 172.67.10.220 |
Apr 15, 2021 19:27:28.172209978 CEST | 49707 | 80 | 192.168.2.7 | 172.67.10.220 |
Apr 15, 2021 19:27:28.175429106 CEST | 443 | 49697 | 205.85.30.125 | 192.168.2.7 |
Apr 15, 2021 19:27:28.175508022 CEST | 49697 | 443 | 192.168.2.7 | 205.85.30.125 |
Apr 15, 2021 19:27:28.213222980 CEST | 80 | 49707 | 172.67.10.220 | 192.168.2.7 |
Apr 15, 2021 19:27:28.390650988 CEST | 80 | 49707 | 172.67.10.220 | 192.168.2.7 |
Apr 15, 2021 19:27:28.390685081 CEST | 80 | 49707 | 172.67.10.220 | 192.168.2.7 |
Apr 15, 2021 19:27:28.390708923 CEST | 80 | 49707 | 172.67.10.220 | 192.168.2.7 |
Apr 15, 2021 19:27:28.390732050 CEST | 80 | 49707 | 172.67.10.220 | 192.168.2.7 |
Apr 15, 2021 19:27:28.390748024 CEST | 49707 | 80 | 192.168.2.7 | 172.67.10.220 |
Apr 15, 2021 19:27:28.390773058 CEST | 49707 | 80 | 192.168.2.7 | 172.67.10.220 |
Apr 15, 2021 19:27:28.390785933 CEST | 80 | 49707 | 172.67.10.220 | 192.168.2.7 |
Apr 15, 2021 19:27:28.402982950 CEST | 80 | 49707 | 172.67.10.220 | 192.168.2.7 |
Apr 15, 2021 19:27:28.403048992 CEST | 80 | 49707 | 172.67.10.220 | 192.168.2.7 |
Apr 15, 2021 19:27:28.403074026 CEST | 80 | 49707 | 172.67.10.220 | 192.168.2.7 |
Apr 15, 2021 19:27:28.403084040 CEST | 49707 | 80 | 192.168.2.7 | 172.67.10.220 |
Apr 15, 2021 19:27:28.403142929 CEST | 49707 | 80 | 192.168.2.7 | 172.67.10.220 |
Apr 15, 2021 19:27:28.419789076 CEST | 49696 | 443 | 192.168.2.7 | 205.85.30.125 |
Apr 15, 2021 19:27:28.575675011 CEST | 443 | 49696 | 205.85.30.125 | 192.168.2.7 |
Apr 15, 2021 19:27:28.611367941 CEST | 443 | 49696 | 205.85.30.125 | 192.168.2.7 |
Apr 15, 2021 19:27:28.611476898 CEST | 49696 | 443 | 192.168.2.7 | 205.85.30.125 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 15, 2021 19:27:15.599970102 CEST | 57820 | 53 | 192.168.2.7 | 8.8.8.8 |
Apr 15, 2021 19:27:15.648727894 CEST | 53 | 57820 | 8.8.8.8 | 192.168.2.7 |
Apr 15, 2021 19:27:16.942387104 CEST | 50848 | 53 | 192.168.2.7 | 8.8.8.8 |
Apr 15, 2021 19:27:16.991553068 CEST | 53 | 50848 | 8.8.8.8 | 192.168.2.7 |
Apr 15, 2021 19:27:17.793109894 CEST | 61242 | 53 | 192.168.2.7 | 8.8.8.8 |
Apr 15, 2021 19:27:17.841767073 CEST | 53 | 61242 | 8.8.8.8 | 192.168.2.7 |
Apr 15, 2021 19:27:19.118626118 CEST | 58562 | 53 | 192.168.2.7 | 8.8.8.8 |
Apr 15, 2021 19:27:19.167558908 CEST | 53 | 58562 | 8.8.8.8 | 192.168.2.7 |
Apr 15, 2021 19:27:20.130038977 CEST | 56590 | 53 | 192.168.2.7 | 8.8.8.8 |
Apr 15, 2021 19:27:20.181617022 CEST | 53 | 56590 | 8.8.8.8 | 192.168.2.7 |
Apr 15, 2021 19:27:21.773142099 CEST | 60501 | 53 | 192.168.2.7 | 8.8.8.8 |
Apr 15, 2021 19:27:21.823417902 CEST | 53 | 60501 | 8.8.8.8 | 192.168.2.7 |
Apr 15, 2021 19:27:22.796109915 CEST | 53775 | 53 | 192.168.2.7 | 8.8.8.8 |
Apr 15, 2021 19:27:22.845909119 CEST | 53 | 53775 | 8.8.8.8 | 192.168.2.7 |
Apr 15, 2021 19:27:23.197984934 CEST | 51837 | 53 | 192.168.2.7 | 8.8.8.8 |
Apr 15, 2021 19:27:23.264281034 CEST | 53 | 51837 | 8.8.8.8 | 192.168.2.7 |
Apr 15, 2021 19:27:24.390021086 CEST | 55411 | 53 | 192.168.2.7 | 8.8.8.8 |
Apr 15, 2021 19:27:24.460256100 CEST | 63668 | 53 | 192.168.2.7 | 8.8.8.8 |
Apr 15, 2021 19:27:24.508939028 CEST | 53 | 63668 | 8.8.8.8 | 192.168.2.7 |
Apr 15, 2021 19:27:25.300004959 CEST | 53 | 55411 | 8.8.8.8 | 192.168.2.7 |
Apr 15, 2021 19:27:25.562092066 CEST | 54640 | 53 | 192.168.2.7 | 8.8.8.8 |
Apr 15, 2021 19:27:25.610925913 CEST | 53 | 54640 | 8.8.8.8 | 192.168.2.7 |
Apr 15, 2021 19:27:26.020559072 CEST | 58739 | 53 | 192.168.2.7 | 8.8.8.8 |
Apr 15, 2021 19:27:26.522377968 CEST | 53 | 58739 | 8.8.8.8 | 192.168.2.7 |
Apr 15, 2021 19:27:26.570334911 CEST | 60338 | 53 | 192.168.2.7 | 8.8.8.8 |
Apr 15, 2021 19:27:26.822757959 CEST | 58717 | 53 | 192.168.2.7 | 8.8.8.8 |
Apr 15, 2021 19:27:26.882873058 CEST | 53 | 58717 | 8.8.8.8 | 192.168.2.7 |
Apr 15, 2021 19:27:27.064956903 CEST | 53 | 60338 | 8.8.8.8 | 192.168.2.7 |
Apr 15, 2021 19:27:27.576282978 CEST | 59762 | 53 | 192.168.2.7 | 8.8.8.8 |
Apr 15, 2021 19:27:27.641107082 CEST | 53 | 59762 | 8.8.8.8 | 192.168.2.7 |
Apr 15, 2021 19:27:27.813436031 CEST | 54329 | 53 | 192.168.2.7 | 8.8.8.8 |
Apr 15, 2021 19:27:27.874254942 CEST | 53 | 54329 | 8.8.8.8 | 192.168.2.7 |
Apr 15, 2021 19:27:27.906048059 CEST | 58052 | 53 | 192.168.2.7 | 8.8.8.8 |
Apr 15, 2021 19:27:27.954648018 CEST | 53 | 58052 | 8.8.8.8 | 192.168.2.7 |
Apr 15, 2021 19:27:28.027218103 CEST | 54008 | 53 | 192.168.2.7 | 8.8.8.8 |
Apr 15, 2021 19:27:28.128994942 CEST | 53 | 54008 | 8.8.8.8 | 192.168.2.7 |
Apr 15, 2021 19:27:28.807553053 CEST | 59451 | 53 | 192.168.2.7 | 8.8.8.8 |
Apr 15, 2021 19:27:28.856312990 CEST | 53 | 59451 | 8.8.8.8 | 192.168.2.7 |
Apr 15, 2021 19:27:29.596018076 CEST | 52914 | 53 | 192.168.2.7 | 8.8.8.8 |
Apr 15, 2021 19:27:29.647528887 CEST | 53 | 52914 | 8.8.8.8 | 192.168.2.7 |
Apr 15, 2021 19:27:30.410413027 CEST | 64569 | 53 | 192.168.2.7 | 8.8.8.8 |
Apr 15, 2021 19:27:30.462107897 CEST | 53 | 64569 | 8.8.8.8 | 192.168.2.7 |
Apr 15, 2021 19:27:31.787549019 CEST | 52816 | 53 | 192.168.2.7 | 8.8.8.8 |
Apr 15, 2021 19:27:31.836205006 CEST | 53 | 52816 | 8.8.8.8 | 192.168.2.7 |
Apr 15, 2021 19:27:33.069658041 CEST | 50781 | 53 | 192.168.2.7 | 8.8.8.8 |
Apr 15, 2021 19:27:33.118467093 CEST | 53 | 50781 | 8.8.8.8 | 192.168.2.7 |
Apr 15, 2021 19:27:34.479398966 CEST | 54230 | 53 | 192.168.2.7 | 8.8.8.8 |
Apr 15, 2021 19:27:34.528060913 CEST | 53 | 54230 | 8.8.8.8 | 192.168.2.7 |
Apr 15, 2021 19:27:35.661720991 CEST | 54911 | 53 | 192.168.2.7 | 8.8.8.8 |
Apr 15, 2021 19:27:35.710442066 CEST | 53 | 54911 | 8.8.8.8 | 192.168.2.7 |
Apr 15, 2021 19:27:36.565779924 CEST | 49958 | 53 | 192.168.2.7 | 8.8.8.8 |
Apr 15, 2021 19:27:36.615951061 CEST | 53 | 49958 | 8.8.8.8 | 192.168.2.7 |
Apr 15, 2021 19:27:43.940438032 CEST | 50860 | 53 | 192.168.2.7 | 8.8.8.8 |
Apr 15, 2021 19:27:43.997816086 CEST | 53 | 50860 | 8.8.8.8 | 192.168.2.7 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Apr 15, 2021 19:27:24.390021086 CEST | 192.168.2.7 | 8.8.8.8 | 0xd9ac | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 15, 2021 19:27:26.020559072 CEST | 192.168.2.7 | 8.8.8.8 | 0x72db | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 15, 2021 19:27:26.570334911 CEST | 192.168.2.7 | 8.8.8.8 | 0xbbbe | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 15, 2021 19:27:27.576282978 CEST | 192.168.2.7 | 8.8.8.8 | 0x471b | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 15, 2021 19:27:27.813436031 CEST | 192.168.2.7 | 8.8.8.8 | 0xf17d | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 15, 2021 19:27:28.027218103 CEST | 192.168.2.7 | 8.8.8.8 | 0xbf75 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Apr 15, 2021 19:27:25.300004959 CEST | 8.8.8.8 | 192.168.2.7 | 0xd9ac | No error (0) | 205.85.30.125 | A (IP address) | IN (0x0001) | ||
Apr 15, 2021 19:27:26.522377968 CEST | 8.8.8.8 | 192.168.2.7 | 0x72db | No error (0) | crl.disa.mil.apps.gcds.disa.mil | CNAME (Canonical name) | IN (0x0001) | ||
Apr 15, 2021 19:27:26.522377968 CEST | 8.8.8.8 | 192.168.2.7 | 0x72db | No error (0) | crl.disa.mil.edgekey.net | CNAME (Canonical name) | IN (0x0001) | ||
Apr 15, 2021 19:27:27.064956903 CEST | 8.8.8.8 | 192.168.2.7 | 0xbbbe | No error (0) | crl.disa.mil.apps.gcds.disa.mil | CNAME (Canonical name) | IN (0x0001) | ||
Apr 15, 2021 19:27:27.064956903 CEST | 8.8.8.8 | 192.168.2.7 | 0xbbbe | No error (0) | crl.disa.mil.edgekey.net | CNAME (Canonical name) | IN (0x0001) | ||
Apr 15, 2021 19:27:27.641107082 CEST | 8.8.8.8 | 192.168.2.7 | 0x471b | No error (0) | d1j5ckqeil9o7.cloudfront.net | CNAME (Canonical name) | IN (0x0001) | ||
Apr 15, 2021 19:27:27.641107082 CEST | 8.8.8.8 | 192.168.2.7 | 0x471b | No error (0) | 13.32.240.46 | A (IP address) | IN (0x0001) | ||
Apr 15, 2021 19:27:27.641107082 CEST | 8.8.8.8 | 192.168.2.7 | 0x471b | No error (0) | 13.32.240.57 | A (IP address) | IN (0x0001) | ||
Apr 15, 2021 19:27:27.641107082 CEST | 8.8.8.8 | 192.168.2.7 | 0x471b | No error (0) | 13.32.240.121 | A (IP address) | IN (0x0001) | ||
Apr 15, 2021 19:27:27.641107082 CEST | 8.8.8.8 | 192.168.2.7 | 0x471b | No error (0) | 13.32.240.61 | A (IP address) | IN (0x0001) | ||
Apr 15, 2021 19:27:27.874254942 CEST | 8.8.8.8 | 192.168.2.7 | 0xf17d | No error (0) | crl-symcprod.digicert.com | CNAME (Canonical name) | IN (0x0001) | ||
Apr 15, 2021 19:27:28.128994942 CEST | 8.8.8.8 | 192.168.2.7 | 0xbf75 | No error (0) | 172.67.10.220 | A (IP address) | IN (0x0001) | ||
Apr 15, 2021 19:27:28.128994942 CEST | 8.8.8.8 | 192.168.2.7 | 0xbf75 | No error (0) | 104.22.9.226 | A (IP address) | IN (0x0001) | ||
Apr 15, 2021 19:27:28.128994942 CEST | 8.8.8.8 | 192.168.2.7 | 0xbf75 | No error (0) | 104.22.8.226 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.7 | 49702 | 13.32.240.46 | 80 | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Apr 15, 2021 19:27:27.690902948 CEST | 275 | OUT | |
Apr 15, 2021 19:27:27.742712021 CEST | 277 | IN |