Analysis Report
Overview
General Information |
---|
Joe Sandbox Version: | 20.0.0 |
Analysis ID: | 491829 |
Start time: | 21:31:26 |
Joe Sandbox Product: | Cloud |
Start date: | 03.02.2018 |
Overall analysis duration: | 0h 7m 19s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | aaa.pdf |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 (Java 1.8.0_91, Flash 21.0.0.242, Acrobat Reader DC 2015.016.20039, Internet Explorer 11, Chrome 51, Firefox 47) |
Number of analysed new started processes analysed: | 16 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies |
|
Detection: | MAL |
Classification: | mal88.evad.expl.spyw.troj.winPDF@22/41@5/4 |
HCA Information: |
|
EGA Information: | Failed |
HDC Information: | Failed |
Cookbook Comments: |
|
Warnings: | Show All
|
Detection |
---|
Strategy | Score | Range | Reporting | Detection | |
---|---|---|---|---|---|
Threshold | 88 | 0 - 100 | Report FP / FN |
Confidence |
---|
Strategy | Score | Range | Further Analysis Required? | Confidence | |
---|---|---|---|---|---|
Threshold | 5 | 0 - 5 | false |
Classification |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Antivirus detection for submitted file | Show sources |
Source: aaa.pdf | virustotal: | Perma Link |
Software Vulnerabilities: |
---|
Potential document exploit detected (performs DNS queries) | Show sources |
Source: global traffic | DNS query: |
Potential document exploit detected (performs HTTP gets) | Show sources |
Source: global traffic | TCP traffic: |
Potential document exploit detected (unknown TCP traffic) | Show sources |
Source: global traffic | TCP traffic: |
Browser exploit detected (process start blacklist hit) | Show sources |
Source: C:\Program Files\Internet Explorer\iexplore.exe | Process created: |
Networking: |
---|
Downloads files from webservers via HTTP | Show sources |
Source: global traffic | HTTP traffic detected: |
Performs DNS lookups | Show sources |
Source: unknown | DNS traffic detected: |
Urls found in memory or binary data | Show sources |
Source: iexplore.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: |
Downloads executable code via HTTP | Show sources |
Source: global traffic | HTTP traffic detected: |
Detected TCP or UDP traffic on non-standard ports | Show sources |
Source: global traffic | TCP traffic: |
Uses ping.exe to check the status of other devices and networks | Show sources |
Source: unknown | Process created: |
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: Traffic | Snort IDS: | ||
Source: Traffic | Snort IDS: |
Boot Survival: |
---|
Creates an autostart registry key | Show sources |
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Registry value created or modified: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Registry value created or modified: |
Stealing of Sensitive Information: |
---|
Uploads sensitive system information to the internet (privacy leak) | Show sources |
Source: 192.168.1.72:49751 -> 192.185.103.35:80 | HTTP traffic detected: |
Spreading: |
---|
Enumerates the file system | Show sources |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | File opened: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | File opened: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | File opened: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | File opened: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | File opened: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | File opened: |
System Summary: |
---|
Found GUI installer (many successful clicks) | Show sources |
Source: C:\Program Files\Internet Explorer\iexplore.exe | Automated click: | ||
Source: C:\Program Files\Internet Explorer\iexplore.exe | Automated click: | ||
Source: C:\Program Files\Internet Explorer\iexplore.exe | Automated click: | ||
Source: C:\Program Files\Internet Explorer\iexplore.exe | Automated click: | ||
Source: C:\Program Files\Internet Explorer\iexplore.exe | Automated click: |
Uses Rich Edit Controls | Show sources |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | File opened: |
Found graphical window changes (likely an installer) | Show sources |
Source: Window Recorder | Window detected: |
Uses Microsoft Silverlight | Show sources |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | File opened: |
Uses new MSVCR Dlls | Show sources |
Source: C:\Program Files\Internet Explorer\iexplore.exe | File opened: |
Binary contains paths to debug symbols | Show sources |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
PDF has a JavaScript or JS counter value indicative for goodware | Show sources |
Source: aaa.pdf | Initial sample: | ||
Source: aaa.pdf | Initial sample: |
PDF has an EmbeddedFile counter value indicative for goodware | Show sources |
Source: aaa.pdf | Initial sample: |
Classification label | Show sources |
Source: classification engine | Classification label: |
Clickable URLs found in PDF | Show sources |
Source: aaa.pdf | Initial sample: |
Creates files inside the user directory | Show sources |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | File created: |
Creates temporary files | Show sources |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | File created: |
Parts of this applications are using the .NET runtime (Probably coded in C#) | Show sources |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Section loaded: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Section loaded: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Section loaded: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Section loaded: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Section loaded: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Section loaded: |
Queries process information (via WMI, Win32_Process) | Show sources |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | WMI Queries: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | WMI Queries: |
Reads ini files | Show sources |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | File read: |
Reads software policies | Show sources |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | Key opened: |
Sample is known by Antivirus (Virustotal or Metascan) | Show sources |
Source: aaa.pdf | Virustotal: |
Spawns processes | Show sources |
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | Process created: | ||
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | Process created: | ||
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | Process created: | ||
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Process created: | ||
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Process created: | ||
Source: C:\Program Files\Internet Explorer\iexplore.exe | Process created: | ||
Source: C:\Program Files\Internet Explorer\iexplore.exe | Process created: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process created: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process created: | ||
Source: C:\Windows\System32\cmd.exe | Process created: |
Uses an in-process (OLE) Automation server | Show sources |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | Key value queried: |
Writes ini files | Show sources |
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | File written: |
Creates files inside the system directory | Show sources |
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | File created: |
Creates mutexes | Show sources |
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Mutant created: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Mutant created: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Mutant created: |
Detected potential crypto function | Show sources |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C10EC62 | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C10D307 | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C113DF2 | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C10C527 | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C10DA27 | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C10E127 | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C115F11 | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C115BE7 | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C10D63B | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C10E44D | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C119FB2 | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C11B27D | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C116B46 | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C111EE6 | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C10B047 | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C113082 | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C1192A7 | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C10E9E6 | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C11B98D | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C119C86 | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C112158 | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C119525 | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C10B379 | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C10AB8B | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C142C60 | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C10C84B | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C113AC6 | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C1154C5 | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C116DC2 | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C1157FB | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C1132FB | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C11B007 | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C1105F2 | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C10DD4B | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C11B667 | |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Code function: | 5_2_3C1102C6 |
Clickable URLs found in PDF pointing to bad files | Show sources |
Source: aaa.pdf | Initial sample: |
HIPS / PFW / Operating System Protection Evasion: |
---|
May try to detect the Windows Explorer process (often used for injection) | Show sources |
Source: AcroRd32.exe | Binary or memory string: | ||
Source: AcroRd32.exe | Binary or memory string: | ||
Source: AcroRd32.exe | Binary or memory string: | ||
Source: AcroRd32.exe | Binary or memory string: | ||
Source: AcroRd32.exe | Binary or memory string: |
Anti Debugging: |
---|
Creates guard pages, often used to prevent reverse engineering and debugging | Show sources |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Memory allocated: |
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation)) | Show sources |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | System information queried: |
Enables debug privileges | Show sources |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process token adjusted: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process token adjusted: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process token adjusted: |
Malware Analysis System Evasion: |
---|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) | Show sources |
Source: AcroRd32.exe | Binary or memory string: | ||
Source: iexplore.exe | Binary or memory string: |
Queries a list of all running processes | Show sources |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information queried: |
Contains long sleeps (>= 3 min) | Show sources |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Thread delayed: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Thread delayed: |
Enumerates the file system | Show sources |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | File opened: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | File opened: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | File opened: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | File opened: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | File opened: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | File opened: |
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines) | Show sources |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | WMI Queries: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | WMI Queries: |
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) | Show sources |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | WMI Queries: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | WMI Queries: |
Uses ping.exe to sleep | Show sources |
Source: unknown | Process created: | ||
Source: C:\Windows\System32\cmd.exe | Process created: |
Hooking and other Techniques for Hiding and Protection: |
---|
Disables application error messsages (SetErrorMode) | Show sources |
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Process information set: |
Lowering of HIPS / PFW / Operating System Security Settings: |
---|
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI) | Show sources |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | WMI Queries: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | WMI Queries: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | WMI Queries: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | WMI Queries: |
Language, Device and Operating System Detection: |
---|
Queries the cryptographic machine GUID | Show sources |
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Key value queried: |
Queries the volume information (name, serial number etc) of a device | Show sources |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Queries volume information: | ||
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LGS3HANG\doc.exe | Queries volume information: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Queries volume information: | ||
Source: C:\Users\user\AppData\Local\Temp\doc\doc.exe | Queries volume information: |
Behavior Graph |
---|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
21:33:32 | Autostart | Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run flurant C:\Users\user\AppData\Roaming\\williams.exe |
Antivirus Detection |
---|
Initial Sample |
---|
Source | Detection | Cloud | Link |
---|---|---|---|
8% | virustotal | Browse |
Dropped Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Cloud | Link |
---|---|---|---|
0% | virustotal | Browse |
Yara Overview |
---|
Initial Sample |
---|
No yara matches |
---|
PCAP (Network Traffic) |
---|
No yara matches |
---|
Dropped Files |
---|
No yara matches |
---|
Memory Dumps |
---|
No yara matches |
---|
Unpacked PEs |
---|
No yara matches |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
192.185.103.35 | malicious | Browse |
| ||
1.1.1.1 | 821842ebead4c0c8038e1a25e1adcba707b02eb1ce124a80d02059dbb3232877 | malicious | Browse |
| |
821842ebead4c0c8038e1a25e1adcba707b02eb1ce124a80d02059dbb3232877 | malicious | Browse |
| ||
821842ebead4c0c8038e1a25e1adcba707b02eb1ce124a80d02059dbb3232877 | malicious | Browse |
| ||
821842ebead4c0c8038e1a25e1adcba707b02eb1ce124a80d02059dbb3232877 | malicious | Browse |
| ||
213.183.58.7 | 695245f254bd298bb704b3e3ebb1a3f5988949f49b5969c89756f06f7dab098d | malicious | Browse |
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
MELBICOM-EU-ASNL | bb6d04bf67c9a5875adbbf560b1a3a69b5b34f9f7d691a3453979a9eccfe993b | malicious | Browse |
| |
4ac257d04eacfef1108f8dbf194a7a885964a192a3693186de08c6f4c48e3c11 | malicious | Browse |
| ||
63ef1d7b30fd9bbb08533075a7a0119c2303abf31caee79c7e314f0234d77dcc | malicious | Browse |
| ||
cc73f1cd593458d227626d618ba6da103ed7523ccd885d9b63c185db827a3369 | malicious | Browse |
| ||
bdb1678187ff11a1586ac493e32e4fbc288fc1e1f0b9dd680764a9a3e38e98e2 | malicious | Browse |
| ||
35b6d11a6ef04fc4fdbc5db67d42e48b4d0f6983e6f4856e4c91b7ab6ae472a7 | malicious | Browse |
| ||
2c3576d23cb18220ea1d1d069400a119afd03fb035e560dce9aae4f925271e57 | malicious | Browse |
| ||
badc5ef1e511e8143b08828b707a4f41be7592a9a9486a66dc495547832baec3 | malicious | Browse |
| ||
7505654ebe7904bb9a2994c5e51cd125a84a1b52e85aed878496c90065e9b6b3 | malicious | Browse |
| ||
a0eda639e5288af3c2df8ed5ec40489817819d50d6b8a10a7d584541b44e6f5c | malicious | Browse |
| ||
ef44cfb8939a8a4ab36ca78f05ee167da82ab693cf2df783e72fbafe2ba9d0b1 | malicious | Browse |
| ||
08cf471754214433e80a34f381a60b6eec9f1ade0accaaea9a1146125899f12d | malicious | Browse |
| ||
f708877f46c0cbdf9c855eb7392a1b0a8edc205651ab25b50f740e7e062deb2c | malicious | Browse |
| ||
5a5816c5bd453414112757f274704798f2b9b079cda808316099c3e6837eddc0 | malicious | Browse |
| ||
c9494677ea837038c7eb74b00aed8ac15dbb6f4f16bcd095535e39785c1db739 | malicious | Browse |
| ||
12e0148905c871df0e8bfbf998127fbf8899c437ddfede2ba1acf790263a7ed5 | malicious | Browse |
| ||
3c9f33c7e16ca9aa611dfe8447b2eb34afd1d37d295c8887edcd7b20f06120e4 | malicious | Browse |
| ||
3c9f33c7e16ca9aa611dfe8447b2eb34afd1d37d295c8887edcd7b20f06120e4 | malicious | Browse |
| ||
f8602420b353d1e403ddcc92e225b7b08c1c839836729aa8c2a5b42d46e2feb6 | malicious | Browse |
| ||
e5039a02a3a54225075e261df8ab26a9d32adf798305c47cd1bd9d9e19d72276 | malicious | Browse |
| ||
CYRUSONE-CyrusOneLLCUS | 04638f518a10edf46aa0bf2773d2035ae33653c74887bf242d9d97b96d68a653 | malicious | Browse |
| |
6ee04f0ff1fcf7b18446945c60a77d5ad953c4102b5099cd0aa24a2cceef10d9 | malicious | Browse |
| ||
85478e4902eaaf36709a819677ccf50f1e2624ac7404331ffab2aab74f60e9ec | malicious | Browse |
| ||
6b658ec75785c3ee84a698fc984caf69580fac2b0c228119c2b79c769f8336af | malicious | Browse |
| ||
67c3c3a72115570e6f6a609dbf6f115aa2031fa1ef540742e3ece81776cbe72a | malicious | Browse |
| ||
67c3c3a72115570e6f6a609dbf6f115aa2031fa1ef540742e3ece81776cbe72a | malicious | Browse |
| ||
7a713785ef3669c72a5c1cff9368af89bb816483caaaf0e02171f08ae6b256ed | malicious | Browse |
| ||
9f53ec77d3d8da1ab1eb50b1fcf837bf06d53c52e2912ed1228975ff67649629 | malicious | Browse |
| ||
669dca0a8f7e6e3f101a4860077f79e74300206b7c99ef2e26f6ea3696df62a0 | malicious | Browse |
| ||
malicious | Browse |
| |||
malicious | Browse |
| |||
782a3fab9b36bf28b9c4fc1cc35c1117d0befe85532742d881dfc43d49a4b3fc | malicious | Browse |
| ||
malicious | Browse |
| |||
a6fa68ed565eb42126949838f1736203ea2eac5457b57acd1acfbcf7ec957c19 | malicious | Browse |
| ||
f719e28bfc39196bee3117b0fbde76f8c88b623747f2d4f349fe0a7043635998 | malicious | Browse |
| ||
malicious | Browse |
| |||
9ce27e2c4198d72d91d53eb790f6be33c91ffefb925dafce4f41a6f64fd9c4d1 | malicious | Browse |
| ||
malicious | Browse |
| |||
9af9b9b374d6a205c026a164c0fbee3b9d91400ec72f1cabb71bfc4ef369fd0e | malicious | Browse |
| ||
f97bdc3559767a33e5fd29d159f026bf6976398c1ce9dd61ca4b3b32be9e3459 | malicious | Browse |
| ||
unknown | 0054d08d607b52357cad7412cbfa0ee7125c72e5f1e2851004c57dfeb824e04b | malicious | Browse |
| |
d9d382644ab9c1a66646b62aacaae39ae5b76827b283a4b3f90372efb8cfb63f | malicious | Browse |
| ||
486cf59503248617435fb6c87b4d90f0ed20adae1b4a20d0363a334550bfe36e | malicious | Browse |
| ||
3cfc4a47958f4a9c8231f479048831c8889d406e55a4d26b801e8918f188fc54 | malicious | Browse |
| ||
8568262d197f437911ef086468914571c70845ea30095f08fb56a6e1fbc6c281 | malicious | Browse |
| ||
64960d4a39836d097af0848fdbdc39330a6d90c2c713322dbcc54254e853d49c | malicious | Browse |
| ||
54dfe1eb4b07dadd51381e3e2159090df194382f203aa776251243bde52a4ef1 | malicious | Browse |
| ||
bfccc82aee390efca9b3f2efbe7c446b1fe91ffd1d93457f935cba24922c3467 | malicious | Browse |
| ||
2ea9b2e004a04017c332d7cc885f038645142b934adfc2cd93167ad7e835a1f8 | malicious | Browse |
| ||
fd8b709edc7c8b152af7dc691de0253d80129fb2a6810c60c4fecbc2f54c9801 | malicious | Browse |
| ||
2f96ef9ddcae737750efdecb3c3ead4dc91041cc9de59c1243cecb11e6196ca6 | malicious | Browse |
| ||
04e2d81a8b9774d44bdb0b45403262458c2478fe165bce09c1126e88b1b8c4f1 | malicious | Browse |
| ||
f6b6b407882071c49653281ec726a2b998c9a1876f4f8d597ab99b8f9d1617ff | malicious | Browse |
| ||
3037d62e51703fe40883ffd722a1d0d6e539495bec4590fcd6fdf2616a262345 | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Screenshot |
---|
Startup |
---|
|
Created / dropped Files |
---|
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | high, very likely benign file |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | high, very likely benign file |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | high, very likely benign file |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | high, very likely benign file |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | high, very likely benign file |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | high, very likely benign file |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | high, very likely benign file |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | high, very likely benign file |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | high, very likely benign file |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | high, very likely benign file |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | high, very likely benign file |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | high, very likely benign file |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | high, very likely benign file |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | high, very likely benign file |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | high, very likely benign file |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | high, very likely benign file |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | true |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | true |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | true |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | true |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
File Type: | |
Size (bytes): | 7552 |
Entropy (8bit): | 5.022900957969773 |
Encrypted: | false |
MD5: | B8C670A62496396D2CAAE8DB80FD4984 |
SHA1: | CA2B5EC37B1FF4534056732CA447AC41F8E138D4 |
SHA-256: | D651E8F8BB345C1E8BDA432EEB15E564606506028D46F4AFE650A843F3263943 |
SHA-512: | 7AA6140D64EDD126522D09905F32E4753035B7BDAAD647FA46B2FF798CCC66E12BA8D0DD4C56A6DB5A2DC47060D202E33F57235D9773A5509541EDD2276F0411 |
Malicious: | false |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
File Type: | |
Size (bytes): | 224 |
Entropy (8bit): | 1.0814558124904918 |
Encrypted: | false |
MD5: | BFEFB3F9D9F41C32C3894E5F77E3FAF3 |
SHA1: | 375CB06EEE441F03BA01520B475F13B1E46C2AC7 |
SHA-256: | E56EFB00C617D5E5FD8103150FC58B7754140CFBBD00185D38C307B0DA8FF634 |
SHA-512: | 75399F736AD1E1F1497178D438CAA24EE49130508CBCD913063E79A695FD4A297F86E3B08AD7BE2ECCE53D973349F1A2DE09E7A0D97B9AB5AE347C338948F745 |
Malicious: | false |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | true |
Contacted Domains/Contacted IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection |
---|---|---|---|---|
zwangerschapsyogaamsterdamwest.nl | 192.185.103.35 | true | true | 0%, virustotal, Browse |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|
192.185.103.35 | United States | 20013 | CYRUSONE-CyrusOneLLCUS | true | |
8.8.8.8 | United States | 15169 | GOOGLE-GoogleIncUS | false | |
1.1.1.1 | Australia | unknown | unknown | true | |
213.183.58.7 | Lithuania | 56630 | MELBICOM-EU-ASNL | true |
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.520126750968663 |
TrID: |
|
File name: | aaa.pdf |
File size: | 23832 |
MD5: | 37c68a5704581befbb08df5ea3a9c528 |
SHA1: | 69d632cb9e4aefb6a92daf1835385f3a6548a2a0 |
SHA256: | 7691b7c91835a65161798d1adfd68ea264926f579dabd8325a363b12d26e9e90 |
SHA512: | bf519dc451f07438f009ccc02f28f5047a9fc245d2e8be2f4d22a6b563cc85da0c03b0756772bb84b2223417efecd07d7442578415938216437f75cd9fa6da48 |
File Content Preview: | %PDF-1.5..4 0 obj..<</Type /Page/Parent 3 0 R/Contents 5 0 R/MediaBox [0 0 612 792]/Resources<</XObject<</X1 7 0 R>>>>/Group <</Type/Group/S/Transparency/CS/DeviceRGB>>/Annots[6 0 R ]>>..endobj..5 0 obj..<</Length 8 0 R>>stream..1 0 0 -1 0 792 cm q 1 0 0 |
File Icon |
---|
Static PDF Info |
---|
General | |
---|---|
Header: | %PDF-1.5 |
Total Entropy: | 7.520127 |
Total Bytes: | 23832 |
Stream Entropy: | 7.532536 |
Stream Bytes: | 22093 |
Entropy outside Streams: | 5.515339 |
Bytes outside Streams: | 1739 |
Number of EOF found: | 2 |
Bytes after EOF: |
Keywords Statistics |
---|
Name | Count |
---|---|
obj | 14 |
endobj | 14 |
stream | 5 |
endstream | 5 |
xref | 0 |
trailer | 0 |
startxref | 2 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 2 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
02/03/18-21:33:23.623479 | TCP | 2022239 | ET TROJAN EXE Download Request To Wordpress Folder Likely Malicious | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
02/03/18-21:33:23.623479 | TCP | 2021697 | ET TROJAN EXE Download Request To Wordpress Folder Likely Malicious | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 3, 2018 21:32:10.561108112 CET | 62465 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:32:11.567994118 CET | 62465 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:32:12.571824074 CET | 62465 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:32:14.582293034 CET | 62465 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:32:18.602766991 CET | 62465 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:32:20.473094940 CET | 53 | 62465 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:32:20.611568928 CET | 53 | 62465 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:32:20.611646891 CET | 53 | 62465 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:32:20.611680984 CET | 53 | 62465 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:32:20.611707926 CET | 53 | 62465 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:32:27.988158941 CET | 65509 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:32:28.871850014 CET | 53 | 65509 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:32:56.336441040 CET | 54798 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:32:57.384031057 CET | 54798 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:32:57.650475979 CET | 53 | 54798 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:32:58.414820910 CET | 53 | 54798 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:33:19.252407074 CET | 50993 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:33:20.213414907 CET | 53 | 50993 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:33:22.028878927 CET | 58503 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:33:23.030596018 CET | 58503 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:33:23.613178968 CET | 53 | 58503 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:33:23.621512890 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:23.621557951 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:23.622441053 CET | 49752 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:23.622467041 CET | 80 | 49752 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:23.622643948 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:23.622692108 CET | 49752 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:23.623478889 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:23.623500109 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:24.137648106 CET | 53 | 58503 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:33:26.117784023 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:26.117819071 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:26.117831945 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:26.117860079 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:26.117969990 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:26.117988110 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:26.118311882 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:26.182646990 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:26.182672977 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:26.182681084 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:26.182811022 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:26.182827950 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:26.183248043 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:26.183286905 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:26.183769941 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:26.457500935 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:26.457812071 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:26.784889936 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:26.785079002 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:26.849021912 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:26.849045992 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:26.849055052 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:26.849175930 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:26.912682056 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:26.912714958 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:26.912727118 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:26.912878036 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:26.981244087 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:26.981267929 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:26.981278896 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:26.981780052 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:27.051090956 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:27.051116943 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:27.051198959 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:27.051315069 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:27.051332951 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:27.051342964 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:27.051698923 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:27.127115965 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:27.127300024 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:27.127346992 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:27.127362967 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:27.127684116 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:27.307444096 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:27.307477951 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:27.307487011 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:27.307573080 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:27.307636976 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:27.307658911 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:27.309976101 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:27.310005903 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:27.311551094 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:27.392566919 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:27.392591000 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:27.392713070 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:27.394229889 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:27.394346952 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:27.499435902 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:27.499461889 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:27.499469995 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:27.499793053 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:27.890499115 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:27.890523911 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:27.890532017 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:27.890542030 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:27.890569925 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:27.891769886 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:27.891788006 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:27.892229080 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:28.916445017 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:28.916469097 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:28.916481018 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:28.916717052 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:28.916760921 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:29.099240065 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.099263906 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.099414110 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:29.099428892 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.099757910 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:29.104579926 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.104603052 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.104715109 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:29.183496952 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.183522940 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.183532000 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.183742046 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:29.183757067 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.184125900 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:29.185796022 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.185936928 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:29.271013975 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.271194935 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:29.272476912 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.272500992 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.272509098 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.272660017 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:29.369254112 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.369290113 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.369301081 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.369755983 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:29.446892023 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.446916103 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.447087049 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:29.503572941 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.503627062 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.503648043 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.503758907 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:29.800438881 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.800471067 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.800487995 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.800498009 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.800519943 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.800605059 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.800647974 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:29.800692081 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.803683043 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:29.869735956 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.869771004 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.869785070 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.869888067 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:29.870417118 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:29.940359116 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.940376997 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.940517902 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:29.940579891 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.940602064 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.940613985 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:29.940886974 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:30.011462927 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.011485100 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.011631966 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:30.012449026 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.012471914 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.012480021 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.012566090 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:30.075263977 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.075288057 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.075295925 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.075714111 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:30.137453079 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.137476921 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.137485027 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.137599945 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:30.196033001 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.196057081 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.196074963 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.196461916 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:30.196480036 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.196877956 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:30.196923971 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.196943045 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.196957111 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.197273016 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:30.259584904 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.259629011 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.259658098 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.259819984 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:30.259835005 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.260201931 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:30.324033022 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.324058056 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.324065924 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.324208021 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:30.324244976 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.324254990 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.324284077 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.324704885 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:30.373692989 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.373718023 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.373727083 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.375403881 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:30.408520937 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.408545971 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.408555031 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.408751965 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:30.470942020 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.470968008 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.470977068 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.471128941 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:30.471154928 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.471539021 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:30.471930981 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.471957922 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.471966028 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.472076893 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:30.533495903 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.533524036 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.533533096 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.533660889 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:30.598351002 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.598376989 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.598381996 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.598460913 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.598475933 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.598520994 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:30.598560095 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.598891973 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:30.668131113 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.668157101 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.668164968 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.668277025 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:30.668420076 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.668437958 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.668448925 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:30.668975115 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:31.719016075 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:31.719039917 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:31.719048977 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:31.719196081 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:31.866384983 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:31.866410017 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:31.866416931 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:31.866554976 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:31.866573095 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:31.866950989 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:31.949934959 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:31.949959040 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:31.949968100 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:31.951682091 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:32.039995909 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.040025949 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.040045023 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.040313959 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:32.139920950 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.139946938 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.139955997 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.140350103 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:32.377634048 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.377656937 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.377665043 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.379703045 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:32.379724026 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.380054951 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:32.499028921 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.499052048 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.499059916 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.499257088 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:32.596803904 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.596828938 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.596843958 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.596853971 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.596863031 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.596995115 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:32.597018003 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.597413063 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:32.697673082 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.697696924 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.697705030 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.697827101 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:32.798362017 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.798919916 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:32.829250097 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.829297066 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.829307079 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.829538107 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:32.905364037 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.905390024 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.905399084 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:32.905524969 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.009262085 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.009289980 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.009299040 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.009438038 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.088238001 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.088268995 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.088284969 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.088419914 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.088438034 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.089054108 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.164328098 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.164357901 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.164366961 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.164463997 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.165303946 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.165333033 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.165347099 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.165467024 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.248825073 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.248856068 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.248871088 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.249016047 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.256999969 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.257028103 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.257035971 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.257170916 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.335994005 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.336535931 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.336564064 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.336580038 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.336608887 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.337121964 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.419867039 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.419883013 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.419892073 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.420058012 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.468960047 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.468974113 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.468988895 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.469229937 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.550832033 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.550852060 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.550865889 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.550946951 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.550967932 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.555680990 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.564905882 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.564917088 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.564927101 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.565011024 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.638109922 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.638120890 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.638125896 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.638195992 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.644546032 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.644556046 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.644567013 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.644661903 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.711875916 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.711891890 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.711903095 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.712023973 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.712044954 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.715416908 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.715428114 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.715517044 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.715533972 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.717787981 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.756985903 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.757000923 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.757009029 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.757097960 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.763978958 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.764003038 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.764013052 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.764142036 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.819775105 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.819801092 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.819823980 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.819931984 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.819952965 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.822907925 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.822932959 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.823050976 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.823070049 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.823664904 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.885297060 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.885328054 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.885335922 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.885466099 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.886349916 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.886368990 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.886379004 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.886735916 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.947076082 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.947103024 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.947120905 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.947282076 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.947297096 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.947674036 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:33.947865009 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.947890997 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.947911978 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:33.949969053 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:34.003745079 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.003767014 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.003782988 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.004025936 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:34.015109062 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.015130997 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.015146971 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.015278101 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:34.081104994 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.081127882 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.081142902 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.081343889 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:34.081357002 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.081914902 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.081937075 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.082022905 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:34.082039118 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.082761049 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:34.085967064 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.085990906 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.086002111 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.086059093 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:34.234534025 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.234555006 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.234565973 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.235024929 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:34.308722019 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.308752060 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.308759928 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.308842897 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:34.308860064 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.309932947 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:34.439316034 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.439347982 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.439368963 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.439506054 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.439510107 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:34.439521074 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.439536095 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.439548016 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.439878941 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:34.439893961 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:33:34.440264940 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:33:49.200720072 CET | 64559 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:33:49.811691999 CET | 53 | 64559 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:33:52.563671112 CET | 59499 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:33:53.213628054 CET | 53 | 59499 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:34:21.491626024 CET | 49756 | 1337 | 192.168.1.72 | 213.183.58.7 |
Feb 3, 2018 21:34:21.491661072 CET | 1337 | 49756 | 213.183.58.7 | 192.168.1.72 |
Feb 3, 2018 21:34:21.491806984 CET | 49756 | 1337 | 192.168.1.72 | 213.183.58.7 |
Feb 3, 2018 21:34:21.620800018 CET | 49756 | 1337 | 192.168.1.72 | 213.183.58.7 |
Feb 3, 2018 21:34:21.620826006 CET | 1337 | 49756 | 213.183.58.7 | 192.168.1.72 |
Feb 3, 2018 21:34:21.630920887 CET | 49756 | 1337 | 192.168.1.72 | 213.183.58.7 |
Feb 3, 2018 21:34:22.519992113 CET | 49757 | 1337 | 192.168.1.72 | 213.183.58.7 |
Feb 3, 2018 21:34:22.520023108 CET | 1337 | 49757 | 213.183.58.7 | 192.168.1.72 |
Feb 3, 2018 21:34:22.524580002 CET | 49757 | 1337 | 192.168.1.72 | 213.183.58.7 |
Feb 3, 2018 21:34:22.608390093 CET | 49757 | 1337 | 192.168.1.72 | 213.183.58.7 |
Feb 3, 2018 21:34:23.578207016 CET | 49758 | 1337 | 192.168.1.72 | 213.183.58.7 |
Feb 3, 2018 21:34:23.578248978 CET | 1337 | 49758 | 213.183.58.7 | 192.168.1.72 |
Feb 3, 2018 21:34:23.578597069 CET | 49758 | 1337 | 192.168.1.72 | 213.183.58.7 |
Feb 3, 2018 21:34:23.609343052 CET | 49758 | 1337 | 192.168.1.72 | 213.183.58.7 |
Feb 3, 2018 21:34:24.595082045 CET | 49759 | 1337 | 192.168.1.72 | 213.183.58.7 |
Feb 3, 2018 21:34:24.595125914 CET | 1337 | 49759 | 213.183.58.7 | 192.168.1.72 |
Feb 3, 2018 21:34:24.595257998 CET | 49759 | 1337 | 192.168.1.72 | 213.183.58.7 |
Feb 3, 2018 21:34:24.876127958 CET | 49759 | 1337 | 192.168.1.72 | 213.183.58.7 |
Feb 3, 2018 21:34:25.608963013 CET | 49760 | 1337 | 192.168.1.72 | 213.183.58.7 |
Feb 3, 2018 21:34:25.609018087 CET | 1337 | 49760 | 213.183.58.7 | 192.168.1.72 |
Feb 3, 2018 21:34:25.609327078 CET | 49760 | 1337 | 192.168.1.72 | 213.183.58.7 |
Feb 3, 2018 21:34:26.193576097 CET | 58110 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:34:26.624386072 CET | 80 | 49752 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:34:26.624393940 CET | 49760 | 1337 | 192.168.1.72 | 213.183.58.7 |
Feb 3, 2018 21:34:26.624419928 CET | 1337 | 49760 | 213.183.58.7 | 192.168.1.72 |
Feb 3, 2018 21:34:26.624516964 CET | 49752 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:34:26.816354990 CET | 53 | 58110 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:34:31.639977932 CET | 49760 | 1337 | 192.168.1.72 | 213.183.58.7 |
Feb 3, 2018 21:34:31.640016079 CET | 1337 | 49760 | 213.183.58.7 | 192.168.1.72 |
Feb 3, 2018 21:34:34.807271004 CET | 80 | 49751 | 192.185.103.35 | 192.168.1.72 |
Feb 3, 2018 21:34:34.807439089 CET | 49751 | 80 | 192.168.1.72 | 192.185.103.35 |
Feb 3, 2018 21:34:35.228861094 CET | 57019 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:34:36.174961090 CET | 53 | 57019 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:34:36.656390905 CET | 49760 | 1337 | 192.168.1.72 | 213.183.58.7 |
Feb 3, 2018 21:34:36.656423092 CET | 1337 | 49760 | 213.183.58.7 | 192.168.1.72 |
Feb 3, 2018 21:34:38.186754942 CET | 57063 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:34:38.728271008 CET | 53 | 57063 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:34:39.285430908 CET | 1337 | 49760 | 213.183.58.7 | 192.168.1.72 |
Feb 3, 2018 21:34:39.285542011 CET | 49760 | 1337 | 192.168.1.72 | 213.183.58.7 |
Feb 3, 2018 21:34:39.285840988 CET | 49760 | 1337 | 192.168.1.72 | 213.183.58.7 |
Feb 3, 2018 21:34:39.285871983 CET | 1337 | 49760 | 213.183.58.7 | 192.168.1.72 |
Feb 3, 2018 21:34:39.828095913 CET | 49766 | 1337 | 192.168.1.72 | 213.183.58.7 |
Feb 3, 2018 21:34:39.828147888 CET | 1337 | 49766 | 213.183.58.7 | 192.168.1.72 |
Feb 3, 2018 21:34:39.828309059 CET | 49766 | 1337 | 192.168.1.72 | 213.183.58.7 |
Feb 3, 2018 21:34:40.616110086 CET | 1337 | 49766 | 213.183.58.7 | 192.168.1.72 |
Feb 3, 2018 21:34:40.616337061 CET | 49766 | 1337 | 192.168.1.72 | 213.183.58.7 |
Feb 3, 2018 21:34:40.616556883 CET | 49766 | 1337 | 192.168.1.72 | 213.183.58.7 |
Feb 3, 2018 21:34:40.616594076 CET | 1337 | 49766 | 213.183.58.7 | 192.168.1.72 |
Feb 3, 2018 21:34:40.843194008 CET | 49767 | 1337 | 192.168.1.72 | 213.183.58.7 |
Feb 3, 2018 21:34:40.843236923 CET | 1337 | 49767 | 213.183.58.7 | 192.168.1.72 |
Feb 3, 2018 21:34:40.844012022 CET | 49767 | 1337 | 192.168.1.72 | 213.183.58.7 |
Feb 3, 2018 21:34:41.672847033 CET | 49767 | 1337 | 192.168.1.72 | 213.183.58.7 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 3, 2018 21:32:10.561108112 CET | 62465 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:32:11.567994118 CET | 62465 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:32:12.571824074 CET | 62465 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:32:14.582293034 CET | 62465 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:32:18.602766991 CET | 62465 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:32:20.473094940 CET | 53 | 62465 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:32:20.611568928 CET | 53 | 62465 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:32:20.611646891 CET | 53 | 62465 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:32:20.611680984 CET | 53 | 62465 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:32:20.611707926 CET | 53 | 62465 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:32:27.988158941 CET | 65509 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:32:28.871850014 CET | 53 | 65509 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:32:56.336441040 CET | 54798 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:32:57.384031057 CET | 54798 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:32:57.650475979 CET | 53 | 54798 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:32:58.414820910 CET | 53 | 54798 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:33:19.252407074 CET | 50993 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:33:20.213414907 CET | 53 | 50993 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:33:22.028878927 CET | 58503 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:33:23.030596018 CET | 58503 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:33:23.613178968 CET | 53 | 58503 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:33:24.137648106 CET | 53 | 58503 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:33:49.200720072 CET | 64559 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:33:49.811691999 CET | 53 | 64559 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:33:52.563671112 CET | 59499 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:33:53.213628054 CET | 53 | 59499 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:34:26.193576097 CET | 58110 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:34:26.816354990 CET | 53 | 58110 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:34:35.228861094 CET | 57019 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:34:36.174961090 CET | 53 | 57019 | 8.8.8.8 | 192.168.1.72 |
Feb 3, 2018 21:34:38.186754942 CET | 57063 | 53 | 192.168.1.72 | 8.8.8.8 |
Feb 3, 2018 21:34:38.728271008 CET | 53 | 57063 | 8.8.8.8 | 192.168.1.72 |
ICMP Packets |
---|
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Feb 3, 2018 21:32:58.414988995 CET | 192.168.1.72 | 8.8.8.8 | cf59 | (Port unreachable) | Destination Unreachable |
Feb 3, 2018 21:33:24.137844086 CET | 192.168.1.72 | 8.8.8.8 | cf59 | (Port unreachable) | Destination Unreachable |
Feb 3, 2018 21:34:13.588713884 CET | 192.168.1.72 | 1.1.1.1 | 4d58 | Echo |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Feb 3, 2018 21:32:56.336441040 CET | 192.168.1.72 | 8.8.8.8 | 0x3e | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 3, 2018 21:32:57.384031057 CET | 192.168.1.72 | 8.8.8.8 | 0x3e | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 3, 2018 21:33:19.252407074 CET | 192.168.1.72 | 8.8.8.8 | 0xa46e | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 3, 2018 21:33:22.028878927 CET | 192.168.1.72 | 8.8.8.8 | 0xde02 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 3, 2018 21:33:23.030596018 CET | 192.168.1.72 | 8.8.8.8 | 0xde02 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Replay Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Feb 3, 2018 21:32:57.650475979 CET | 8.8.8.8 | 192.168.1.72 | 0x3e | No error (0) | 192.185.103.35 | A (IP address) | IN (0x0001) | ||
Feb 3, 2018 21:32:58.414820910 CET | 8.8.8.8 | 192.168.1.72 | 0x3e | No error (0) | 192.185.103.35 | A (IP address) | IN (0x0001) | ||
Feb 3, 2018 21:33:20.213414907 CET | 8.8.8.8 | 192.168.1.72 | 0xa46e | No error (0) | 192.185.103.35 | A (IP address) | IN (0x0001) | ||
Feb 3, 2018 21:33:23.613178968 CET | 8.8.8.8 | 192.168.1.72 | 0xde02 | No error (0) | 192.185.103.35 | A (IP address) | IN (0x0001) | ||
Feb 3, 2018 21:33:24.137648106 CET | 8.8.8.8 | 192.168.1.72 | 0xde02 | No error (0) | 192.185.103.35 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.1.72 | 49751 | 192.185.103.35 | 80 | C:\Program Files\Internet Explorer\iexplore.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Feb 3, 2018 21:33:23.623478889 CET | 79 | OUT | |
Feb 3, 2018 21:33:26.117784023 CET | 80 | IN |