Windows
Analysis Report
https://www.webex.com/msteams?confid=1124166264&tenantkey=rsm&domain=m.webex.com
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
chrome.exe (PID: 5256 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" --sta rt-maximiz ed "about: blank MD5: 5BBFA6CBDF4C254EB368D534F9E23C92) chrome.exe (PID: 1592 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2604 --fi eld-trial- handle=256 8,i,153406 0448308525 9944,71619 6421831312 9483,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92) lync.exe (PID: 3040 cmdline:
C:\Program Files (x8 6)\Microso ft Office\ Root\Offic e16\lync.e xe" "sip:1 124166264. rsm@m.webe x.com MD5: EA37BE9C3560062AAD02B73D64B6E427) lynchtmlconv.exe (PID: 5876 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\lynch tmlconv.ex e" MD5: 6AEAD656E50BC1B6E9BEA527187B5624)
chrome.exe (PID: 6392 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" "http s://www.we bex.com/ms teams?conf id=1124166 264&tenant key=rsm&do main=m.web ex.com MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
lync.exe (PID: 712 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\lync. exe" /from runkey MD5: EA37BE9C3560062AAD02B73D64B6E427)
lync.exe (PID: 404 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\lync. exe" /from runkey MD5: EA37BE9C3560062AAD02B73D64B6E427)
- cleanup
- • Phishing
- • Compliance
- • Networking
- • System Summary
- • Boot Survival
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • HIPS / PFW / Operating System Protection Evasion
- • Language, Device and Operating System Detection
Click to jump to signature section
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | Key value created or modified: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 31 Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 11 Process Injection | 11 Masquerading | OS Credential Dumping | 31 Security Software Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 Registry Run Keys / Startup Folder | 1 Modify Registry | LSASS Memory | 211 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 1 Ingress Tool Transfer | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | 1 DLL Side-Loading | 211 Virtualization/Sandbox Evasion | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 3 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 11 Process Injection | NTDS | 121 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 4 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
accounts.google.com | 172.253.62.84 | true | false | high | |
cdnjs.cloudflare.com | 104.17.25.14 | true | false | high | |
www.google.com | 142.251.111.104 | true | false | high | |
clients.l.google.com | 172.253.115.113 | true | false | high | |
www.webex.com | unknown | unknown | false | high | |
clients2.google.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.253.62.84 | accounts.google.com | United States | 15169 | GOOGLEUS | false | |
142.251.111.104 | www.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
172.253.115.113 | clients.l.google.com | United States | 15169 | GOOGLEUS | false | |
104.17.25.14 | cdnjs.cloudflare.com | United States | 13335 | CLOUDFLARENETUS | false |
IP |
---|
192.168.2.6 |
Joe Sandbox Version: | 38.0.0 Ammolite |
Analysis ID: | 1329279 |
Start date and time: | 2023-10-20 14:54:30 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 3m 12s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://www.webex.com/msteams?confid=1124166264&tenantkey=rsm&domain=m.webex.com |
Analysis system description: | Windows 10 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 15 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal52.evad.win@24/24@10/6 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): dllhost.exe, Ru ntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskH ost.exe, svchost.exe, MavInjec t32.exe - Excluded IPs from analysis (wh
itelisted): 172.253.115.94, 34 .104.35.123, 23.66.225.58, 192 .229.211.108, 69.164.0.128, 52 .109.20.38, 52.113.194.132, 20 .42.73.24, 8.253.45.214, 142.2 51.167.94 - Excluded domains from analysis
(whitelisted): ecs.office.com , self-events-data.trafficmana ger.net, fs.microsoft.com, sls cr.update.microsoft.com, prod. configsvc1.live.com.akadns.net , self.events.data.microsoft.c om, onedscolprdeus03.eastus.cl oudapp.azure.com, ctldl.window supdate.com, clientservices.go ogleapis.com, s-0005-office.co nfig.skype.com, fe3cr.delivery .mp.microsoft.com, ecs-office. s-0005.s-msedge.net, e119.dsca .akamaiedge.net, ocsp.digicert .com, edgedl.me.gvt1.com, logi n.live.com, s-0005.s-msedge.ne t, config.officeapps.live.com, us.configsvc1.live.com.akadns .net, update.googleapis.com, o fficeclient.microsoft.com, ecs .office.trafficmanager.net, al l-www.webex.com.edgekey.net - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtCreateFile calls fou nd. - Report size getting too big, t
oo many NtQueryAttributesFile calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Report size getting too big, t
oo many NtSetValueKey calls fo und.
Time | Type | Description |
---|---|---|
14:55:52 | Autostart | |
14:56:00 | Autostart |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.12040748423970622 |
Encrypted: | false |
SSDEEP: | 12:9HSWj2xX/7Ez7UnEZQ1olHWZkR871nEo/xDWZS+:dFchEeiCB79Ek0T |
MD5: | A9694F29B50036962D088117DECEAD8F |
SHA1: | 258260196171479CF9142F1E5E8766C479C64E28 |
SHA-256: | C78960D816F33A256C071A0E6CC52D87DF860126456311DD09DE370A74F0703A |
SHA-512: | DBD7A12F5514C19DD5E89658FEEC10E8F4C9AE39FF66F542B4C032EEBA0F387634F0792ECDB349B3D3082515A04D9753FC0277D038B936AF4B990FDC44DB1EA4 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1869 |
Entropy (8bit): | 5.072015848279132 |
Encrypted: | false |
SSDEEP: | 48:cG3/IdnzyBedyrZ+nzyCsSynyJdyr5dnzyVLdyi4kSyrfznzy72dysOASyMadSyO:Yd2sEY2jbkEH2ZEgbn26ENAb5dbO |
MD5: | 6A37E1B523322B2FB76DFA339D488006 |
SHA1: | 1D95B58CBF42AFFAC6884A3772B622630A3045E7 |
SHA-256: | 4B80B35E8DCBA478A10FA7E05103017B79F3E23533921F79FAED7051DEA7E1BE |
SHA-512: | 591D1660E23EE9D3EEE3A9E7C3C45A0399A50E42B5491C530064FA4C4E4FEDF58E7494ACFC2DD3B781B81D2D7DF98903957BC1A17FC6E952F51FD48221060564 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 196608 |
Entropy (8bit): | 4.59765480084879 |
Encrypted: | false |
SSDEEP: | 3072:75f0Zk03Atot1vhzC0C5Z3S6dXHtPA0PY76v/Im0EA+7x+VFt:lJo |
MD5: | D7D085ED9DB8A2CDC276B6BE96A98052 |
SHA1: | 4FA87F3FFAC3EE36990BA5B49ECCDA0B0DAD5796 |
SHA-256: | 54D96EC35ED92B1E56C3BBAA5D1EFEAAA3BD4913692D35D565FD5C865DB936E1 |
SHA-512: | A4B852F97081F4C297DC781D9A753AA14FDAD453EDA51C4DFCA603DDF0C8BFDDED417AF1A6DA571E74194BB04BA4442880A58916563E84B4CE641C3D16B1A6AD |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 602 |
Entropy (8bit): | 3.451426846316992 |
Encrypted: | false |
SSDEEP: | 6:MKONbgH4+/ovovOVCC8hHWLsZuwg+HyAHHGHIvovdBNbgH4+/Qt2z6+Ow:M7F+/owXC8h2Q0DKTHHoIwxF+/GG6+v |
MD5: | 3B07E3C06A2EE4389F33BB49EE221423 |
SHA1: | 72D820F291FE4F28EB6044F7211FFFE3D68E12ED |
SHA-256: | 561ED645F90692B3431E47FCCCEE4886A2AA422207AE09EA23FA40C393652CFD |
SHA-512: | F02703C6BD9295B0AFAC04960BE62FEFFAC96F0E0F4FD8B51DCCF8024E428472663E8B0972A87A59C2BD66943B8C94BF21A983F6BB2AFA84745A34EC4F9FCD63 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe |
File Type: | |
Category: | modified |
Size (bytes): | 2182 |
Entropy (8bit): | 5.207638001251885 |
Encrypted: | false |
SSDEEP: | 48:2CGgLopxoX0P76ZM7jcoXcpbjmmpbjmVpbjm6p29pGTEct/hxw:2lgMp6X0PGO7BXcpbqmpbqVpbq6p29pp |
MD5: | 746D88411C1A4F098E52E2F48A1531D8 |
SHA1: | A10E69B0BA682921F4698E26BF64D2D3BB4195C4 |
SHA-256: | 3717FDE43239D9D4483B7A9030D346491457AE6D09C998E6B4B03794532B1D6A |
SHA-512: | FA91A5B3AC0AD2EC9777292B412A17A654802A4C1A9F51AFBB39A69310C64E5829D90EEEDAC89701E999F0140752212C4812539E6E29769FC3C250C13925C6EA |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.12040748423970622 |
Encrypted: | false |
SSDEEP: | 12:9HSWj2xX/7Ez7UnEZQ1olHWZkR871nEo/xDWZS+:dFchEeiCB79Ek0T |
MD5: | A9694F29B50036962D088117DECEAD8F |
SHA1: | 258260196171479CF9142F1E5E8766C479C64E28 |
SHA-256: | C78960D816F33A256C071A0E6CC52D87DF860126456311DD09DE370A74F0703A |
SHA-512: | DBD7A12F5514C19DD5E89658FEEC10E8F4C9AE39FF66F542B4C032EEBA0F387634F0792ECDB349B3D3082515A04D9753FC0277D038B936AF4B990FDC44DB1EA4 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8192 |
Entropy (8bit): | 0.6927284670058608 |
Encrypted: | false |
SSDEEP: | 12:ENj2xX/7EzrVvWQ1olHWZkR8hlWY/3cQn:scGXiCBhlWosQ |
MD5: | 3E66B430FC22D9346C008294EBB1A8AE |
SHA1: | 1324D1B5BB4102D6BEF9EF311BAE0F88DCCF2F13 |
SHA-256: | 460AD2F66438D3EDA09CEA4703B5ECD0EB535E610D3CC21EDCDE1BF368A2A738 |
SHA-512: | 9B23C8EDEAE9E8EA53994471CF17C69CC634D45C31952B41E51EAB3A0A6A3993C8359AF0379598D7174AE7B6FFE35D067D1568FF01693102ECFB8F3ECBA2BF7A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8192 |
Entropy (8bit): | 0.7064715850613985 |
Encrypted: | false |
SSDEEP: | 12:MoQYj2xX/7Ezu+vgTQ1olHWZkR8hlWgh3cARwn:MoQYc/EJiCBhlWSsswn |
MD5: | 95617A9A47ADE3159CB67F1E2091F7A7 |
SHA1: | 0F4690B98C28E71F6E8647FCB923620916815E2E |
SHA-256: | 89015E3B51C0D5CE7E06792C4F493F1C21E787CB73BB6D15BDFB6D417CC8B901 |
SHA-512: | E58407F663052E2DC339705554B3424814F64F227DBA0E92E89490101C7E4AED199B943E26B1FC2C3FD35723A482205AFC394DA196C9719063C742C3B1D4BE73 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 162299 |
Entropy (8bit): | 5.344433996300066 |
Encrypted: | false |
SSDEEP: | 1536:P+C7FPgu8B3U9guwQJQ9DQA+zez0Q5k4F77nXmvid8XRTEwr/j6B:soQ9DQA+zezQXef |
MD5: | 5C6379338A5B20254D677F0CE7B6F2F9 |
SHA1: | 741D365B82A597F1D4D2706C5EF7B13979B52904 |
SHA-256: | DD54DBF72A843237D35C5517D5E0B55F114E4608EA72493862E56B94BBFBA582 |
SHA-512: | BA50738C91DC899DFD625CD0689899539F4342C3ED0E55C0EA6893CA0341376180FBE02C75E62B24C6CFD4B5DE9CC36A1D00BEFBA289C39E8C55EFCFE77ABFD6 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4096 |
Entropy (8bit): | 0.09216609452072291 |
Encrypted: | false |
SSDEEP: | 3:lSWFN3l/klslpF/4llfll:l9F8E0/ |
MD5: | F138A66469C10D5761C6CBB36F2163C3 |
SHA1: | EEA136206474280549586923B7A4A3C6D5DB1E25 |
SHA-256: | C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6 |
SHA-512: | 9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4616 |
Entropy (8bit): | 0.13760166725504608 |
Encrypted: | false |
SSDEEP: | 3:7FEG2l+7xt/lK/FllkpMRgSWbNFl/sl+ltlslVlllfll3P:7+/l7g9bNFlEs1EP/v |
MD5: | 1B51F5CA221FC93739BEAA455BBE3B6A |
SHA1: | CB2EFFAC742A6FE3662C80BDFA188387FA737B58 |
SHA-256: | E03A944EB026A907772B6D5D3D4D20F55F8D315EA9C69EB921854B978EA35FE2 |
SHA-512: | 3B595EDB365584C8880643DA8FC06D465A5284DF692302F22DD2364CD08ABF822D8A8A3D6A265DD9CB2D6F59A7629AAAF1BBEF5A2336D527EC5DA5FBAB6281DF |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.04446227416749482 |
Encrypted: | false |
SSDEEP: | 6:G4l28dPa3V6izW/4l28dPa3V6iz10L9XXPH4l942U:l2Pg6Go2Pg6105A0 |
MD5: | 331FAD62584D2E5DAF294EC039B8C942 |
SHA1: | 8458E5A98209C2EC67AF1696C764D045334FEB9C |
SHA-256: | C3162BAD11AA05D64DB441D172CDCFA0EAB852CE6279412866FDC412A0A5DE06 |
SHA-512: | A33314F20B0FD6C79FCB44204FCFA4AB7B46B090993FFCD7D9B873BB65A2DE5CDB4183D79790B28EFD36D0DEE0C9BEBC290A307967A19B610AB1DA9C2AB7EA89 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 45352 |
Entropy (8bit): | 0.39302513148671303 |
Encrypted: | false |
SSDEEP: | 24:KP6eQ3zRDpqUll7DBtDi4kZERD+yzqt8VtbDBtDi4kZERDso/J:66eQ1YUll7DYMnzO8VFDYMwC |
MD5: | B95914A85297481B5A729A7BDDED28C4 |
SHA1: | C621FD4680C86C7DB55173177D46353955819FF1 |
SHA-256: | 585B02D4B9729BEA1411C91A2C7799346E4B92622924FDD4CFAB0B704D1DA761 |
SHA-512: | F13823C1569211BE97BFBE8353050802AC1CE96138B1C64D3EBBA1436FB039BE605461C0BA6927581F00D202B2F29AA8B1107B10011572AEC93752CB5ED8158D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2278 |
Entropy (8bit): | 3.8547517365376174 |
Encrypted: | false |
SSDEEP: | 48:uiTrlKxsxx2xl9Il8uuq5JzQMbTnz07CmYod1rc:vSY0KJ147zY/ |
MD5: | 4985951775BA3D2830C2AD0275F3D3AB |
SHA1: | 10E64152E9DBD4C5E16B50F7AD1B631442DF4688 |
SHA-256: | 209B64DACBD39024311E8441CA53A8DEBF4446B556AF8C2883F4B5364A106A52 |
SHA-512: | 5B7F07B2307FB541642765C2CE94812E31DD5C2FCA1ACC35E67A0DC85F781A40C92FFA2954C5DFBB881BF3A7C6DC9F5BA81236390D172B0A60FDBF7E97A77975 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4542 |
Entropy (8bit): | 3.9956974213751644 |
Encrypted: | false |
SSDEEP: | 48:uiTrlKxxxrWxD9Il8uuqKOo6jL0xnwKxgT1m/ncXFvU3PQFST6fdbn9WmXVfMYHL:dY0fOo6jAxBxtfn3PiHVzq1Y |
MD5: | 99D7E1FE6694EC240B17E52DC630A13D |
SHA1: | 30D115E972EC4D95E90483CCC507E60AE30FADDE |
SHA-256: | 3595EFD66863D6248A173084AB2DBC972E431762FA7FE4F666E2D09D4AF93B93 |
SHA-512: | AF2B57F815642D56016E9ED268698937719B28B61E735FF2C7088E5578B00777C1325DF985931EBD5F0270A0AF5A8E81A89A70E54335E989A72F00D1184076D4 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 423818 |
Entropy (8bit): | 5.375342137412923 |
Encrypted: | false |
SSDEEP: | 6144:/Myflm+vyJfbnQkK96B88yKv4bWTmTvEiLSu:/MyNm+6dF4/9 |
MD5: | 64A3E7576CF5C372B32425F19E7DA148 |
SHA1: | 33D20D9F1C90BA594F1ED934EDA6F74489B390B9 |
SHA-256: | 57E97D2C6B44FC33263BB6D54C4A856781F92AA0DB9DC9E238DE1F5CF0825AEF |
SHA-512: | DC43BECFB76416B959736777883B65823F9F2B0343DF93D9667DB250C51BDB70BE994BCBBC43C316AA743CB81875E5EB6995D7B16A7F877D563CA7D936931A0A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 423856 |
Entropy (8bit): | 5.375072999048652 |
Encrypted: | false |
SSDEEP: | 6144:uMyflm+vyJfbnQkK96B88yKv4bWTmTvEiLS:uMyNm+6dF4/ |
MD5: | 22BAD91A2BF01BA2E976ABA67C8D651F |
SHA1: | 657E730CB857DEC1FD5F16AAF7E96C6F5B4453FF |
SHA-256: | C7C55A299A53E2D334669648A3220D936953FC0D80EFA70C1D5C93EDD3F858CC |
SHA-512: | B9449BBF74667F4463377E303BC3CC95E4C19F44C141C97EC8B00D77E3AB1A8DF392425BDFE4D04FC8E51BA3F382A3112884BEBBF49601798E6349E37AC9B1F0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 76 |
Entropy (8bit): | 4.35518664038055 |
Encrypted: | false |
SSDEEP: | 3:fKcbvlZCX4TDxU+KBhcoxv:icDCOtmOk |
MD5: | 6A4201E88F8E03CABA62E7E66F52FB50 |
SHA1: | 41F3538FEC60A89C69BDEEDA22A73A0554164051 |
SHA-256: | C9A1283C2E5BAF3EB9C1D4265B2F1A8E6976D6787C9361CD5208D729F48721A2 |
SHA-512: | 5D0DF2E9608B6D74C2884818491731C228FBCAD9F66E4D891003689B20F9626EE82ED89F852D1500AACBB4BC4726D23BB7594018F1258B1E9AD7A57839CAA459 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 146975 |
Entropy (8bit): | 5.0408939474454115 |
Encrypted: | false |
SSDEEP: | 1536:ewFXiP7Pqbm+lu4n0XKMibnchsnkZyKywfMi:4qi34RVk+Ji |
MD5: | C9D039B7671F061793BDAF85D0271AC6 |
SHA1: | 5767BF7CE1A62CD34EE71D5883ED43CC17E260A2 |
SHA-256: | 90ACE388B1158CAB1D671DB9B89C1B1733B43C4854D714CA986A2B04836577C3 |
SHA-512: | 74B2FE59D3479E68F542DD086C2C88124A66EE5242CF4D533E4735D46CDA011729AAC845FBB941E3EE2510A09DF3B229848550ADC7DD745CA969CFA4ED2AA31E |
Malicious: | false |
Reputation: | low |
URL: | https://www.webex.com/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 2655 |
Entropy (8bit): | 5.10797461247447 |
Encrypted: | false |
SSDEEP: | 48:ZmJVZLqxUVJVsY8/aCDydD7r32eDJKwbt:ZmJzqxUVJVsuCGZBDJK4 |
MD5: | 8E4B71595FA4D7C65553E10D442EA71B |
SHA1: | 718FE814D057F1865057AB0AE388C6BC872D3EE2 |
SHA-256: | 95F62D71BE39C3B6E94277776B959C0D91CD7DD2BF909AC005FF3A330F663D1D |
SHA-512: | ABBF37CF8DC7853E15D382ADD30B2A7A81C3EDDE0752F3D7C3DF35570C072F77AB04FB6542F74052EFCB92FB3D522FBF71828AE6348B3B192DC3D22A2447F748 |
Malicious: | false |
Reputation: | low |
URL: | https://www.webex.com/content/dam/wbx/us/images/rebrand/msteams/style.css |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 14705 |
Entropy (8bit): | 5.3329346124534025 |
Encrypted: | false |
SSDEEP: | 192:/tDeveRDbwLo6o4ahOiO6YFPk6wySq0tYkepaBKdViiDu8t3f59aiF1pmr76iuE1:A2db0o6ogt/Uq0tXOVi1yx9B6x/+E |
MD5: | E33B93801E49F8AE26F0F6AF96CBA0A0 |
SHA1: | 58F52BB06D7214A41DAB525464A0D25E3C36EC9A |
SHA-256: | C88DDF25ECE0ED89F1F8E025709FFAC2AE89627A9D2B015E53C776890DBE495C |
SHA-512: | FFB6D095503E29A65CC6C5FDA7FDB2AD7B161398FAA82E1B9A800231F745614B9C4ECF2B84F37D2155BA033170B7DCBF0C5543B21D6ED075EB754EB4F1A34D9B |
Malicious: | false |
Reputation: | low |
URL: | https://www.webex.com/msteams?confid=1124166264&tenantkey=rsm&domain=m.webex.com |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 18308 |
Entropy (8bit): | 5.278458037908755 |
Encrypted: | false |
SSDEEP: | 384:d4haOF+WJbybv8dlM9xxiryfeiwU28bYRqUKOihkYmm0eYf:+FPIv8HM9mYeiw4bYRqUieTeYf |
MD5: | 5D20846A79BA77B44ADB3E8EE9E68EE0 |
SHA1: | 9F40034D3D662303E0E712C43EBA8376858BF94A |
SHA-256: | 29DBD11DB52419F340862BCA1B4ED04D56143CCCDAE26A5830F0140673B4E19A |
SHA-512: | 4BF3CBC9A8DAB550CC4685FA6112E467CDDB3E2CD62E8D4CB2963F66004D12E8F0DFDA1C7255BC471B812A7FCD04382B3170ECCF4AF7CF8BE3DB8ADE5B83EF99 |
Malicious: | false |
Reputation: | low |
URL: | https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.3.1/purify.min.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 12708 |
Entropy (8bit): | 5.3861274248149105 |
Encrypted: | false |
SSDEEP: | 192:M8zhkFTSl0HYLepaB/dV1iLunt3MY2RHBvnfe9aigrrmpi6MVG976iqELEDtgP:LKQl0HMnV1ddX029sURlAqP |
MD5: | 4B5AC983CD2A6906915E170D9A0BAC44 |
SHA1: | 2B861ABCDEE7C2B73CADF7A4B6BD18BCC7D273D9 |
SHA-256: | 4FFE717F100F64B62F97A7130CF3B8698F357310E0968F38569905710AADCEAE |
SHA-512: | B18B462BB1ADB0E5696D80B59FE290AD729CAC69299FE4D2AEF025D8D59568D824FBF861DD4806251095D9D47110668D71E10DED40DA0EB57E44D8B7407F419C |
Malicious: | false |
Reputation: | low |
URL: | https://www.webex.com/content/dam/wbx/us/images/rebrand/msteams/animated.js |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 64 |
Entropy (8bit): | 3.6709585933443503 |
Encrypted: | false |
SSDEEP: | 3:RlU9I2Y1AnDe/mFRR:R7GC6RR |
MD5: | 6B66AEF352A4B921E83BF6D2A3C1F9E2 |
SHA1: | 7B46BF6B764AC890424F0AC1DE427F7391E2B340 |
SHA-256: | 9699FF4BA0528FC171EE6FB7DEBF136EA053ACC44C090C7309A25FEA1276B1EA |
SHA-512: | 0926383D5BE7927ED86CFF734A472EC59C74EABCA9024C5AE203A3FE05B16499833E94CFA1D1AA13E651A4914CB62E4354F83334EE7D6CECD82BB99B17906819 |
Malicious: | false |
Reputation: | low |
Preview: |
Download Network PCAP: filtered – full
- Total Packets: 155
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 20, 2023 14:55:12.400618076 CEST | 49674 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 20, 2023 14:55:12.401494980 CEST | 49673 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 20, 2023 14:55:12.745259047 CEST | 49672 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 20, 2023 14:55:17.829870939 CEST | 443 | 49703 | 173.222.162.64 | 192.168.2.6 |
Oct 20, 2023 14:55:17.830130100 CEST | 49703 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 20, 2023 14:55:18.768498898 CEST | 49710 | 443 | 192.168.2.6 | 172.253.62.84 |
Oct 20, 2023 14:55:18.768524885 CEST | 443 | 49710 | 172.253.62.84 | 192.168.2.6 |
Oct 20, 2023 14:55:18.768595934 CEST | 49710 | 443 | 192.168.2.6 | 172.253.62.84 |
Oct 20, 2023 14:55:18.769129038 CEST | 49711 | 443 | 192.168.2.6 | 172.253.115.113 |
Oct 20, 2023 14:55:18.769165039 CEST | 443 | 49711 | 172.253.115.113 | 192.168.2.6 |
Oct 20, 2023 14:55:18.769213915 CEST | 49711 | 443 | 192.168.2.6 | 172.253.115.113 |
Oct 20, 2023 14:55:18.769510031 CEST | 49710 | 443 | 192.168.2.6 | 172.253.62.84 |
Oct 20, 2023 14:55:18.769532919 CEST | 443 | 49710 | 172.253.62.84 | 192.168.2.6 |
Oct 20, 2023 14:55:18.769895077 CEST | 49711 | 443 | 192.168.2.6 | 172.253.115.113 |
Oct 20, 2023 14:55:18.769905090 CEST | 443 | 49711 | 172.253.115.113 | 192.168.2.6 |
Oct 20, 2023 14:55:19.012310982 CEST | 443 | 49710 | 172.253.62.84 | 192.168.2.6 |
Oct 20, 2023 14:55:19.012608051 CEST | 49710 | 443 | 192.168.2.6 | 172.253.62.84 |
Oct 20, 2023 14:55:19.012619019 CEST | 443 | 49710 | 172.253.62.84 | 192.168.2.6 |
Oct 20, 2023 14:55:19.014597893 CEST | 443 | 49710 | 172.253.62.84 | 192.168.2.6 |
Oct 20, 2023 14:55:19.014662027 CEST | 49710 | 443 | 192.168.2.6 | 172.253.62.84 |
Oct 20, 2023 14:55:19.015456915 CEST | 49710 | 443 | 192.168.2.6 | 172.253.62.84 |
Oct 20, 2023 14:55:19.015547991 CEST | 443 | 49710 | 172.253.62.84 | 192.168.2.6 |
Oct 20, 2023 14:55:19.015626907 CEST | 49710 | 443 | 192.168.2.6 | 172.253.62.84 |
Oct 20, 2023 14:55:19.015631914 CEST | 443 | 49710 | 172.253.62.84 | 192.168.2.6 |
Oct 20, 2023 14:55:19.018744946 CEST | 443 | 49711 | 172.253.115.113 | 192.168.2.6 |
Oct 20, 2023 14:55:19.018920898 CEST | 49711 | 443 | 192.168.2.6 | 172.253.115.113 |
Oct 20, 2023 14:55:19.018944979 CEST | 443 | 49711 | 172.253.115.113 | 192.168.2.6 |
Oct 20, 2023 14:55:19.019448042 CEST | 443 | 49711 | 172.253.115.113 | 192.168.2.6 |
Oct 20, 2023 14:55:19.019515038 CEST | 49711 | 443 | 192.168.2.6 | 172.253.115.113 |
Oct 20, 2023 14:55:19.020051003 CEST | 443 | 49711 | 172.253.115.113 | 192.168.2.6 |
Oct 20, 2023 14:55:19.020107985 CEST | 49711 | 443 | 192.168.2.6 | 172.253.115.113 |
Oct 20, 2023 14:55:19.020792007 CEST | 49711 | 443 | 192.168.2.6 | 172.253.115.113 |
Oct 20, 2023 14:55:19.020848036 CEST | 443 | 49711 | 172.253.115.113 | 192.168.2.6 |
Oct 20, 2023 14:55:19.021043062 CEST | 49711 | 443 | 192.168.2.6 | 172.253.115.113 |
Oct 20, 2023 14:55:19.021050930 CEST | 443 | 49711 | 172.253.115.113 | 192.168.2.6 |
Oct 20, 2023 14:55:19.087524891 CEST | 49711 | 443 | 192.168.2.6 | 172.253.115.113 |
Oct 20, 2023 14:55:19.134424925 CEST | 49710 | 443 | 192.168.2.6 | 172.253.62.84 |
Oct 20, 2023 14:55:19.241556883 CEST | 443 | 49711 | 172.253.115.113 | 192.168.2.6 |
Oct 20, 2023 14:55:19.241945028 CEST | 443 | 49711 | 172.253.115.113 | 192.168.2.6 |
Oct 20, 2023 14:55:19.242042065 CEST | 49711 | 443 | 192.168.2.6 | 172.253.115.113 |
Oct 20, 2023 14:55:19.242213964 CEST | 49711 | 443 | 192.168.2.6 | 172.253.115.113 |
Oct 20, 2023 14:55:19.242228985 CEST | 443 | 49711 | 172.253.115.113 | 192.168.2.6 |
Oct 20, 2023 14:55:19.306307077 CEST | 443 | 49710 | 172.253.62.84 | 192.168.2.6 |
Oct 20, 2023 14:55:19.306617975 CEST | 443 | 49710 | 172.253.62.84 | 192.168.2.6 |
Oct 20, 2023 14:55:19.306673050 CEST | 49710 | 443 | 192.168.2.6 | 172.253.62.84 |
Oct 20, 2023 14:55:19.307213068 CEST | 49710 | 443 | 192.168.2.6 | 172.253.62.84 |
Oct 20, 2023 14:55:19.307223082 CEST | 443 | 49710 | 172.253.62.84 | 192.168.2.6 |
Oct 20, 2023 14:55:20.545387983 CEST | 49717 | 443 | 192.168.2.6 | 104.17.25.14 |
Oct 20, 2023 14:55:20.545428991 CEST | 443 | 49717 | 104.17.25.14 | 192.168.2.6 |
Oct 20, 2023 14:55:20.545516014 CEST | 49717 | 443 | 192.168.2.6 | 104.17.25.14 |
Oct 20, 2023 14:55:20.545886993 CEST | 49717 | 443 | 192.168.2.6 | 104.17.25.14 |
Oct 20, 2023 14:55:20.545902967 CEST | 443 | 49717 | 104.17.25.14 | 192.168.2.6 |
Oct 20, 2023 14:55:20.750601053 CEST | 443 | 49717 | 104.17.25.14 | 192.168.2.6 |
Oct 20, 2023 14:55:20.750817060 CEST | 49717 | 443 | 192.168.2.6 | 104.17.25.14 |
Oct 20, 2023 14:55:20.750843048 CEST | 443 | 49717 | 104.17.25.14 | 192.168.2.6 |
Oct 20, 2023 14:55:20.751874924 CEST | 443 | 49717 | 104.17.25.14 | 192.168.2.6 |
Oct 20, 2023 14:55:20.751945972 CEST | 49717 | 443 | 192.168.2.6 | 104.17.25.14 |
Oct 20, 2023 14:55:20.752846956 CEST | 49717 | 443 | 192.168.2.6 | 104.17.25.14 |
Oct 20, 2023 14:55:20.752904892 CEST | 443 | 49717 | 104.17.25.14 | 192.168.2.6 |
Oct 20, 2023 14:55:20.753036022 CEST | 49717 | 443 | 192.168.2.6 | 104.17.25.14 |
Oct 20, 2023 14:55:20.753043890 CEST | 443 | 49717 | 104.17.25.14 | 192.168.2.6 |
Oct 20, 2023 14:55:20.800107002 CEST | 49717 | 443 | 192.168.2.6 | 104.17.25.14 |
Oct 20, 2023 14:55:21.073760033 CEST | 49720 | 443 | 192.168.2.6 | 142.251.111.104 |
Oct 20, 2023 14:55:21.073791027 CEST | 443 | 49720 | 142.251.111.104 | 192.168.2.6 |
Oct 20, 2023 14:55:21.073847055 CEST | 49720 | 443 | 192.168.2.6 | 142.251.111.104 |
Oct 20, 2023 14:55:21.074209929 CEST | 49720 | 443 | 192.168.2.6 | 142.251.111.104 |
Oct 20, 2023 14:55:21.074223042 CEST | 443 | 49720 | 142.251.111.104 | 192.168.2.6 |
Oct 20, 2023 14:55:21.086219072 CEST | 443 | 49717 | 104.17.25.14 | 192.168.2.6 |
Oct 20, 2023 14:55:21.086363077 CEST | 443 | 49717 | 104.17.25.14 | 192.168.2.6 |
Oct 20, 2023 14:55:21.086415052 CEST | 49717 | 443 | 192.168.2.6 | 104.17.25.14 |
Oct 20, 2023 14:55:21.086429119 CEST | 443 | 49717 | 104.17.25.14 | 192.168.2.6 |
Oct 20, 2023 14:55:21.086554050 CEST | 443 | 49717 | 104.17.25.14 | 192.168.2.6 |
Oct 20, 2023 14:55:21.086606979 CEST | 49717 | 443 | 192.168.2.6 | 104.17.25.14 |
Oct 20, 2023 14:55:21.086613894 CEST | 443 | 49717 | 104.17.25.14 | 192.168.2.6 |
Oct 20, 2023 14:55:21.086711884 CEST | 443 | 49717 | 104.17.25.14 | 192.168.2.6 |
Oct 20, 2023 14:55:21.086760998 CEST | 49717 | 443 | 192.168.2.6 | 104.17.25.14 |
Oct 20, 2023 14:55:21.086767912 CEST | 443 | 49717 | 104.17.25.14 | 192.168.2.6 |
Oct 20, 2023 14:55:21.086878061 CEST | 443 | 49717 | 104.17.25.14 | 192.168.2.6 |
Oct 20, 2023 14:55:21.086925983 CEST | 49717 | 443 | 192.168.2.6 | 104.17.25.14 |
Oct 20, 2023 14:55:21.086931944 CEST | 443 | 49717 | 104.17.25.14 | 192.168.2.6 |
Oct 20, 2023 14:55:21.087028980 CEST | 443 | 49717 | 104.17.25.14 | 192.168.2.6 |
Oct 20, 2023 14:55:21.087074995 CEST | 49717 | 443 | 192.168.2.6 | 104.17.25.14 |
Oct 20, 2023 14:55:21.087080002 CEST | 443 | 49717 | 104.17.25.14 | 192.168.2.6 |
Oct 20, 2023 14:55:21.087177038 CEST | 443 | 49717 | 104.17.25.14 | 192.168.2.6 |
Oct 20, 2023 14:55:21.087230921 CEST | 49717 | 443 | 192.168.2.6 | 104.17.25.14 |
Oct 20, 2023 14:55:21.087236881 CEST | 443 | 49717 | 104.17.25.14 | 192.168.2.6 |
Oct 20, 2023 14:55:21.087322950 CEST | 443 | 49717 | 104.17.25.14 | 192.168.2.6 |
Oct 20, 2023 14:55:21.087368011 CEST | 49717 | 443 | 192.168.2.6 | 104.17.25.14 |
Oct 20, 2023 14:55:21.087373018 CEST | 443 | 49717 | 104.17.25.14 | 192.168.2.6 |
Oct 20, 2023 14:55:21.087608099 CEST | 443 | 49717 | 104.17.25.14 | 192.168.2.6 |
Oct 20, 2023 14:55:21.087656975 CEST | 49717 | 443 | 192.168.2.6 | 104.17.25.14 |
Oct 20, 2023 14:55:21.088344097 CEST | 49717 | 443 | 192.168.2.6 | 104.17.25.14 |
Oct 20, 2023 14:55:21.088359118 CEST | 443 | 49717 | 104.17.25.14 | 192.168.2.6 |
Oct 20, 2023 14:55:21.336993933 CEST | 443 | 49720 | 142.251.111.104 | 192.168.2.6 |
Oct 20, 2023 14:55:21.337233067 CEST | 49720 | 443 | 192.168.2.6 | 142.251.111.104 |
Oct 20, 2023 14:55:21.337260962 CEST | 443 | 49720 | 142.251.111.104 | 192.168.2.6 |
Oct 20, 2023 14:55:21.338115931 CEST | 443 | 49720 | 142.251.111.104 | 192.168.2.6 |
Oct 20, 2023 14:55:21.338179111 CEST | 49720 | 443 | 192.168.2.6 | 142.251.111.104 |
Oct 20, 2023 14:55:21.344101906 CEST | 49720 | 443 | 192.168.2.6 | 142.251.111.104 |
Oct 20, 2023 14:55:21.344150066 CEST | 443 | 49720 | 142.251.111.104 | 192.168.2.6 |
Oct 20, 2023 14:55:21.384779930 CEST | 49720 | 443 | 192.168.2.6 | 142.251.111.104 |
Oct 20, 2023 14:55:21.384789944 CEST | 443 | 49720 | 142.251.111.104 | 192.168.2.6 |
Oct 20, 2023 14:55:21.432781935 CEST | 49720 | 443 | 192.168.2.6 | 142.251.111.104 |
Oct 20, 2023 14:55:22.008737087 CEST | 49674 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 20, 2023 14:55:22.008738041 CEST | 49673 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 20, 2023 14:55:22.353354931 CEST | 49672 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 20, 2023 14:55:23.196721077 CEST | 49726 | 443 | 192.168.2.6 | 104.118.8.139 |
Oct 20, 2023 14:55:23.196758986 CEST | 443 | 49726 | 104.118.8.139 | 192.168.2.6 |
Oct 20, 2023 14:55:23.196830988 CEST | 49726 | 443 | 192.168.2.6 | 104.118.8.139 |
Oct 20, 2023 14:55:23.202208996 CEST | 49726 | 443 | 192.168.2.6 | 104.118.8.139 |
Oct 20, 2023 14:55:23.202234030 CEST | 443 | 49726 | 104.118.8.139 | 192.168.2.6 |
Oct 20, 2023 14:55:23.422183037 CEST | 443 | 49726 | 104.118.8.139 | 192.168.2.6 |
Oct 20, 2023 14:55:23.422265053 CEST | 49726 | 443 | 192.168.2.6 | 104.118.8.139 |
Oct 20, 2023 14:55:23.435934067 CEST | 49726 | 443 | 192.168.2.6 | 104.118.8.139 |
Oct 20, 2023 14:55:23.435950994 CEST | 443 | 49726 | 104.118.8.139 | 192.168.2.6 |
Oct 20, 2023 14:55:23.436865091 CEST | 443 | 49726 | 104.118.8.139 | 192.168.2.6 |
Oct 20, 2023 14:55:23.478282928 CEST | 49726 | 443 | 192.168.2.6 | 104.118.8.139 |
Oct 20, 2023 14:55:23.553888083 CEST | 49726 | 443 | 192.168.2.6 | 104.118.8.139 |
Oct 20, 2023 14:55:23.594484091 CEST | 443 | 49726 | 104.118.8.139 | 192.168.2.6 |
Oct 20, 2023 14:55:23.654681921 CEST | 443 | 49726 | 104.118.8.139 | 192.168.2.6 |
Oct 20, 2023 14:55:23.654882908 CEST | 443 | 49726 | 104.118.8.139 | 192.168.2.6 |
Oct 20, 2023 14:55:23.654980898 CEST | 49726 | 443 | 192.168.2.6 | 104.118.8.139 |
Oct 20, 2023 14:55:23.655021906 CEST | 443 | 49726 | 104.118.8.139 | 192.168.2.6 |
Oct 20, 2023 14:55:23.655088902 CEST | 49726 | 443 | 192.168.2.6 | 104.118.8.139 |
Oct 20, 2023 14:55:23.655088902 CEST | 49726 | 443 | 192.168.2.6 | 104.118.8.139 |
Oct 20, 2023 14:55:23.655101061 CEST | 443 | 49726 | 104.118.8.139 | 192.168.2.6 |
Oct 20, 2023 14:55:23.655112028 CEST | 443 | 49726 | 104.118.8.139 | 192.168.2.6 |
Oct 20, 2023 14:55:23.703767061 CEST | 49727 | 443 | 192.168.2.6 | 104.118.8.139 |
Oct 20, 2023 14:55:23.703800917 CEST | 443 | 49727 | 104.118.8.139 | 192.168.2.6 |
Oct 20, 2023 14:55:23.703869104 CEST | 49727 | 443 | 192.168.2.6 | 104.118.8.139 |
Oct 20, 2023 14:55:23.704369068 CEST | 49727 | 443 | 192.168.2.6 | 104.118.8.139 |
Oct 20, 2023 14:55:23.704382896 CEST | 443 | 49727 | 104.118.8.139 | 192.168.2.6 |
Oct 20, 2023 14:55:23.922368050 CEST | 443 | 49727 | 104.118.8.139 | 192.168.2.6 |
Oct 20, 2023 14:55:23.922568083 CEST | 49727 | 443 | 192.168.2.6 | 104.118.8.139 |
Oct 20, 2023 14:55:23.925009012 CEST | 49727 | 443 | 192.168.2.6 | 104.118.8.139 |
Oct 20, 2023 14:55:23.925014973 CEST | 443 | 49727 | 104.118.8.139 | 192.168.2.6 |
Oct 20, 2023 14:55:23.925328016 CEST | 443 | 49727 | 104.118.8.139 | 192.168.2.6 |
Oct 20, 2023 14:55:23.927584887 CEST | 49727 | 443 | 192.168.2.6 | 104.118.8.139 |
Oct 20, 2023 14:55:23.974436998 CEST | 443 | 49727 | 104.118.8.139 | 192.168.2.6 |
Oct 20, 2023 14:55:24.118546963 CEST | 443 | 49727 | 104.118.8.139 | 192.168.2.6 |
Oct 20, 2023 14:55:24.118781090 CEST | 443 | 49727 | 104.118.8.139 | 192.168.2.6 |
Oct 20, 2023 14:55:24.118935108 CEST | 49727 | 443 | 192.168.2.6 | 104.118.8.139 |
Oct 20, 2023 14:55:24.119937897 CEST | 49727 | 443 | 192.168.2.6 | 104.118.8.139 |
Oct 20, 2023 14:55:24.119951963 CEST | 443 | 49727 | 104.118.8.139 | 192.168.2.6 |
Oct 20, 2023 14:55:24.119961977 CEST | 49727 | 443 | 192.168.2.6 | 104.118.8.139 |
Oct 20, 2023 14:55:24.119966984 CEST | 443 | 49727 | 104.118.8.139 | 192.168.2.6 |
Oct 20, 2023 14:55:31.357116938 CEST | 443 | 49720 | 142.251.111.104 | 192.168.2.6 |
Oct 20, 2023 14:55:31.357199907 CEST | 443 | 49720 | 142.251.111.104 | 192.168.2.6 |
Oct 20, 2023 14:55:31.357347012 CEST | 49720 | 443 | 192.168.2.6 | 142.251.111.104 |
Oct 20, 2023 14:55:32.609463930 CEST | 49728 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:55:32.609496117 CEST | 443 | 49728 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:55:32.609566927 CEST | 49728 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:55:32.611488104 CEST | 49728 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:55:32.611501932 CEST | 443 | 49728 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:55:32.809027910 CEST | 49720 | 443 | 192.168.2.6 | 142.251.111.104 |
Oct 20, 2023 14:55:32.809053898 CEST | 443 | 49720 | 142.251.111.104 | 192.168.2.6 |
Oct 20, 2023 14:55:33.106477976 CEST | 49703 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 20, 2023 14:55:33.152112007 CEST | 443 | 49728 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:55:33.152215958 CEST | 49728 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:55:33.154839039 CEST | 49728 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:55:33.154850006 CEST | 443 | 49728 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:55:33.155252934 CEST | 443 | 49728 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:55:33.211926937 CEST | 49728 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:55:33.260420084 CEST | 443 | 49703 | 173.222.162.64 | 192.168.2.6 |
Oct 20, 2023 14:55:33.260996103 CEST | 443 | 49703 | 173.222.162.64 | 192.168.2.6 |
Oct 20, 2023 14:55:33.261012077 CEST | 443 | 49703 | 173.222.162.64 | 192.168.2.6 |
Oct 20, 2023 14:55:33.261024952 CEST | 443 | 49703 | 173.222.162.64 | 192.168.2.6 |
Oct 20, 2023 14:55:33.261039019 CEST | 443 | 49703 | 173.222.162.64 | 192.168.2.6 |
Oct 20, 2023 14:55:33.261082888 CEST | 49703 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 20, 2023 14:55:33.261171103 CEST | 49703 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 20, 2023 14:55:33.362929106 CEST | 49728 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:55:33.406455994 CEST | 443 | 49728 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:55:33.695278883 CEST | 49703 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 20, 2023 14:55:33.701661110 CEST | 443 | 49728 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:55:33.701729059 CEST | 443 | 49728 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:55:33.701750040 CEST | 443 | 49728 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:55:33.701773882 CEST | 443 | 49728 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:55:33.701786995 CEST | 49728 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:55:33.701806068 CEST | 443 | 49728 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:55:33.701822996 CEST | 443 | 49728 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:55:33.701829910 CEST | 49728 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:55:33.701857090 CEST | 443 | 49728 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:55:33.701879978 CEST | 49728 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:55:33.701888084 CEST | 443 | 49728 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:55:33.701905012 CEST | 49728 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:55:33.702007055 CEST | 443 | 49728 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:55:33.702074051 CEST | 49728 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:55:33.702080965 CEST | 443 | 49728 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:55:33.702200890 CEST | 443 | 49728 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:55:33.702250004 CEST | 49728 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:55:33.851108074 CEST | 443 | 49703 | 173.222.162.64 | 192.168.2.6 |
Oct 20, 2023 14:55:33.852515936 CEST | 443 | 49703 | 173.222.162.64 | 192.168.2.6 |
Oct 20, 2023 14:55:33.852720022 CEST | 49703 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 20, 2023 14:55:33.854147911 CEST | 49703 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 20, 2023 14:55:33.854235888 CEST | 49703 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 20, 2023 14:55:33.854494095 CEST | 49703 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 20, 2023 14:55:33.854640007 CEST | 49703 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 20, 2023 14:55:34.008450031 CEST | 443 | 49703 | 173.222.162.64 | 192.168.2.6 |
Oct 20, 2023 14:55:34.008469105 CEST | 443 | 49703 | 173.222.162.64 | 192.168.2.6 |
Oct 20, 2023 14:55:34.008480072 CEST | 443 | 49703 | 173.222.162.64 | 192.168.2.6 |
Oct 20, 2023 14:55:34.008491039 CEST | 443 | 49703 | 173.222.162.64 | 192.168.2.6 |
Oct 20, 2023 14:55:34.008550882 CEST | 443 | 49703 | 173.222.162.64 | 192.168.2.6 |
Oct 20, 2023 14:55:34.010117054 CEST | 443 | 49703 | 173.222.162.64 | 192.168.2.6 |
Oct 20, 2023 14:55:34.010154963 CEST | 443 | 49703 | 173.222.162.64 | 192.168.2.6 |
Oct 20, 2023 14:55:34.010195017 CEST | 49703 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 20, 2023 14:55:34.010220051 CEST | 49703 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 20, 2023 14:55:34.037630081 CEST | 49728 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:55:34.037667990 CEST | 443 | 49728 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:55:34.037681103 CEST | 49728 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:55:34.037688971 CEST | 443 | 49728 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:55:34.056759119 CEST | 443 | 49703 | 173.222.162.64 | 192.168.2.6 |
Oct 20, 2023 14:55:34.056772947 CEST | 443 | 49703 | 173.222.162.64 | 192.168.2.6 |
Oct 20, 2023 14:55:34.056813002 CEST | 49703 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 20, 2023 14:55:34.056828022 CEST | 49703 | 443 | 192.168.2.6 | 173.222.162.64 |
Oct 20, 2023 14:55:54.007930040 CEST | 49733 | 443 | 192.168.2.6 | 40.126.62.132 |
Oct 20, 2023 14:55:54.007972956 CEST | 443 | 49733 | 40.126.62.132 | 192.168.2.6 |
Oct 20, 2023 14:55:54.008209944 CEST | 49733 | 443 | 192.168.2.6 | 40.126.62.132 |
Oct 20, 2023 14:55:54.008482933 CEST | 49733 | 443 | 192.168.2.6 | 40.126.62.132 |
Oct 20, 2023 14:55:54.008506060 CEST | 443 | 49733 | 40.126.62.132 | 192.168.2.6 |
Oct 20, 2023 14:55:54.510243893 CEST | 443 | 49733 | 40.126.62.132 | 192.168.2.6 |
Oct 20, 2023 14:55:54.510360003 CEST | 49733 | 443 | 192.168.2.6 | 40.126.62.132 |
Oct 20, 2023 14:55:54.536376953 CEST | 49733 | 443 | 192.168.2.6 | 40.126.62.132 |
Oct 20, 2023 14:55:54.536406994 CEST | 443 | 49733 | 40.126.62.132 | 192.168.2.6 |
Oct 20, 2023 14:55:54.537355900 CEST | 443 | 49733 | 40.126.62.132 | 192.168.2.6 |
Oct 20, 2023 14:55:54.537851095 CEST | 49733 | 443 | 192.168.2.6 | 40.126.62.132 |
Oct 20, 2023 14:55:54.537930965 CEST | 49733 | 443 | 192.168.2.6 | 40.126.62.132 |
Oct 20, 2023 14:55:54.538017035 CEST | 443 | 49733 | 40.126.62.132 | 192.168.2.6 |
Oct 20, 2023 14:55:54.935686111 CEST | 443 | 49733 | 40.126.62.132 | 192.168.2.6 |
Oct 20, 2023 14:55:54.935748100 CEST | 443 | 49733 | 40.126.62.132 | 192.168.2.6 |
Oct 20, 2023 14:55:54.935791016 CEST | 443 | 49733 | 40.126.62.132 | 192.168.2.6 |
Oct 20, 2023 14:55:54.935925007 CEST | 49733 | 443 | 192.168.2.6 | 40.126.62.132 |
Oct 20, 2023 14:55:54.935925007 CEST | 49733 | 443 | 192.168.2.6 | 40.126.62.132 |
Oct 20, 2023 14:55:54.935956955 CEST | 443 | 49733 | 40.126.62.132 | 192.168.2.6 |
Oct 20, 2023 14:55:54.935981989 CEST | 443 | 49733 | 40.126.62.132 | 192.168.2.6 |
Oct 20, 2023 14:55:54.936053038 CEST | 49733 | 443 | 192.168.2.6 | 40.126.62.132 |
Oct 20, 2023 14:55:54.936223030 CEST | 49733 | 443 | 192.168.2.6 | 40.126.62.132 |
Oct 20, 2023 14:55:54.936242104 CEST | 443 | 49733 | 40.126.62.132 | 192.168.2.6 |
Oct 20, 2023 14:55:54.936254978 CEST | 49733 | 443 | 192.168.2.6 | 40.126.62.132 |
Oct 20, 2023 14:55:54.936261892 CEST | 443 | 49733 | 40.126.62.132 | 192.168.2.6 |
Oct 20, 2023 14:56:02.749350071 CEST | 49698 | 80 | 192.168.2.6 | 104.66.243.145 |
Oct 20, 2023 14:56:02.749490976 CEST | 49699 | 443 | 192.168.2.6 | 104.105.82.206 |
Oct 20, 2023 14:56:02.847969055 CEST | 443 | 49699 | 104.105.82.206 | 192.168.2.6 |
Oct 20, 2023 14:56:02.847987890 CEST | 443 | 49699 | 104.105.82.206 | 192.168.2.6 |
Oct 20, 2023 14:56:02.848064899 CEST | 49699 | 443 | 192.168.2.6 | 104.105.82.206 |
Oct 20, 2023 14:56:02.848107100 CEST | 49699 | 443 | 192.168.2.6 | 104.105.82.206 |
Oct 20, 2023 14:56:02.848355055 CEST | 80 | 49698 | 104.66.243.145 | 192.168.2.6 |
Oct 20, 2023 14:56:02.848505974 CEST | 49698 | 80 | 192.168.2.6 | 104.66.243.145 |
Oct 20, 2023 14:56:05.072968960 CEST | 49706 | 80 | 192.168.2.6 | 8.253.45.239 |
Oct 20, 2023 14:56:05.169464111 CEST | 80 | 49706 | 8.253.45.239 | 192.168.2.6 |
Oct 20, 2023 14:56:05.169548035 CEST | 49706 | 80 | 192.168.2.6 | 8.253.45.239 |
Oct 20, 2023 14:56:05.418447018 CEST | 49705 | 443 | 192.168.2.6 | 204.79.197.200 |
Oct 20, 2023 14:56:05.418703079 CEST | 49707 | 80 | 192.168.2.6 | 8.253.45.239 |
Oct 20, 2023 14:56:10.523760080 CEST | 49737 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:56:10.523844004 CEST | 443 | 49737 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:56:10.524049044 CEST | 49737 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:56:10.524368048 CEST | 49737 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:56:10.524409056 CEST | 443 | 49737 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:56:11.050579071 CEST | 443 | 49737 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:56:11.050684929 CEST | 49737 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:56:11.053139925 CEST | 49737 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:56:11.053167105 CEST | 443 | 49737 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:56:11.053669930 CEST | 443 | 49737 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:56:11.065381050 CEST | 49737 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:56:11.110454082 CEST | 443 | 49737 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:56:11.548125982 CEST | 443 | 49737 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:56:11.548161983 CEST | 443 | 49737 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:56:11.548192978 CEST | 443 | 49737 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:56:11.548242092 CEST | 49737 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:56:11.548273087 CEST | 443 | 49737 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:56:11.548291922 CEST | 49737 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:56:11.548296928 CEST | 443 | 49737 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:56:11.548357964 CEST | 443 | 49737 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:56:11.548367977 CEST | 49737 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:56:11.548372030 CEST | 443 | 49737 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:56:11.548384905 CEST | 49737 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:56:11.548404932 CEST | 443 | 49737 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:56:11.548424006 CEST | 49737 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:56:11.548455954 CEST | 49737 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:56:11.560787916 CEST | 49737 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:56:11.560817957 CEST | 443 | 49737 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:56:11.560872078 CEST | 49737 | 443 | 192.168.2.6 | 40.127.169.103 |
Oct 20, 2023 14:56:11.560880899 CEST | 443 | 49737 | 40.127.169.103 | 192.168.2.6 |
Oct 20, 2023 14:56:21.042958021 CEST | 49739 | 443 | 192.168.2.6 | 142.251.111.104 |
Oct 20, 2023 14:56:21.043005943 CEST | 443 | 49739 | 142.251.111.104 | 192.168.2.6 |
Oct 20, 2023 14:56:21.043109894 CEST | 49739 | 443 | 192.168.2.6 | 142.251.111.104 |
Oct 20, 2023 14:56:21.043390036 CEST | 49739 | 443 | 192.168.2.6 | 142.251.111.104 |
Oct 20, 2023 14:56:21.043401003 CEST | 443 | 49739 | 142.251.111.104 | 192.168.2.6 |
Oct 20, 2023 14:56:21.313967943 CEST | 443 | 49739 | 142.251.111.104 | 192.168.2.6 |
Oct 20, 2023 14:56:21.314347982 CEST | 49739 | 443 | 192.168.2.6 | 142.251.111.104 |
Oct 20, 2023 14:56:21.314376116 CEST | 443 | 49739 | 142.251.111.104 | 192.168.2.6 |
Oct 20, 2023 14:56:21.314707994 CEST | 443 | 49739 | 142.251.111.104 | 192.168.2.6 |
Oct 20, 2023 14:56:21.315118074 CEST | 49739 | 443 | 192.168.2.6 | 142.251.111.104 |
Oct 20, 2023 14:56:21.315170050 CEST | 443 | 49739 | 142.251.111.104 | 192.168.2.6 |
Oct 20, 2023 14:56:21.368474007 CEST | 49739 | 443 | 192.168.2.6 | 142.251.111.104 |
Oct 20, 2023 14:56:31.312335968 CEST | 443 | 49739 | 142.251.111.104 | 192.168.2.6 |
Oct 20, 2023 14:56:31.312475920 CEST | 443 | 49739 | 142.251.111.104 | 192.168.2.6 |
Oct 20, 2023 14:56:31.312751055 CEST | 49739 | 443 | 192.168.2.6 | 142.251.111.104 |
Oct 20, 2023 14:56:32.808387995 CEST | 49739 | 443 | 192.168.2.6 | 142.251.111.104 |
Oct 20, 2023 14:56:32.808456898 CEST | 443 | 49739 | 142.251.111.104 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 20, 2023 14:55:18.673719883 CEST | 64241 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 20, 2023 14:55:18.673957109 CEST | 52360 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 20, 2023 14:55:18.674396992 CEST | 55658 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 20, 2023 14:55:18.674622059 CEST | 62158 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 20, 2023 14:55:18.757371902 CEST | 53 | 59613 | 1.1.1.1 | 192.168.2.6 |
Oct 20, 2023 14:55:18.766940117 CEST | 53 | 64241 | 1.1.1.1 | 192.168.2.6 |
Oct 20, 2023 14:55:18.767760992 CEST | 53 | 55658 | 1.1.1.1 | 192.168.2.6 |
Oct 20, 2023 14:55:18.768063068 CEST | 53 | 62158 | 1.1.1.1 | 192.168.2.6 |
Oct 20, 2023 14:55:18.768331051 CEST | 53 | 52360 | 1.1.1.1 | 192.168.2.6 |
Oct 20, 2023 14:55:19.375081062 CEST | 53 | 56869 | 1.1.1.1 | 192.168.2.6 |
Oct 20, 2023 14:55:19.781019926 CEST | 52765 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 20, 2023 14:55:19.781240940 CEST | 59253 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 20, 2023 14:55:20.450594902 CEST | 50482 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 20, 2023 14:55:20.451133013 CEST | 52950 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 20, 2023 14:55:20.544504881 CEST | 53 | 50482 | 1.1.1.1 | 192.168.2.6 |
Oct 20, 2023 14:55:20.544698954 CEST | 53 | 52950 | 1.1.1.1 | 192.168.2.6 |
Oct 20, 2023 14:55:20.978962898 CEST | 60844 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 20, 2023 14:55:20.979123116 CEST | 56344 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 20, 2023 14:55:21.072875023 CEST | 53 | 60844 | 1.1.1.1 | 192.168.2.6 |
Oct 20, 2023 14:55:21.072933912 CEST | 53 | 56344 | 1.1.1.1 | 192.168.2.6 |
Oct 20, 2023 14:55:36.417192936 CEST | 53 | 57881 | 1.1.1.1 | 192.168.2.6 |
Oct 20, 2023 14:55:51.564436913 CEST | 137 | 137 | 192.168.2.6 | 192.168.2.255 |
Oct 20, 2023 14:55:52.308419943 CEST | 137 | 137 | 192.168.2.6 | 192.168.2.255 |
Oct 20, 2023 14:55:53.058433056 CEST | 137 | 137 | 192.168.2.6 | 192.168.2.255 |
Oct 20, 2023 14:55:55.405060053 CEST | 53 | 64936 | 1.1.1.1 | 192.168.2.6 |
Oct 20, 2023 14:56:16.441499949 CEST | 53 | 65060 | 1.1.1.1 | 192.168.2.6 |
Oct 20, 2023 14:56:18.455050945 CEST | 53 | 60990 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 20, 2023 14:55:18.673719883 CEST | 192.168.2.6 | 1.1.1.1 | 0x7da4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2023 14:55:18.673957109 CEST | 192.168.2.6 | 1.1.1.1 | 0x2294 | Standard query (0) | 65 | IN (0x0001) | false | |
Oct 20, 2023 14:55:18.674396992 CEST | 192.168.2.6 | 1.1.1.1 | 0x4f8b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2023 14:55:18.674622059 CEST | 192.168.2.6 | 1.1.1.1 | 0xf7e0 | Standard query (0) | 65 | IN (0x0001) | false | |
Oct 20, 2023 14:55:19.781019926 CEST | 192.168.2.6 | 1.1.1.1 | 0xa03f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2023 14:55:19.781240940 CEST | 192.168.2.6 | 1.1.1.1 | 0x8c36 | Standard query (0) | 65 | IN (0x0001) | false | |
Oct 20, 2023 14:55:20.450594902 CEST | 192.168.2.6 | 1.1.1.1 | 0x6476 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2023 14:55:20.451133013 CEST | 192.168.2.6 | 1.1.1.1 | 0x808d | Standard query (0) | 65 | IN (0x0001) | false | |
Oct 20, 2023 14:55:20.978962898 CEST | 192.168.2.6 | 1.1.1.1 | 0x8146 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2023 14:55:20.979123116 CEST | 192.168.2.6 | 1.1.1.1 | 0x7dcf | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 20, 2023 14:55:18.766940117 CEST | 1.1.1.1 | 192.168.2.6 | 0x7da4 | No error (0) | clients.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 20, 2023 14:55:18.766940117 CEST | 1.1.1.1 | 192.168.2.6 | 0x7da4 | No error (0) | 172.253.115.113 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2023 14:55:18.766940117 CEST | 1.1.1.1 | 192.168.2.6 | 0x7da4 | No error (0) | 172.253.115.101 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2023 14:55:18.766940117 CEST | 1.1.1.1 | 192.168.2.6 | 0x7da4 | No error (0) | 172.253.115.100 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2023 14:55:18.766940117 CEST | 1.1.1.1 | 192.168.2.6 | 0x7da4 | No error (0) | 172.253.115.138 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2023 14:55:18.766940117 CEST | 1.1.1.1 | 192.168.2.6 | 0x7da4 | No error (0) | 172.253.115.139 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2023 14:55:18.766940117 CEST | 1.1.1.1 | 192.168.2.6 | 0x7da4 | No error (0) | 172.253.115.102 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2023 14:55:18.767760992 CEST | 1.1.1.1 | 192.168.2.6 | 0x4f8b | No error (0) | 172.253.62.84 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2023 14:55:18.768331051 CEST | 1.1.1.1 | 192.168.2.6 | 0x2294 | No error (0) | clients.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 20, 2023 14:55:19.875782013 CEST | 1.1.1.1 | 192.168.2.6 | 0xa03f | No error (0) | all-www.webex.com.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 20, 2023 14:55:19.877090931 CEST | 1.1.1.1 | 192.168.2.6 | 0x8c36 | No error (0) | all-www.webex.com.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 20, 2023 14:55:20.544504881 CEST | 1.1.1.1 | 192.168.2.6 | 0x6476 | No error (0) | 104.17.25.14 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2023 14:55:20.544504881 CEST | 1.1.1.1 | 192.168.2.6 | 0x6476 | No error (0) | 104.17.24.14 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2023 14:55:20.544698954 CEST | 1.1.1.1 | 192.168.2.6 | 0x808d | No error (0) | 65 | IN (0x0001) | false | |||
Oct 20, 2023 14:55:21.072875023 CEST | 1.1.1.1 | 192.168.2.6 | 0x8146 | No error (0) | 142.251.111.104 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2023 14:55:21.072875023 CEST | 1.1.1.1 | 192.168.2.6 | 0x8146 | No error (0) | 142.251.111.99 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2023 14:55:21.072875023 CEST | 1.1.1.1 | 192.168.2.6 | 0x8146 | No error (0) | 142.251.111.103 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2023 14:55:21.072875023 CEST | 1.1.1.1 | 192.168.2.6 | 0x8146 | No error (0) | 142.251.111.106 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2023 14:55:21.072875023 CEST | 1.1.1.1 | 192.168.2.6 | 0x8146 | No error (0) | 142.251.111.147 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2023 14:55:21.072875023 CEST | 1.1.1.1 | 192.168.2.6 | 0x8146 | No error (0) | 142.251.111.105 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2023 14:55:21.072933912 CEST | 1.1.1.1 | 192.168.2.6 | 0x7dcf | No error (0) | 65 | IN (0x0001) | false |
|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Oct 20, 2023 14:55:33.261024952 CEST | 173.222.162.64 | 443 | 192.168.2.6 | 49703 | CN=r.bing.com, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=US | CN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=US CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US | Wed Oct 18 22:32:40 CEST 2023 Wed Aug 12 02:00:00 CEST 2020 | Fri Jun 28 01:59:59 CEST 2024 Fri Jun 28 01:59:59 CEST 2024 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-16-23-65281,29-23-24,0 | 28a2c9bd18a11de089ef85a160da29e4 |
CN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=US | CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US | Wed Aug 12 02:00:00 CEST 2020 | Fri Jun 28 01:59:59 CEST 2024 |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.6 | 49710 | 172.253.62.84 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-10-20 12:55:19 UTC | 0 | OUT | |
2023-10-20 12:55:19 UTC | 0 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.6 | 49711 | 172.253.115.113 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-10-20 12:55:19 UTC | 0 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.6 | 49737 | 40.127.169.103 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-10-20 12:56:11 UTC | 65 | OUT | |
2023-10-20 12:56:11 UTC | 65 | IN | |
2023-10-20 12:56:11 UTC | 66 | IN | |
2023-10-20 12:56:11 UTC | 81 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 172.253.115.113 | 443 | 192.168.2.6 | 49711 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-10-20 12:55:19 UTC | 1 | IN | |
2023-10-20 12:55:19 UTC | 2 | IN | |
2023-10-20 12:55:19 UTC | 2 | IN | |
2023-10-20 12:55:19 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 172.253.62.84 | 443 | 192.168.2.6 | 49710 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-10-20 12:55:19 UTC | 2 | IN | |
2023-10-20 12:55:19 UTC | 4 | IN | |
2023-10-20 12:55:19 UTC | 4 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.6 | 49717 | 104.17.25.14 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-10-20 12:55:20 UTC | 4 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 104.17.25.14 | 443 | 192.168.2.6 | 49717 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-10-20 12:55:21 UTC | 5 | IN | |
2023-10-20 12:55:21 UTC | 5 | IN | |
2023-10-20 12:55:21 UTC | 6 | IN | |
2023-10-20 12:55:21 UTC | 7 | IN | |
2023-10-20 12:55:21 UTC | 9 | IN | |
2023-10-20 12:55:21 UTC | 10 | IN | |
2023-10-20 12:55:21 UTC | 11 | IN | |
2023-10-20 12:55:21 UTC | 13 | IN | |
2023-10-20 12:55:21 UTC | 14 | IN | |
2023-10-20 12:55:21 UTC | 15 | IN | |
2023-10-20 12:55:21 UTC | 17 | IN | |
2023-10-20 12:55:21 UTC | 18 | IN | |
2023-10-20 12:55:21 UTC | 19 | IN | |
2023-10-20 12:55:21 UTC | 21 | IN | |
2023-10-20 12:55:21 UTC | 22 | IN | |
2023-10-20 12:55:21 UTC | 23 | IN | |
2023-10-20 12:55:21 UTC | 23 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.6 | 49726 | 104.118.8.139 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-10-20 12:55:23 UTC | 23 | OUT | |
2023-10-20 12:55:23 UTC | 23 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.6 | 49727 | 104.118.8.139 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-10-20 12:55:23 UTC | 24 | OUT | |
2023-10-20 12:55:24 UTC | 24 | IN | |
2023-10-20 12:55:24 UTC | 25 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.6 | 49728 | 40.127.169.103 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-10-20 12:55:33 UTC | 25 | OUT | |
2023-10-20 12:55:33 UTC | 25 | IN | |
2023-10-20 12:55:33 UTC | 26 | IN | |
2023-10-20 12:55:33 UTC | 41 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.6 | 49733 | 40.126.62.132 | 443 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-10-20 12:55:54 UTC | 49 | OUT | |
2023-10-20 12:55:54 UTC | 50 | OUT | |
2023-10-20 12:55:54 UTC | 54 | IN | |
2023-10-20 12:55:54 UTC | 55 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 14:55:13 |
Start date: | 20/10/2023 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff684c40000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 14:55:15 |
Start date: | 20/10/2023 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff684c40000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 14:55:18 |
Start date: | 20/10/2023 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff684c40000 |
File size: | 3'242'272 bytes |
MD5 hash: | 5BBFA6CBDF4C254EB368D534F9E23C92 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 5 |
Start time: | 14:55:47 |
Start date: | 20/10/2023 |
Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x120000 |
File size: | 24'015'800 bytes |
MD5 hash: | EA37BE9C3560062AAD02B73D64B6E427 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 10 |
Start time: | 14:55:53 |
Start date: | 20/10/2023 |
Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\lynchtmlconv.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe30000 |
File size: | 14'653'352 bytes |
MD5 hash: | 6AEAD656E50BC1B6E9BEA527187B5624 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 13 |
Start time: | 14:56:00 |
Start date: | 20/10/2023 |
Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x120000 |
File size: | 24'015'800 bytes |
MD5 hash: | EA37BE9C3560062AAD02B73D64B6E427 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 14 |
Start time: | 14:56:09 |
Start date: | 20/10/2023 |
Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x120000 |
File size: | 24'015'800 bytes |
MD5 hash: | EA37BE9C3560062AAD02B73D64B6E427 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |