Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
MDE_File_Sample_2e8af1680bf59a7e23cb35e16cfa1b28a5cef9e8.zip

Overview

General Information

Sample Name:MDE_File_Sample_2e8af1680bf59a7e23cb35e16cfa1b28a5cef9e8.zip
Analysis ID:894860
MD5:af3e71c7756cb6c75746de36270858a1
SHA1:13d2f0a5bda4e14e1811f29fa0fe2f19f5d323f1
SHA256:e9ceeb05f2c4e8eada9cfc8bae2b3a691be5822ea26857b4f69762f28d6ac788
Infos:

Detection

Score:24
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Installs new ROOT certificates
PE file contains an invalid checksum
Drops PE files
Tries to load missing DLLs
Deletes files inside the Windows folder
May sleep (evasive loops) to hinder dynamic analysis
Creates files inside the system directory
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • svchost.exe (PID: 1788 cmdline: C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc MD5: 9520A99E77D6196D0D09833146424113)
  • EndpointBasecamp.exe (PID: 3532 cmdline: "C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exe" MD5: 7719DE2021CEC0078EEC00943DF400C5)
  • EndpointBasecamp.exe (PID: 3452 cmdline: "C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exe" MD5: 7719DE2021CEC0078EEC00943DF400C5)
    • conhost.exe (PID: 6696 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)
  • EndpointBasecamp.exe (PID: 1412 cmdline: "C:\\Program Files (x86)\\Trend Micro\\Endpoint Basecamp\\EndpointBasecamp.exe" /service MD5: 7719DE2021CEC0078EEC00943DF400C5)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Cryptography
  • Compliance
  • Networking
  • System Summary
  • Data Obfuscation
  • Persistence and Installation Behavior
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results
Source: EndpointBasecamp.exe, 00000001.00000000.3162611278.0000000000E70000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----
Source: unknownHTTPS traffic detected: 3.123.46.19:443 -> 192.168.2.3:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.123.174.180:443 -> 192.168.2.3:49749 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.123.46.19:443 -> 192.168.2.3:49750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.198.47.153:443 -> 192.168.2.3:49751 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.156.105.124:443 -> 192.168.2.3:49752 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.122.217.205:443 -> 192.168.2.3:49753 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.121.204.45:443 -> 192.168.2.3:49754 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.158.200.227:443 -> 192.168.2.3:49755 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.122.217.205:443 -> 192.168.2.3:49756 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.158.200.227:443 -> 192.168.2.3:49757 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.123.46.19:443 -> 192.168.2.3:49758 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.158.200.227:443 -> 192.168.2.3:49759 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.156.105.124:443 -> 192.168.2.3:49760 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.121.204.45:443 -> 192.168.2.3:49761 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.123.46.19:443 -> 192.168.2.3:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.158.200.227:443 -> 192.168.2.3:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.121.204.45:443 -> 192.168.2.3:49764 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.123.174.180:443 -> 192.168.2.3:49765 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.123.64.229:443 -> 192.168.2.3:49766 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.156.105.124:443 -> 192.168.2.3:49767 version: TLS 1.2
Source: Binary string: C:\workspace\src\tool\XBC\Release\Win32\EndpointBasecamp.exe.pdb source: EndpointBasecamp.exe, 00000001.00000000.3162611278.0000000000E70000.00000002.00000001.01000000.00000004.sdmp, EndpointBasecamp.exe, 00000004.00000003.3197256366.0000000003797000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3181262555.0000000003634000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000000.3202415110.0000000001208000.00000002.00000001.01000000.00000006.sdmp, EndpointBasecamp.exe.4.dr
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: EndpointBasecamp.exe, 00000004.00000002.3545380527.0000000002CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: HTTPS://API-EU1.XBC.TRENDMICRO.COM/API/AGENT/GET_UPGRADE_ACTIONS/V1.0
Source: EndpointBasecamp.exe, 00000004.00000002.3545380527.0000000002CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: HTTPS://API-EU1.XBC.TRENDMICRO.COM/API/AGENT/GET_UPGRADE_ACTIONS/V1.05J
Source: EndpointBasecamp.exe, 00000006.00000002.3967254258.00000000020B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: HTTPS://API-EU1.XBC.TRENDMICRO.COM/API/AGENT/REGISTER_DEVICE/V2.0
Source: EndpointBasecamp.exe, 00000006.00000002.3967254258.00000000020B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: HTTPS://API-EU1.XBC.TRENDMICRO.COM/API/AGENT/REGISTER_DEVICE/V2.0e
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: HTTPS://API-EU1.XBC.TRENDMICRO.COM/API/AGENT/REPORT_EXCEPTION/V2.0
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: HTTPS://API-EU1.XBC.TRENDMICRO.COM/API/AGENT/REPORT_EXCEPTION/V2.005
Source: EndpointBasecamp.exe, 00000004.00000003.3181262555.000000000391D000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: EndpointBasecamp.exe, 00000004.00000003.3181262555.000000000391D000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3965467007.0000000001B40000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: EndpointBasecamp.exe, 00000004.00000003.3181262555.000000000391D000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: EndpointBasecamp.exe, 00000004.00000003.3181262555.000000000391D000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3965467007.0000000001B40000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: EndpointBasecamp.exe, 00000004.00000003.3181262555.000000000391D000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3965467007.0000000001B40000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DA3000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: EndpointBasecamp.exe, 00000004.00000003.3181262555.000000000391D000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3965467007.0000000001B40000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: EndpointBasecamp.exe, 00000004.00000003.3181262555.000000000391D000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: EndpointBasecamp.exe, 00000004.00000003.3181262555.000000000391D000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3965467007.0000000001B40000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: EndpointBasecamp.exe, 00000004.00000003.3181262555.000000000391D000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3965467007.0000000001B40000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: EndpointBasecamp.exe, 00000004.00000003.3181262555.000000000391D000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe.4.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: EndpointBasecamp.exe, 00000004.00000003.3181262555.000000000391D000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe.4.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: EndpointBasecamp.exe, 00000004.00000003.3181262555.000000000391D000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe.4.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: EndpointBasecamp.exe, 00000004.00000003.3181262555.000000000391D000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3965467007.0000000001B40000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe.4.drString found in binary or memory: http://ocsp.digicert.com0A
Source: EndpointBasecamp.exe, 00000004.00000003.3181262555.000000000391D000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3965467007.0000000001B40000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe.4.drString found in binary or memory: http://ocsp.digicert.com0C
Source: EndpointBasecamp.exe, 00000004.00000003.3181262555.000000000391D000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe.4.drString found in binary or memory: http://ocsp.digicert.com0N
Source: EndpointBasecamp.exe, 00000004.00000003.3181262555.000000000391D000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3965467007.0000000001B40000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe.4.drString found in binary or memory: http://ocsp.digicert.com0X
Source: EndpointBasecamp.exe, 00000004.00000003.3181262555.000000000391D000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe.4.drString found in binary or memory: http://www.digicert.com/CPS0
Source: EndpointBasecamp.exe.4.drString found in binary or memory: http://www.winimage.com/zLibDll
Source: EndpointBasecamp.exe, 00000001.00000000.3162611278.0000000000E70000.00000002.00000001.01000000.00000004.sdmp, EndpointBasecamp.exe, 00000004.00000003.3181262555.0000000003634000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000000.3202415110.00000000011ED000.00000002.00000001.01000000.00000006.sdmp, EndpointBasecamp.exe.4.drString found in binary or memory: http://www.winimage.com/zLibDll1.2.11
Source: svchost.exe, 00000000.00000002.3963866213.000001DABD240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://%s.dnet.xboxlive.com
Source: svchost.exe, 00000000.00000002.3963866213.000001DABD240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://%s.xboxlive.com
Source: svchost.exe, 00000000.00000002.3963866213.000001DABD240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://%s.xboxlive.comed
Source: svchost.exe, 00000000.00000002.3963866213.000001DABD240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://%s.xboxlive.comred
Source: EndpointBasecamp.exe, 00000001.00000000.3162611278.0000000000E70000.00000002.00000001.01000000.00000004.sdmp, EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3181262555.0000000003634000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000000.3202415110.00000000011CE000.00000002.00000001.01000000.00000006.sdmp, EndpointBasecamp.exe.4.drString found in binary or memory: https://---srv_fqdn---/api/agent/get_change_site_actions/v1.0/---device_id---
Source: EndpointBasecamp.exe, 00000001.00000000.3162611278.0000000000E70000.00000002.00000001.01000000.00000004.sdmp, EndpointBasecamp.exe, 00000004.00000003.3181262555.0000000003634000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000000.3202415110.00000000011CE000.00000002.00000001.01000000.00000006.sdmp, EndpointBasecamp.exe.4.drString found in binary or memory: https://---srv_fqdn---/api/agent/get_upgrade_actions/v1.0
Source: EndpointBasecamp.exe, 00000001.00000000.3162611278.0000000000E70000.00000002.00000001.01000000.00000004.sdmp, EndpointBasecamp.exe, 00000004.00000003.3181262555.0000000003634000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000000.3202415110.00000000011CE000.00000002.00000001.01000000.00000006.sdmp, EndpointBasecamp.exe.4.drString found in binary or memory: https://---srv_fqdn---/api/agent/obtain_sas_token/v1.0/---device_id---https://---srv_fqdn---/api/age
Source: EndpointBasecamp.exe, 00000001.00000000.3162611278.0000000000E70000.00000002.00000001.01000000.00000004.sdmp, EndpointBasecamp.exe, 00000004.00000003.3181262555.0000000003634000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000000.3202415110.00000000011C9000.00000002.00000001.01000000.00000006.sdmp, EndpointBasecamp.exe.4.drString found in binary or memory: https://---srv_fqdn---/api/agent/register_device/v2.0https://---srv_fqdn---/api/agent/unregister_dev
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://---srv_fqdn---/api/agent/report_config_status/v1.0/---device_id---d---
Source: EndpointBasecamp.exe, 00000001.00000000.3162611278.0000000000E70000.00000002.00000001.01000000.00000004.sdmp, EndpointBasecamp.exe, 00000004.00000003.3181262555.0000000003634000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000000.3202415110.00000000011CE000.00000002.00000001.01000000.00000006.sdmp, EndpointBasecamp.exe.4.drString found in binary or memory: https://---srv_fqdn---/xbc-ams/ei_unregister/v1.0/---device_id---
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://---srv_fqdn---/xbc-ams/get_actions/v3.0/---token---/---device_id---e
Source: EndpointBasecamp.exe, 00000001.00000000.3162611278.0000000000E70000.00000002.00000001.01000000.00000004.sdmp, EndpointBasecamp.exe, 00000004.00000003.3181262555.0000000003634000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000000.3202415110.00000000011CE000.00000002.00000001.01000000.00000006.sdmp, EndpointBasecamp.exe.4.drString found in binary or memory: https://---srv_fqdn---/xbc-ams/get_actions/v3.0/---token---/---device_id---https://---srv_fqdn---/ap
Source: EndpointBasecamp.exe, 00000001.00000000.3162611278.0000000000E70000.00000002.00000001.01000000.00000004.sdmp, EndpointBasecamp.exe, 00000004.00000003.3181262555.0000000003634000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000000.3202415110.00000000011CE000.00000002.00000001.01000000.00000006.sdmp, EndpointBasecamp.exe.4.drString found in binary or memory: https://---srv_fqdn---/xbc-ams/ping/v2.0/---device_id---
Source: svchost.exe, 00000000.00000002.3963866213.000001DABD240000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.3964368687.000001DABD289000.00000004.00000020.00020000.00000000.sdmp, CDPGlobalSettings.cdp.0.drString found in binary or memory: https://activity.windows.com
Source: svchost.exe, 00000000.00000002.3963866213.000001DABD240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.comt
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.tren
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002D9B000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002252000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002252000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/P
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/get_change_site_actions/v1.0/---device_id---
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/get_change_site_actions/v1.0/---device_id---0d1c055
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/get_change_site_actions/v1.0/---device_id---916)
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/get_change_site_actions/v1.0/---device_id---=
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/get_change_site_actions/v1.0/---device_id---k
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/get_change_site_actions/v1.0/e99cc405-ea23-4961-b4af-47
Source: EndpointBasecamp.log.4.drString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/get_upgrade_actions/v1.0
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/get_upgrade_actions/v1.01.0/---device_id---
Source: EndpointBasecamp.exe, 00000004.00000002.3545380527.0000000002CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/get_upgrade_actions/v1.05f
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/get_upgrade_actions/v1.0N
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/get_upgrade_actions/v1.0Y
Source: EndpointBasecamp.exe, 00000006.00000002.3963577875.0000000001797000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/get_upgrade_actions/v1.0ic
Source: EndpointBasecamp.exe, 00000004.00000002.3545380527.0000000002CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/get_upgrade_actions/v1.0p
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/obtain_sas_token/v1.0/e99cc405-ea23-4961-b4af-4764a10d1
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/ping/v1.0
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/ping/v1.0TQ
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/queue_status/v1.0
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/queue_status/v1.00&d
Source: EndpointBasecamp.exe, 00000006.00000002.3963577875.0000000001797000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/queue_status/v1.0t0
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002D9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/refresh_xid/v1.0
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/refresh_xid/v1.0-92j
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/refresh_xid/v1.0-c&
Source: EndpointBasecamp.exe, 00000006.00000002.3963577875.0000000001797000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/refresh_xid/v1.0-c0
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/refresh_xid/v1.0-g2H
Source: EndpointBasecamp.log.4.drString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/register_device/v2.0
Source: EndpointBasecamp.exe, 00000006.00000002.3967254258.00000000020B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/register_device/v2.0e
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/register_device/v2.0y
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/report_action_status/v1.0/---token---/---device_id---
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/report_action_status/v1.0/---token---/---device_id---05
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/report_action_status/v1.0//---device_id---vice_id---
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/report_action_status/v1.0//---device_id---vice_id---05
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/report_action_status/v1.0//e99cc405-ea23-4961-b4af-4764
Source: EndpointBasecamp.exe, 00000004.00000002.3545380527.0000000002CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/report_config_status/v1.0/---device_id---
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/report_config_status/v1.0/e99cc405-ea23-4961-b4af-4764a
Source: EndpointBasecamp.log.4.drString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.0
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.0-
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.0---MUD
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DBC000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.0.0
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.0.0SVZ
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.005-ea23-4961-b4af-4764a10d1c0599cc
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.05e6
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.0FVO
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.0exe
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.0ice_i
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.0l
Source: EndpointBasecamp.exe, 00000006.00000002.3963577875.0000000001797000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.0ntBasecamp.log
Source: EndpointBasecamp.exe, 00000004.00000002.3542499565.0000000001118000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.0ntBasecamp.logl
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.000000000222E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.0p
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002E35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.0r
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.0se
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.0y
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/update_device/v1.0/---device_id---4a10d1c05
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/update_device/v1.0/e99cc405-ea23-4961-b4af-4764a10d1c05
Source: EndpointBasecamp.exe, 00000004.00000002.3545380527.0000000002CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/upload_mismatched_key/v1.0/---device_id---
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/upload_mismatched_key/v1.0/---device_id---4a10d1c05
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002E35000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DBC000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/api/agent/upload_mismatched_key/v1.0/e99cc405-ea23-4961-b4af-4764
Source: EndpointBasecamp.log.4.drString found in binary or memory: https://api-eu1.xbc.trendmicro.com/healthz
Source: EndpointBasecamp.exe, 00000004.00000002.3542499565.0000000001118000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/healthz2
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/healthzcpp
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/ei_unregister/v1.0/---device_id---
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/ei_unregister/v1.0/---device_id----1
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/ei_unregister/v1.0/---device_id---764a10d1c05
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002D9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/ei_unregister/v1.0/---device_id---764a10d1c0599cc405-ea23
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DBC000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/ei_unregister/v1.0/e99cc405-ea23-4961-b4af-4764a10d1c05
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/ei_unregister/v1.0/e99cc405-ea23-4961-b4af-4764a10d1c05-d
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/ei_unregister/v1.0/e99cc405-ea23-4961-b4af-4764a10d1c055
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/ei_unregister/v1.0/e99cc405-ea23-4961-b4af-4764a10d1c058
Source: EndpointBasecamp.exe, 00000004.00000002.3545380527.0000000002CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/get_actions/v3.0/---token---/---device_id---
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/get_actions/v3.0//e99cc405-ea23-4961-b4af-4764a10d1c05
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/get_actions/v3.0//e99cc405-ea23-4961-b4af-4764a10d1c0564a
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/get_actions/v3.0//e99cc405-ea23-4961-b4af-4764a10d1c058v
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/get_actions/v3.0//e99cc405-ea23-4961-b4af-4764a10d1c0599
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002E35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/get_actions/v3.0//e99cc405-ea23-4961-b4af-4764a10d1c05wor
Source: EndpointBasecamp.log.4.drString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/get_actions/v3.0/00000000-0000-0000-0001-000000000000/e99
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/get_configs/v2.0/---device_id---&
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/get_configs/v2.0/---device_id-----
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/get_configs/v2.0/---device_id-----r
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/get_configs/v2.0/---device_id----device_id---
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/get_configs/v2.0/---device_id----device_id---.1.0.3702
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/get_configs/v2.0/---device_id----device_id---U
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/get_configs/v2.0/---device_id---tion_Handler
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021E8000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/get_configs/v2.0/e99cc405-ea23-4961-b4af-4764a10d1c05
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/get_configs/v2.0/e99cc405-ea23-4961-b4af-4764a10d1c05W
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/get_configs/v2.0/e99cc405-ea23-4961-b4af-4764a10d1c05c05
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/get_configs/v2.0/e99cc405-ea23-4961-b4af-4764a10d1c05c05;
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/get_configs/v2.0/e99cc405-ea23-4961-b4af-4764a10d1c05ctio
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/next_command/v4.0/---device_id---
Source: EndpointBasecamp.log.4.drString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/next_command/v4.0/e99cc405-ea23-4961-b4af-4764a10d1c05
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/next_command/v4.0/e99cc405-ea23-4961-b4af-4764a10d1c0505
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/next_command/v4.0/e99cc405-ea23-4961-b4af-4764a10d1c05170
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/next_command/v4.0/e99cc405-ea23-4961-b4af-4764a10d1c05496
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DBC000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/next_command/v4.0/e99cc405-ea23-4961-b4af-4764a10d1c055
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/next_command/v4.0/e99cc405-ea23-4961-b4af-4764a10d1c05M
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/next_command/v4.0/e99cc405-ea23-4961-b4af-4764a10d1c05UyF
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/next_command/v4.0/e99cc405-ea23-4961-b4af-4764a10d1c05a
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/next_command/v4.0/e99cc405-ea23-4961-b4af-4764a10d1c05cpp
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/next_command/v4.0/e99cc405-ea23-4961-b4af-4764a10d1c05pp(
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/ping/v2.0/---device_id----
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/ping/v2.0/---device_id---1.0/---device_id---3
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/ping/v2.0/---device_id---v1.0/---device_id---
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002D9B000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021C4000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/ping/v2.0/e99cc405-ea23-4961-b4af-4764a10d1c05
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/ping/v2.0/e99cc405-ea23-4961-b4af-4764a10d1c050d1c05
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002D9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/ping/v2.0/e99cc405-ea23-4961-b4af-4764a10d1c05a
Source: EndpointBasecamp.exe, 00000004.00000002.3545380527.0000000002CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/register_company/v2.0/---device_id---_id---
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/register_company/v2.0/---device_id---ro.c
Source: EndpointBasecamp.log.4.drString found in binary or memory: https://api-eu1.xbc.trendmicro.com/xbc-ams/register_company/v2.0/e99cc405-ea23-4961-b4af-4764a10d1c0
Source: EndpointBasecamp.exe, 00000006.00000002.3967254258.00000000020B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com:443/api/agent/report_exception/v2.0
Source: EndpointBasecamp.exe, 00000004.00000002.3545380527.0000000002CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-eu1.xbc.trendmicro.com:443/api/agent/report_exception/v2.0D
Source: svchost.exe, 00000000.00000002.3963866213.000001DABD240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bn2-df.notify.windows.com/v2/register/xplatform/device
Source: svchost.exe, 00000000.00000002.3963866213.000001DABD240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://global.notify.windows.com/v2/register/xplatform/device
Source: EndpointBasecamp.exe, 00000004.00000003.3181262555.000000000391D000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe.4.drString found in binary or memory: https://www.digicert.com/CPS0
Source: unknownHTTP traffic detected: POST /api/agent/get_upgrade_actions/v1.0 HTTP/1.1Connection: CloseContent-Type: application/jsonContent-Encoding: gzip, deflateUser-Agent: TrendMicro WinHttp Modulex-client-version: 1.1.0.3702x-client-platform: win32x-auth-algorithm: 2x-posix-time: 1687851711Content-Length: 70Host: api-eu1.xbc.trendmicro.com
Source: unknownDNS traffic detected: queries for: api-eu1.xbc.trendmicro.com
Source: unknownHTTPS traffic detected: 3.123.46.19:443 -> 192.168.2.3:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.123.174.180:443 -> 192.168.2.3:49749 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.123.46.19:443 -> 192.168.2.3:49750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.198.47.153:443 -> 192.168.2.3:49751 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.156.105.124:443 -> 192.168.2.3:49752 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.122.217.205:443 -> 192.168.2.3:49753 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.121.204.45:443 -> 192.168.2.3:49754 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.158.200.227:443 -> 192.168.2.3:49755 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.122.217.205:443 -> 192.168.2.3:49756 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.158.200.227:443 -> 192.168.2.3:49757 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.123.46.19:443 -> 192.168.2.3:49758 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.158.200.227:443 -> 192.168.2.3:49759 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.156.105.124:443 -> 192.168.2.3:49760 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.121.204.45:443 -> 192.168.2.3:49761 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.123.46.19:443 -> 192.168.2.3:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.158.200.227:443 -> 192.168.2.3:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.121.204.45:443 -> 192.168.2.3:49764 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.123.174.180:443 -> 192.168.2.3:49765 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.123.64.229:443 -> 192.168.2.3:49766 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.156.105.124:443 -> 192.168.2.3:49767 version: TLS 1.2
Source: C:\Windows\System32\svchost.exeSection loaded: cdpsgshims.dllJump to behavior
Source: C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exeFile deleted: C:\Windows\Temp\aK2nSiGKtP6Jump to behavior
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\ConnectedDevicesPlatform\L.user.cdpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exe "C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exe"
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exe "C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exe"
Source: C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exe "C:\\Program Files (x86)\\Trend Micro\\Endpoint Basecamp\\EndpointBasecamp.exe" /service
Source: C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exeMutant created: \BaseNamedObjects\Global\93ff18b6-533d-42a3-83e8-151503c5c3e5
Source: C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exeMutant created: \Sessions\1\BaseNamedObjects\Global\9b346a88-b953-4309-af10-f60b95ea9d5a
Source: C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exeMutant created: \BaseNamedObjects\Global\47de2179_a9c8_4d8c_a825_cc63b1806526
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6696:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6696:120:WilError_02
Source: C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exeMutant created: \BaseNamedObjects\Global\ZwwnaqrkKfLpjIhIhuCgmYjSXtWPqgXhvzc
Source: C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exeMutant created: \Sessions\1\BaseNamedObjects\Global\d02a42f2-39d0-45ed-8935-dd6c58454b51
Source: C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exeMutant created: \BaseNamedObjects\Global\70fcf35c-7a53-4baa-beae-3c7a69b09478
Source: C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exeFile created: C:\Program Files (x86)\Trend MicroJump to behavior
Source: C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exeFile created: C:\Windows\temp\aK2nSiGKtP6Jump to behavior
Source: classification engineClassification label: sus24.winZIP@5/5@20/8
Source: C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: MDE_File_Sample_2e8af1680bf59a7e23cb35e16cfa1b28a5cef9e8.zipStatic file information: File size 1266638 > 1048576
Source: Binary string: C:\workspace\src\tool\XBC\Release\Win32\EndpointBasecamp.exe.pdb source: EndpointBasecamp.exe, 00000001.00000000.3162611278.0000000000E70000.00000002.00000001.01000000.00000004.sdmp, EndpointBasecamp.exe, 00000004.00000003.3197256366.0000000003797000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3181262555.0000000003634000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000000.3202415110.0000000001208000.00000002.00000001.01000000.00000006.sdmp, EndpointBasecamp.exe.4.dr
Source: EndpointBasecamp.exe.4.drStatic PE information: real checksum: 0x334cfe should be: 0x32e8a3

Persistence and Installation Behavior

barindex
Source: C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 BlobJump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exeFile created: C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exeJump to dropped file
Source: C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TrendMicro\TMSecurityServiceJump to behavior
Source: C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exe TID: 6936Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exeProcess information queried: ProcessInformationJump to behavior
Source: svchost.exe, 00000000.00000002.3965163327.000001DABDB43000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: (@DeviceThumbprintVMware6,11
Source: EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW|
Source: svchost.exe, 00000000.00000002.3965163327.000001DABDB43000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware6,11
Source: svchost.exe, 00000000.00000002.3964160714.000001DABD269000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWcsSe%SystemRoot%\system32\mswsock.dll0:00.000",
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW&
Source: EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DA3000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002D66000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		11
Masquerading		OS Credential Dumping1
Query Registry		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		LSASS Memory1
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth2
Non-Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
Install Root Certificate		NTDS1
Process Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets1
Remote System Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common1
File Deletion		Cached Domain Credentials2
System Information Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 894860 Sample: MDE_File_Sample_2e8af1680bf... Startdate: 27/06/2023 Architecture: WINDOWS Score: 24 5 EndpointBasecamp.exe 17 14 2->5         started        10 EndpointBasecamp.exe 2 12 2->10         started        12 svchost.exe 2 2->12         started        14 EndpointBasecamp.exe 2->14         started        dnsIp3 20 18.198.47.153, 443, 49751 AMAZON-02US United States 5->20 22 api-eu1.xbc.trendmicro.com 3.123.46.19, 443, 49748, 49750 AMAZON-02US United States 5->22 18 C:\...ndpointBasecamp.exe, PE32 5->18 dropped 30 Installs new ROOT certificates 5->30 16 conhost.exe 5->16         started        24 18.158.200.227, 443, 49755, 49757 AMAZON-02US United States 10->24 26 3.121.204.45, 443, 49754, 49761 AMAZON-02US United States 10->26 28 4 other IPs or domains 10->28 file4 signatures5 process6

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://%s.xboxlive.com0%URL Reputationsafe
https://---srv_fqdn---/api/agent/register_device/v2.0https://---srv_fqdn---/api/agent/unregister_dev0%Avira URL Cloudsafe
https://---srv_fqdn---/xbc-ams/get_actions/v3.0/---token---/---device_id---https://---srv_fqdn---/ap0%Avira URL Cloudsafe
https://---srv_fqdn---/api/agent/obtain_sas_token/v1.0/---device_id---https://---srv_fqdn---/api/age0%Avira URL Cloudsafe
https://---srv_fqdn---/api/agent/report_config_status/v1.0/---device_id---d---0%Avira URL Cloudsafe
https://api-eu1.xbc.tren0%Avira URL Cloudsafe
https://---srv_fqdn---/xbc-ams/get_actions/v3.0/---token---/---device_id---e0%Avira URL Cloudsafe
https://---srv_fqdn---/api/agent/get_change_site_actions/v1.0/---device_id---0%Avira URL Cloudsafe
https://---srv_fqdn---/api/agent/get_upgrade_actions/v1.00%Avira URL Cloudsafe
https://---srv_fqdn---/xbc-ams/ping/v2.0/---device_id---0%Avira URL Cloudsafe
https://---srv_fqdn---/xbc-ams/ei_unregister/v1.0/---device_id---0%Avira URL Cloudsafe
https://%s.xboxlive.comed0%Avira URL Cloudsafe

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
api-eu1.xbc.trendmicro.com
3.123.46.19
truefalse
    		high

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://api-eu1.xbc.trendmicro.com/xbc-ams/next_command/v4.0/e99cc405-ea23-4961-b4af-4764a10d1c05false
      		high
      https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.0false
        		high
        https://api-eu1.xbc.trendmicro.com/api/agent/get_upgrade_actions/v1.0false
          		high
          https://api-eu1.xbc.trendmicro.com/api/agent/register_device/v2.0false
            		high
            https://api-eu1.xbc.trendmicro.com/xbc-ams/register_company/v2.0/e99cc405-ea23-4961-b4af-4764a10d1c05false
              		high
              NameSourceMaliciousAntivirus DetectionReputation
              https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.0ntBasecamp.loglEndpointBasecamp.exe, 00000004.00000002.3542499565.0000000001118000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://api-eu1.xbc.trendmicro.com/xbc-ams/next_command/v4.0/e99cc405-ea23-4961-b4af-4764a10d1c055EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DBC000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://api-eu1.xbc.trendmicro.com/PEndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002252000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://---srv_fqdn---/api/agent/register_device/v2.0https://---srv_fqdn---/api/agent/unregister_devEndpointBasecamp.exe, 00000001.00000000.3162611278.0000000000E70000.00000002.00000001.01000000.00000004.sdmp, EndpointBasecamp.exe, 00000004.00000003.3181262555.0000000003634000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000000.3202415110.00000000011C9000.00000002.00000001.01000000.00000006.sdmp, EndpointBasecamp.exe.4.drfalse
                    • Avira URL Cloud: safe
                    		low
                    https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.005-ea23-4961-b4af-4764a10d1c0599ccEndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://api-eu1.xbc.trendmicro.com/xbc-ams/get_configs/v2.0/e99cc405-ea23-4961-b4af-4764a10d1c05c05EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DBC000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://api-eu1.xbc.trendmicro.com/api/agent/get_change_site_actions/v1.0/---device_id---916)EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://api-eu1.xbc.trendmicro.com/api/agent/obtain_sas_token/v1.0/e99cc405-ea23-4961-b4af-4764a10d1EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://api-eu1.xbc.trendmicro.com/xbc-ams/next_command/v4.0/e99cc405-ea23-4961-b4af-4764a10d1c05cppEndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021E8000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              HTTPS://API-EU1.XBC.TRENDMICRO.COM/API/AGENT/REPORT_EXCEPTION/V2.005EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://api-eu1.xbc.trendmicro.com/api/agent/get_change_site_actions/v1.0/---device_id---EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://api-eu1.xbc.trendmicro.com/api/agent/queue_status/v1.0t0EndpointBasecamp.exe, 00000006.00000002.3963577875.0000000001797000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://api-eu1.xbc.trendmicro.com/healthzcppEndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://api-eu1.xbc.trendmicro.com/xbc-ams/next_command/v4.0/e99cc405-ea23-4961-b4af-4764a10d1c0505EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://---srv_fqdn---/api/agent/obtain_sas_token/v1.0/---device_id---https://---srv_fqdn---/api/ageEndpointBasecamp.exe, 00000001.00000000.3162611278.0000000000E70000.00000002.00000001.01000000.00000004.sdmp, EndpointBasecamp.exe, 00000004.00000003.3181262555.0000000003634000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000000.3202415110.00000000011CE000.00000002.00000001.01000000.00000006.sdmp, EndpointBasecamp.exe.4.drfalse
                                        • Avira URL Cloud: safe
                                        		low
                                        https://api-eu1.xbc.trendmicro.com/xbc-ams/ei_unregister/v1.0/e99cc405-ea23-4961-b4af-4764a10d1c058EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://api-eu1.xbc.trendmicro.com/xbc-ams/get_actions/v3.0//e99cc405-ea23-4961-b4af-4764a10d1c058vEndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://api-eu1.xbc.trendmicro.com/xbc-ams/ei_unregister/v1.0/e99cc405-ea23-4961-b4af-4764a10d1c055EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://api-eu1.xbc.trendmicro.com/xbc-ams/ei_unregister/v1.0/---device_id----1EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://api-eu1.xbc.trendmicro.com/EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002D9B000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002252000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://api-eu1.xbc.trendmicro.com/xbc-ams/get_configs/v2.0/---device_id---&EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://api-eu1.xbc.trendmicro.com/xbc-ams/next_command/v4.0/e99cc405-ea23-4961-b4af-4764a10d1c05MEndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://api-eu1.xbc.trendmicro.com/xbc-ams/get_configs/v2.0/e99cc405-ea23-4961-b4af-4764a10d1c05WEndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://api-eu1.xbc.trendmicro.com/api/agent/get_change_site_actions/v1.0/e99cc405-ea23-4961-b4af-47EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://api-eu1.xbc.trendmicro.com/xbc-ams/next_command/v4.0/e99cc405-ea23-4961-b4af-4764a10d1c05aEndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://api-eu1.xbc.trendmicro.com/xbc-ams/get_actions/v3.0/00000000-0000-0000-0001-000000000000/e99EndpointBasecamp.log.4.drfalse
                                                              		high
                                                              HTTPS://API-EU1.XBC.TRENDMICRO.COM/API/AGENT/REPORT_EXCEPTION/V2.0EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://api-eu1.xbc.trendmicro.com/api/agent/get_change_site_actions/v1.0/---device_id---kEndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://api-eu1.xbc.trendmicro.com/api/agent/report_action_status/v1.0//---device_id---vice_id---05EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    HTTPS://API-EU1.XBC.TRENDMICRO.COM/API/AGENT/REGISTER_DEVICE/V2.0eEndpointBasecamp.exe, 00000006.00000002.3967254258.00000000020B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.0---MUDEndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://api-eu1.xbc.trendmicro.com/xbc-ams/get_configs/v2.0/---device_id----device_id---.1.0.3702EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://api-eu1.xbc.trendmicro.com/api/agent/refresh_xid/v1.0-g2HEndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://api-eu1.xbc.trendmicro.com/xbc-ams/get_actions/v3.0//e99cc405-ea23-4961-b4af-4764a10d1c05worEndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002E35000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://api-eu1.xbc.trendmicro.com/xbc-ams/get_actions/v3.0//e99cc405-ea23-4961-b4af-4764a10d1c0599EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://api-eu1.xbc.trendmicro.com/api/agent/report_action_status/v1.0//---device_id---vice_id---EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.0FVOEndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.0.0SVZEndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://api-eu1.xbc.trendmicro.com/api/agent/report_config_status/v1.0/e99cc405-ea23-4961-b4af-4764aEndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://api-eu1.xbc.trendmicro.com/xbc-ams/ping/v2.0/---device_id---1.0/---device_id---3EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://api-eu1.xbc.trendmicro.com/healthz2EndpointBasecamp.exe, 00000004.00000002.3542499565.0000000001118000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.0ice_iEndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://api-eu1.xbc.trenEndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://%s.xboxlive.comsvchost.exe, 00000000.00000002.3963866213.000001DABD240000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		low
                                                                                              https://---srv_fqdn---/xbc-ams/get_actions/v3.0/---token---/---device_id---https://---srv_fqdn---/apEndpointBasecamp.exe, 00000001.00000000.3162611278.0000000000E70000.00000002.00000001.01000000.00000004.sdmp, EndpointBasecamp.exe, 00000004.00000003.3181262555.0000000003634000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000000.3202415110.00000000011CE000.00000002.00000001.01000000.00000006.sdmp, EndpointBasecamp.exe.4.drfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		low
                                                                                              https://---srv_fqdn---/api/agent/report_config_status/v1.0/---device_id---d---EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		low
                                                                                              https://api-eu1.xbc.trendmicro.com/xbc-ams/next_command/v4.0/e99cc405-ea23-4961-b4af-4764a10d1c05496EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://---srv_fqdn---/xbc-ams/get_actions/v3.0/---token---/---device_id---eEndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		low
                                                                                                HTTPS://API-EU1.XBC.TRENDMICRO.COM/API/AGENT/GET_UPGRADE_ACTIONS/V1.0EndpointBasecamp.exe, 00000004.00000002.3545380527.0000000002CB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://api-eu1.xbc.trendmicro.com/api/agent/update_device/v1.0/---device_id---4a10d1c05EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://api-eu1.xbc.trendmicro.com/xbc-ams/get_actions/v3.0/---token---/---device_id---EndpointBasecamp.exe, 00000004.00000002.3545380527.0000000002CB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://api-eu1.xbc.trendmicro.com/xbc-ams/register_company/v2.0/e99cc405-ea23-4961-b4af-4764a10d1c0EndpointBasecamp.log.4.drfalse
                                                                                                        		high
                                                                                                        https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.05e6EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://api-eu1.xbc.trendmicro.com/api/agent/queue_status/v1.0EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://%s.xboxlive.comedsvchost.exe, 00000000.00000002.3963866213.000001DABD240000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		low
                                                                                                            https://api-eu1.xbc.trendmicro.com/api/agent/upload_mismatched_key/v1.0/e99cc405-ea23-4961-b4af-4764EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002E35000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DBC000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://api-eu1.xbc.trendmicro.com/xbc-ams/get_configs/v2.0/---device_id-----EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.0seEndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://api-eu1.xbc.trendmicro.com/xbc-ams/get_actions/v3.0//e99cc405-ea23-4961-b4af-4764a10d1c0564aEndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://api-eu1.xbc.trendmicro.com/xbc-ams/next_command/v4.0/e99cc405-ea23-4961-b4af-4764a10d1c05pp(EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://api-eu1.xbc.trendmicro.com/xbc-ams/get_configs/v2.0/---device_id----device_id---UEndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://api-eu1.xbc.trendmicro.com/xbc-ams/ping/v2.0/e99cc405-ea23-4961-b4af-4764a10d1c050d1c05EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://api-eu1.xbc.trendmicro.com/xbc-ams/get_actions/v3.0//e99cc405-ea23-4961-b4af-4764a10d1c05EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.0.0EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DBC000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.0lEndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://api-eu1.xbc.trendmicro.com/api/agent/refresh_xid/v1.0-c&EndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://api-eu1.xbc.trendmicro.com/xbc-ams/ei_unregister/v1.0/---device_id---EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://api-eu1.xbc.trendmicro.com/xbc-ams/ei_unregister/v1.0/---device_id---764a10d1c0599cc405-ea23EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002D9B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.0pEndpointBasecamp.exe, 00000006.00000002.3968484021.000000000222E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://api-eu1.xbc.trendmicro.com/api/agent/ping/v1.0TQEndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://api-eu1.xbc.trendmicro.com/api/agent/queue_status/v1.00&dEndpointBasecamp.exe, 00000006.00000002.3968484021.0000000002165000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.0rEndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002E35000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://api-eu1.xbc.trendmicro.com/api/agent/refresh_xid/v1.0-c0EndpointBasecamp.exe, 00000006.00000002.3963577875.0000000001797000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://api-eu1.xbc.trendmicro.com/api/agent/refresh_xid/v1.0EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002D9B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://api-eu1.xbc.trendmicro.com/api/agent/upload_mismatched_key/v1.0/---device_id---4a10d1c05EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://api-eu1.xbc.trendmicro.com/healthzEndpointBasecamp.log.4.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://api-eu1.xbc.trendmicro.com/xbc-ams/register_company/v2.0/---device_id---_id---EndpointBasecamp.exe, 00000004.00000002.3545380527.0000000002CB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://api-eu1.xbc.trendmicro.com/xbc-ams/next_command/v4.0/---device_id---EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://api-eu1.xbc.trendmicro.com/xbc-ams/get_configs/v2.0/---device_id----device_id---EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://api-eu1.xbc.trendmicro.com/xbc-ams/ping/v2.0/e99cc405-ea23-4961-b4af-4764a10d1c05aEndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002D9B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://---srv_fqdn---/api/agent/get_change_site_actions/v1.0/---device_id---EndpointBasecamp.exe, 00000001.00000000.3162611278.0000000000E70000.00000002.00000001.01000000.00000004.sdmp, EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3181262555.0000000003634000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000000.3202415110.00000000011CE000.00000002.00000001.01000000.00000006.sdmp, EndpointBasecamp.exe.4.drfalse
                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                              		low
                                                                                                                                                              https://---srv_fqdn---/api/agent/get_upgrade_actions/v1.0EndpointBasecamp.exe, 00000001.00000000.3162611278.0000000000E70000.00000002.00000001.01000000.00000004.sdmp, EndpointBasecamp.exe, 00000004.00000003.3181262555.0000000003634000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000000.3202415110.00000000011CE000.00000002.00000001.01000000.00000006.sdmp, EndpointBasecamp.exe.4.drfalse
                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                              		low
                                                                                                                                                              https://api-eu1.xbc.trendmicro.com/api/agent/get_upgrade_actions/v1.01.0/---device_id---EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://api-eu1.xbc.trendmicro.com/api/agent/get_change_site_actions/v1.0/---device_id---0d1c055EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://api-eu1.xbc.trendmicro.com/api/agent/register_device/v2.0yEndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://api-eu1.xbc.trendmicro.com/xbc-ams/ping/v2.0/---device_id----EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://api-eu1.xbc.trendmicro.com/api/agent/get_upgrade_actions/v1.0icEndpointBasecamp.exe, 00000006.00000002.3963577875.0000000001797000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://api-eu1.xbc.trendmicro.com/api/agent/report_action_status/v1.0/---token---/---device_id---EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://api-eu1.xbc.trendmicro.com/xbc-ams/get_configs/v2.0/e99cc405-ea23-4961-b4af-4764a10d1c05c05;EndpointBasecamp.exe, 00000004.00000002.3546493709.0000000002DBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://api-eu1.xbc.trendmicro.com/api/agent/register_device/v2.0eEndpointBasecamp.exe, 00000006.00000002.3967254258.00000000020B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://api-eu1.xbc.trendmicro.com/xbc-ams/next_command/v4.0/e99cc405-ea23-4961-b4af-4764a10d1c05UyFEndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://---srv_fqdn---/xbc-ams/ping/v2.0/---device_id---EndpointBasecamp.exe, 00000001.00000000.3162611278.0000000000E70000.00000002.00000001.01000000.00000004.sdmp, EndpointBasecamp.exe, 00000004.00000003.3181262555.0000000003634000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000000.3202415110.00000000011CE000.00000002.00000001.01000000.00000006.sdmp, EndpointBasecamp.exe.4.drfalse
                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                		low
                                                                                                                                                                                https://api-eu1.xbc.trendmicro.com/xbc-ams/get_configs/v2.0/---device_id---tion_HandlerEndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://api-eu1.xbc.trendmicro.com/api/agent/report_exception/v2.0yEndpointBasecamp.exe, 00000006.00000002.3968484021.00000000021D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://---srv_fqdn---/xbc-ams/ei_unregister/v1.0/---device_id---EndpointBasecamp.exe, 00000001.00000000.3162611278.0000000000E70000.00000002.00000001.01000000.00000004.sdmp, EndpointBasecamp.exe, 00000004.00000003.3181262555.0000000003634000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000004.00000003.3177696688.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, EndpointBasecamp.exe, 00000006.00000000.3202415110.00000000011CE000.00000002.00000001.01000000.00000006.sdmp, EndpointBasecamp.exe.4.drfalse
                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                    		low

                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                    Public IPs

                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                    3.122.217.205
                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                    18.158.200.227
                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                    18.198.47.153
                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                    3.123.46.19
                                                                                                                                                                                    		api-eu1.xbc.trendmicro.comUnited States
                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                    35.156.105.124
                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                    3.123.174.180
                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                    3.123.64.229
                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                    3.121.204.45
                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                    		16509AMAZON-02USfalse

                                                                                                                                                                                    General Information

                                                                                                                                                                                    Joe Sandbox Version:37.1.0 Beryl
                                                                                                                                                                                    Analysis ID:894860
                                                                                                                                                                                    Start date and time:2023-06-27 08:29:31 +02:00
                                                                                                                                                                                    Joe Sandbox Product:CloudBasic
                                                                                                                                                                                    Overall analysis duration:0h 5m 12s
                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                    Report type:full
                                                                                                                                                                                    Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                                                    Analysis system description:Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
                                                                                                                                                                                    Number of analysed new started processes analysed:6
                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                    Number of injected processes analysed:1
                                                                                                                                                                                    Technologies:
                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                    • HDC enabled
                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                    Sample file name:MDE_File_Sample_2e8af1680bf59a7e23cb35e16cfa1b28a5cef9e8.zip
                                                                                                                                                                                    Detection:SUS
                                                                                                                                                                                    Classification:sus24.winZIP@5/5@20/8
                                                                                                                                                                                    EGA Information:Failed
                                                                                                                                                                                    HDC Information:Failed
                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                    • Number of executed functions: 0
                                                                                                                                                                                    • Number of non-executed functions: 0
                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                    • Found application associated with file extension: .zip
                                                                                                                                                                                    • Exclude process from analysis (whitelisted): consent.exe, svchost.exe
                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): login.live.com, settings-win.data.microsoft.com
                                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                                                    Simulations

                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                    08:30:52API Interceptor2x Sleep call for process: EndpointBasecamp.exe modified

                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                    IPs

                                                                                                                                                                                    No context

                                                                                                                                                                                    Domains

                                                                                                                                                                                    No context

                                                                                                                                                                                    ASNs

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                    AMAZON-02UShttps://e.targito.com/c?a=a765e20b-92d0-4544-a4c3-c23518cbf01d&o=gsklub_cz&m=6b67e0df-8f21-4d26-bac6-98abbf8b9329&c=75283f30-ec7c-4c64-8e96-b11b9ceb9007&d=1550125868&l=footer_menu_2&u=https://9yR7dUce.tm-maha.com#aGFubmFoLmhhQG1heWVyYnJvd25qc20uY29tGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 18.185.21.38
                                                                                                                                                                                    1687824801-111316-5457-7174-1.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 52.29.25.212
                                                                                                                                                                                    http://miami.asa.eduGet hashmaliciousGRQ ScamBrowse
                                                                                                                                                                                    • 13.224.103.88
                                                                                                                                                                                    INVOICE.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                    • 3.69.136.55
                                                                                                                                                                                    https://pub.marq.com/d96b762d-1cab-49f7-b4a9-fd1ba4c30c51/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 13.224.103.20
                                                                                                                                                                                    OriginalMessage.txt.msgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 54.187.136.42
                                                                                                                                                                                    https://www.bing.com/ck/a?!&&p=ec4ac99e4d0666bdJmltdHM9MTY4NzczNzYwMCZpZ3VpZD0xNDc2Yjc4NC1jYmJmLTY1YzEtMmEyZC1hNGIzY2FkNTY0MDUmaW5zaWQ9NTEzMw&ptn=3&hsh=3&fclid=1476b784-cbbf-65c1-2a2d-a4b3cad56405&u=a1aHR0cHM6Ly93d3cuZm9vZGllem9uZS5mdW4vaW5kZXguaHRtbA&ntb#YmVsbGluZ2pAc2NobmVpZGVyLmNvbQ==Get hashmaliciousPhisherBrowse
                                                                                                                                                                                    • 13.224.103.26
                                                                                                                                                                                    https://indd.adobe.com/view/717e7fb9-fdc2-4fea-a0ed-5d75861f9ca9Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 13.224.103.47
                                                                                                                                                                                    https://robodk.com/downloadGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 13.224.103.3
                                                                                                                                                                                    https://r20.rs6.net/tn.jsp?f=001m_8xf0Ngwy8ZAr8JPYb00q7Oc5edUF6yOmwdUjRNoFIPWJgpllFN8M2vDptrLXZJskTcUVFMMA2kg1OHigpgPc4M5JaHXhhR6dF20BhfgJd-YCJHikGXbwbpDgMF5tS2StR37uBRk_d-0MjMhkQbb7O1vbwDReVi&c=JETSIG-5_Sd4N2L7qoiRXd8amZpC9kTK38tyCrgCwajfJil3u3_pew==&ch=vkonpyQymK1v8Q43-3l3AGo99_vWXdsSCVb0WzTsPj343F7ea8gDoA==&__=?i=bob.mickelson@isginc.comGet hashmaliciousCaptcha PhishBrowse
                                                                                                                                                                                    • 13.224.98.50
                                                                                                                                                                                    PaySlip_$55,098.08 (r).htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 52.218.88.130
                                                                                                                                                                                    http://www.hungryfriend.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 54.149.54.168
                                                                                                                                                                                    https://www.bing.com/ck/a?!&&p=e320779d1636975dJmltdHM9MTY4NzczNzYwMCZpZ3VpZD0xZDIzYTU1MS0yZmIwLTY4NzItMmZhNi1iNjc3MmVkMjY5MzEmaW5zaWQ9NTMwOQ&ptn=3&hsh=3&fclid=1d23a551-2fb0-6872-2fa6-b6772ed26931&u=a1aHR0cHM6Ly93d3cuZWR1Y2F0dXBlcnJvLmNvbS5hci9ncmFjaWFzLw#YW50aG9ueS5sb25nb0Bsb25nb3MuY29tGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 13.224.103.54
                                                                                                                                                                                    https://www.bing.com/ck/a?!&&p=346dae4f448e1b21JmltdHM9MTY4NzY1MTIwMCZpZ3VpZD0xNDI3YTEyNi1jNWVmLTZmZDEtMTFhNi1iMjFmYzQ4MzZlZTcmaW5zaWQ9NTE1NQ&ptn=3&hsh=3&fclid=1427a126-c5ef-6fd1-11a6-b21fc4836ee7&u=a1aHR0cHM6Ly9ib29rc2J5bGFycnlsYXdzb24uY29tLw#ZXR1Y2tlckBtb29nLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 13.224.103.54
                                                                                                                                                                                    https://www.amazon.co.uk/gp/customer-reviews/R2YD90G2X29MOB/ref=cm_cr_getr_d_rvw_ttl?ie=UTF8&ASIN=B07QKR3PP3Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 65.9.170.185
                                                                                                                                                                                    https://videos.rzsoftware.com/watch/Q7BrcumWmoQMARoDExy3Lg?vyetoken=20536f58-cd36-4a35-b987-4ad673b3bfd5&vydata=%7B%22_om_id%22%3A125077%2C%22_op_id%22%3A73415%7DGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 108.138.189.64
                                                                                                                                                                                    http://joessandbox.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 18.197.42.180
                                                                                                                                                                                    Scan_1003232606.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                                    • 3.64.163.50
                                                                                                                                                                                    https://www.logicielreferencement.com/commander-pack-premium-etape-2-1.html?email=ctse@gcgaming.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 13.224.103.121
                                                                                                                                                                                    https://e.targito.com/c?a=a765e20b-92d0-4544-a4c3-c23518cbf01d&o=gsklub_cz&m=6b67e0df-8f21-4d26-bac6-98abbf8b9329&c=75283f30-ec7c-4c64-8e96-b11b9ceb9007&d=1550125868&l=footer_menu_2&u=http://jtq.hummingbird-hemp.sa.com/jumeirah/YWJyYWhhbS5jaGFja29AanVtZWlyYWguY29tGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 52.58.152.180

                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                    28a2c9bd18a11de089ef85a160da29e4EFTPaymentCopy.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 3.122.217.205
                                                                                                                                                                                    • 18.158.200.227
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    • 3.123.174.180
                                                                                                                                                                                    • 3.123.64.229
                                                                                                                                                                                    • 3.121.204.45
                                                                                                                                                                                    https://support-centraculogon.selfip.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 3.122.217.205
                                                                                                                                                                                    • 18.158.200.227
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    • 3.123.174.180
                                                                                                                                                                                    • 3.123.64.229
                                                                                                                                                                                    • 3.121.204.45
                                                                                                                                                                                    eft02766324.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 3.122.217.205
                                                                                                                                                                                    • 18.158.200.227
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    • 3.123.174.180
                                                                                                                                                                                    • 3.123.64.229
                                                                                                                                                                                    • 3.121.204.45
                                                                                                                                                                                    ATT00001.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 3.122.217.205
                                                                                                                                                                                    • 18.158.200.227
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    • 3.123.174.180
                                                                                                                                                                                    • 3.123.64.229
                                                                                                                                                                                    • 3.121.204.45
                                                                                                                                                                                    https://pendxz.w3spaces.com?dg=emFoaWRAaGhlcG8ubmV0LnFhGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 3.122.217.205
                                                                                                                                                                                    • 18.158.200.227
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    • 3.123.174.180
                                                                                                                                                                                    • 3.123.64.229
                                                                                                                                                                                    • 3.121.204.45
                                                                                                                                                                                    http://app.slidebean.com/p/hum3e9vbmhGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 3.122.217.205
                                                                                                                                                                                    • 18.158.200.227
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    • 3.123.174.180
                                                                                                                                                                                    • 3.123.64.229
                                                                                                                                                                                    • 3.121.204.45
                                                                                                                                                                                    378519 fdp.HTMGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 3.122.217.205
                                                                                                                                                                                    • 18.158.200.227
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    • 3.123.174.180
                                                                                                                                                                                    • 3.123.64.229
                                                                                                                                                                                    • 3.121.204.45
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 3.122.217.205
                                                                                                                                                                                    • 18.158.200.227
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    • 3.123.174.180
                                                                                                                                                                                    • 3.123.64.229
                                                                                                                                                                                    • 3.121.204.45
                                                                                                                                                                                    https://mbtthospitality.com/bedside-alarm-clocks/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 3.122.217.205
                                                                                                                                                                                    • 18.158.200.227
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    • 3.123.174.180
                                                                                                                                                                                    • 3.123.64.229
                                                                                                                                                                                    • 3.121.204.45
                                                                                                                                                                                    https://mbtthospitality.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 3.122.217.205
                                                                                                                                                                                    • 18.158.200.227
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    • 3.123.174.180
                                                                                                                                                                                    • 3.123.64.229
                                                                                                                                                                                    • 3.121.204.45
                                                                                                                                                                                    https://www.attemplate.com/aus/89fb9fd4-1359-49d3-ab0e-07e88ca7cf68/cbf813df-0686-4a4b-a9bf-39e8ae68e496/c2dd926c-1085-410e-a70e-5ed6dfb47260/login?id=R3JkWUJIWUhmMnR1c2I1eFRNdUVNUThDSXBZQ3VsS0toRkdGc3BNUTJsem91STBPK1pBM0l6ZndnMXBRdEttcEx4K0NNUlVTczVBblI1QkViNnR4ZElQMXloa3pEVEtTTEEvTFZYR1Y3cjQ4Vk5lTFoxMHhKWm9PUWlkQ2t6ZTdLSTBXTzdwdFBpb1Byc0ViWWU3aHNBSERQZ0MyL0ZKM0NBUEpYVlBYSi83Q2ZhR1B2OTRlUDJBbGVjSGU3WEpnQUdRejVuSDhOd0FSV0o4NjYyMDUvRTA5THlGbXZsMUl2V3cyOGJ2blZ1Y2FnZFprTVZkeDdVQmg3VFNSNHF0WGU4YThwVTFnNUdRd3Z4UUFBQUdYUlhORll0TWloT1BsbDhDRFRNdTNia3dTVUhzTE5qaXZnOU9SMEl1VHVZTTJsNzJYNFhGaHk3LzNwNC9DZSt1THFheFE0bXdVQVVMMXlaMWtiZmwxMlZvaUFhbVpDMjZWaFl3b09WSUQrNWQ2Z2Z5NENWQ04vOGhSRGNDOGFMUkxXUT09Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 3.122.217.205
                                                                                                                                                                                    • 18.158.200.227
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    • 3.123.174.180
                                                                                                                                                                                    • 3.123.64.229
                                                                                                                                                                                    • 3.121.204.45
                                                                                                                                                                                    559496.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 3.122.217.205
                                                                                                                                                                                    • 18.158.200.227
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    • 3.123.174.180
                                                                                                                                                                                    • 3.123.64.229
                                                                                                                                                                                    • 3.121.204.45
                                                                                                                                                                                    https://counselcrib.com.ng/mmeu/?6890672Get hashmaliciousQbotBrowse
                                                                                                                                                                                    • 3.122.217.205
                                                                                                                                                                                    • 18.158.200.227
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    • 3.123.174.180
                                                                                                                                                                                    • 3.123.64.229
                                                                                                                                                                                    • 3.121.204.45
                                                                                                                                                                                    INV-90231.xlsxGet hashmaliciousCaptcha PhishBrowse
                                                                                                                                                                                    • 3.122.217.205
                                                                                                                                                                                    • 18.158.200.227
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    • 3.123.174.180
                                                                                                                                                                                    • 3.123.64.229
                                                                                                                                                                                    • 3.121.204.45
                                                                                                                                                                                    Solo-italia Sepa.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 3.122.217.205
                                                                                                                                                                                    • 18.158.200.227
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    • 3.123.174.180
                                                                                                                                                                                    • 3.123.64.229
                                                                                                                                                                                    • 3.121.204.45
                                                                                                                                                                                    NEW-FAX-308889.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 3.122.217.205
                                                                                                                                                                                    • 18.158.200.227
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    • 3.123.174.180
                                                                                                                                                                                    • 3.123.64.229
                                                                                                                                                                                    • 3.121.204.45
                                                                                                                                                                                    https://jp6yze3jwx6462c537686e2.tracerst.ruGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 3.122.217.205
                                                                                                                                                                                    • 18.158.200.227
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    • 3.123.174.180
                                                                                                                                                                                    • 3.123.64.229
                                                                                                                                                                                    • 3.121.204.45
                                                                                                                                                                                    RemittanceAdvice.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 3.122.217.205
                                                                                                                                                                                    • 18.158.200.227
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    • 3.123.174.180
                                                                                                                                                                                    • 3.123.64.229
                                                                                                                                                                                    • 3.121.204.45
                                                                                                                                                                                    http://173.201.191.177Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 3.122.217.205
                                                                                                                                                                                    • 18.158.200.227
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    • 3.123.174.180
                                                                                                                                                                                    • 3.123.64.229
                                                                                                                                                                                    • 3.121.204.45
                                                                                                                                                                                    Memo.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 3.122.217.205
                                                                                                                                                                                    • 18.158.200.227
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    • 3.123.174.180
                                                                                                                                                                                    • 3.123.64.229
                                                                                                                                                                                    • 3.121.204.45
                                                                                                                                                                                    a0e9f5d64349fb13191bc781f81f42e1EFTPaymentCopy.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 18.198.47.153
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    https://support-centraculogon.selfip.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 18.198.47.153
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    https://pendxz.w3spaces.com?dg=emFoaWRAaGhlcG8ubmV0LnFhGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 18.198.47.153
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    form-pdf.&GOPCCGREAV&#U00d8.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 18.198.47.153
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    https://widget-85db8c5b66704701b1deb5434e716771.elfsig.ht/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 18.198.47.153
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    ACH+Payment+Account+Statement.xlsbGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 18.198.47.153
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    https://104.248.239.107Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 18.198.47.153
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    test.DocxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 18.198.47.153
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    Sender_details_674534.docm.docmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 18.198.47.153
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    https://www.attemplate.com/aus/89fb9fd4-1359-49d3-ab0e-07e88ca7cf68/cbf813df-0686-4a4b-a9bf-39e8ae68e496/c2dd926c-1085-410e-a70e-5ed6dfb47260/login?id=R3JkWUJIWUhmMnR1c2I1eFRNdUVNUThDSXBZQ3VsS0toRkdGc3BNUTJsem91STBPK1pBM0l6ZndnMXBRdEttcEx4K0NNUlVTczVBblI1QkViNnR4ZElQMXloa3pEVEtTTEEvTFZYR1Y3cjQ4Vk5lTFoxMHhKWm9PUWlkQ2t6ZTdLSTBXTzdwdFBpb1Byc0ViWWU3aHNBSERQZ0MyL0ZKM0NBUEpYVlBYSi83Q2ZhR1B2OTRlUDJBbGVjSGU3WEpnQUdRejVuSDhOd0FSV0o4NjYyMDUvRTA5THlGbXZsMUl2V3cyOGJ2blZ1Y2FnZFprTVZkeDdVQmg3VFNSNHF0WGU4YThwVTFnNUdRd3Z4UUFBQUdYUlhORll0TWloT1BsbDhDRFRNdTNia3dTVUhzTE5qaXZnOU9SMEl1VHVZTTJsNzJYNFhGaHk3LzNwNC9DZSt1THFheFE0bXdVQVVMMXlaMWtiZmwxMlZvaUFhbVpDMjZWaFl3b09WSUQrNWQ2Z2Z5NENWQ04vOGhSRGNDOGFMUkxXUT09Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 18.198.47.153
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    559496.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 18.198.47.153
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    MDE_File_Sample_e9e38cec89d6119a1808438f79b170105cf173b4.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 18.198.47.153
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    https://counselcrib.com.ng/mmeu/?6890672Get hashmaliciousQbotBrowse
                                                                                                                                                                                    • 18.198.47.153
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    RemittanceAdvice.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 18.198.47.153
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    http://173.201.191.177Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 18.198.47.153
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    trxpai460.jsGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                                                    • 18.198.47.153
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    https://nabconnect-portal.com/Get hashmaliciousReCaptcha PhishBrowse
                                                                                                                                                                                    • 18.198.47.153
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    lhanish-ic17726eun.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 18.198.47.153
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    https://www.bing.com/ck/a?!&&p=2c6e87190f27db0bJmltdHM9MTY4NTU3NzYwMCZpZ3VpZD0xN2E2ZTY2Ni1mMDliLTZlOGMtMGRmNy1mNTQ0ZjExYzZmM2ImaW5zaWQ9NTE1Nw&ptn=3&hsh=3&fclid=17a6e666-f09b-6e8c-0df7-f544f11c6f3b&u=a1aHR0cHM6Ly93d3cua3JhZnR5a3JhZnRlcnMuY28udWsvNDUxODQ3MTI0#M=dmargarucci@unifrax.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 18.198.47.153
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124
                                                                                                                                                                                    PV Questionnaire - Order Fulfillment and Supporting IT.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 18.198.47.153
                                                                                                                                                                                    • 3.123.46.19
                                                                                                                                                                                    • 35.156.105.124

                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                    No context

                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                    C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exe
                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):3301760
                                                                                                                                                                                    Entropy (8bit):6.501015693675191
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:49152:9Kdn5QHX1unxdS3OjQCuO7n8AF/05NPkZfOamuECkQK+Tsd1j3ZIONcp:5HFuLDQCb8AF/9ZmQ0Y
                                                                                                                                                                                    MD5:7719DE2021CEC0078EEC00943DF400C5
                                                                                                                                                                                    SHA1:C03A4ACF24559CB0863081DF6B07D1E01DBA7A86
                                                                                                                                                                                    SHA-256:7951375293C758332D681884C7DFA7866B7B926DA13D19CD99A8BEBD0AC3D023
                                                                                                                                                                                    SHA-512:843EB777DEA32CA389BFAA3DEB0C06E1002B943F685FEB74E77653FA88446ACA02BB66C9AB1706D958DB90115850CCDF18F586D98707A1417688745B465B806A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$...........D..D..D.....W...........\.....E..". .G.....W.....^...../.....[....O....c.....F....G.....g..D..8..........".E..D.J.E.....E..RichD..........................PE..L...<..d..................%..@......5Q........&...@..........................03......L3...@...................................-.T....P0..+...........*2..7....0.....).T.....................).....(.).@.............&..............................text...2.%.......%................. ..`.rdata..4 ....&.."....%.............@..@.data........0-..L....-.............@....rsrc....+...P0..,...X/.............@..@.reloc.......0......./.............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\log\EndpointBasecamp.log

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exe
                                                                                                                                                                                    File Type:ASCII text, with very long lines (1044), with CRLF line terminators
                                                                                                                                                                                    Category:modified
                                                                                                                                                                                    Size (bytes):73779
                                                                                                                                                                                    Entropy (8bit):5.547528490096521
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:FTiz0bTiz0umij0Rmij0jmij06Gi9M0Pir0y8Mi2i90j0nJiiT0LiiT06iiT0Eiw:FTiz0bTiz0umij0Rmij0jmij06Gi9M0y
                                                                                                                                                                                    MD5:EB282FA1ACDE0571963A9892317747D8
                                                                                                                                                                                    SHA1:F853729CBE1AC2BFD35AE52C0CFA2E8AAA9FA6FC
                                                                                                                                                                                    SHA-256:8B0B681E36D9B7F599117635946B0B4E5737812A6FBAC6F191AFED9C76E2F129
                                                                                                                                                                                    SHA-512:9FBA036178FC4AD9C3E4D51B805EBCC113CFBD32EED7FD3BE47EC3B41B6D7CD8FBB97CF1E0B96892C01F67B9F96938C9AEE0396095B6A4785D1D38AA2A849FE0
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Preview:2023 06/27 09:41:49 [0d7c : 1a4c] (I) [EndpointBasecamp.exe]xBaseCamp::XBC_Main::install_root_ca - The local machine cert store is open. - [xbc_main_functions.cpp(1015)]..2023 06/27 09:41:49 [0d7c : 1a4c] (I) [EndpointBasecamp.exe]xBaseCamp::XBC_Main::install_root_ca - Certificate is added to the store. - [xbc_main_functions.cpp(1024)]..2023 06/27 09:41:50 [0d7c : 1a4c] (D) [EndpointBasecamp.exe]xBaseCamp::XdrIdManager::ReadXdrDeviceIdFromDs - DS command path: C:\Program Files\Trend Micro\Deep Security Agent\sendCommand.cmd does not exist - [xbc_xdr_id_manager.cpp(102)]..2023 06/27 09:41:50 [0d7c : 1a4c] (D) [EndpointBasecamp.exe]xBaseCamp::XdrIdManager::ReadXdrDeviceIdFromXbc - Use XBC device id as XDR device id. - [xbc_xdr_id_manager.cpp(108)]..2023 06/27 09:41:50 [0d7c : 1a4c] (D) [EndpointBasecamp.exe]wmain - Try service gateway and proxy connection - [xbc_main.cpp(117)]..2023 06/27 09:41:50 [0d7c : 1a4c] (D) [EndpointBasecamp.exe]xBaseCamp::XBC_Main::try_service_gateway_and_proxy

                                                                                                                                                                                    C:\Windows\ServiceProfiles\LocalService\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):2583
                                                                                                                                                                                    Entropy (8bit):4.9697986369741445
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:5nL4sTeegaiJpfd8ewgm63QmncUJ3t30rPzDA0GJBjUFtlTFeolVK1W7mTJf/7J0:xL4sTtgjDfiewgm63QmcUxl01G6tTeoN
                                                                                                                                                                                    MD5:B85E9A4702D1EEE70CA0B91AB0BD8110
                                                                                                                                                                                    SHA1:9BE136BF0625D12E69B5F440892C67DD76ED2363
                                                                                                                                                                                    SHA-256:4C365648A2AF6EA1B81DF89BD9BA18082D9475218CF609C0E72EAB72157C4F9C
                                                                                                                                                                                    SHA-512:66931D4BD97531B12609E11A78F81BEA25215C0CFC83DDC42290B27E6A808D7702DE6585D826788763BC9823C038BCB904109FCAD10731D28E58EC10BEFE3026
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                                                                    Preview:.{. "AFSEnvironment" : 0,. "AFSUrl" : "https://activity.windows.com",. "AccountSettings" : [],. "AfcDefaultUser" : "",. "AfcPrivacySettings" : {. "ActivityFeed" : 0,. "CloudSync" : 0,. "PublishUserActivity" : 0,. "UploadUserActivity" : 1. },. "AfsConnectivityEnabled" : true,. "AfsPostInitializeSyncWaitMs" : 10000,. "AfsSyncFrequencyMs" : 86400000,. "Authentication.Environment" : 0,. "BluetoothTransportEnabled" : true,. "BluetoothTransportHostingAllowed" : true,. "CcsApiVersion" : "/api/v1",. "CcsDefaultServerName" : "romeccs.microsoft.com",. "CcsPollingEnabled" : false,. "CcsPollingInterval" : 0,. "CcsSeenRequestIds" : [],. "CcsSeenRequestIdsLastUpdatedTime" : "0000-00-00T00:00:00.000",. "Cloud.SessionIdleTimeoutIntervalSecs" : 3600,. "CloudDataGroupPolicyActivitiyPolicies" : [],. "CloudDataMDMActivitiyPolicies" : [],. "CloudTransportEnabled" : true,. "CloudTransportHostingAllowed" : true,. "CustomAuthClsid" : "",.

                                                                                                                                                                                    C:\Windows\ServiceProfiles\LocalService\AppData\Local\ConnectedDevicesPlatform\L.user.cdp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                    Category:modified
                                                                                                                                                                                    Size (bytes):945
                                                                                                                                                                                    Entropy (8bit):4.866171292496828
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24:oVcATnwlThXGpA781cL1/ybNhYmXG2mXG784zZGUQUXGoXp:mpMdB0AI1cx/yb1GXGIIjQOzp
                                                                                                                                                                                    MD5:79C54D3085B4B6CC9BB9BAEA9D6D800C
                                                                                                                                                                                    SHA1:6B5A016FBF698571DB5C2FC08B5CC0C430125461
                                                                                                                                                                                    SHA-256:D40D99A986C0164F82F1555074D9B82E7082EB967B7F82A40F11EE090ABC4A4E
                                                                                                                                                                                    SHA-512:14C8CB091360465C00FE27EFAB161F8F0B946AAB30BDB4D0F4E62E54629435CA8EECFB8719AD0D70A09ED65A572DAF5F9473F085A4ECD1030147FF303A66FC8C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:.{. "AfcDatabaseSettings" : {. "DatabaseInstanceId" : 0,. "LastUpdated" : "2023-06-27T08:29:57.877". },. "AfsActivityTypes" : [],. "AfsChannelUri" : "",. "AfsEnvironment" : "",. "AfsSubscriptionId" : "",. "AfsSubscriptionUpdateTime" : "0000-00-00T00:00:00.000",. "BaseRegisteredInfoHash" : "",. "CNCNotificationUri" : "",. "CNCNotificationUriExpirationTime" : "0000-00-00T00:00:00.000",. "CNCNotificationUriLastSynced" : "0000-00-00T00:00:00.000",. "DdsRegistrationExpiryTickCount" : 2038997246880,. "Devices" : [],. "FormatVersion" : 12,. "LastRegisteredNotificationUri" : "",. "LastRegisteredNotificationUriExpirationTime" : "0000-00-00T00:00:00.000",. "LastSyncedTime" : "0000-00-00T00:00:00.000",. "LogicalDeviceId" : "",. "NextDataEncryptionKeyRolloverTime" : "0000-00-00T00:00:00.000",. "RegisteredInfoHash" : "",. "RegisteredWithStrongAuth" : false,. "StableUserId" : "L.user".}.

                                                                                                                                                                                    \Device\ConDrv

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exe
                                                                                                                                                                                    File Type:ASCII text, with CR, LF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1769
                                                                                                                                                                                    Entropy (8bit):2.475775315394271
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24:v5N/KnN/15/15/15/15/15/15/15/15/15/15/15/15/15/15/15/15/15/15/1G:X/KNffffffffffffffffffffffffI
                                                                                                                                                                                    MD5:597EA5D7BAFCC53894A866432D7350B3
                                                                                                                                                                                    SHA1:B70BF6E2F92D0F0FB5023BEC77D112E16DC5FB1F
                                                                                                                                                                                    SHA-256:AAA2D2ED29E9038B086E37C13977B3FB94F25B0D003FA8CDF56CA6FE2FE52CD5
                                                                                                                                                                                    SHA-512:9E4DE10FA3CB271E751468CE711E1E4F6A4F5670335735425C0EA0E979F33B8EFC7DD9D77EF911D04E46A26DBE9660533A74BA54B507C79677410E6E99A413F2
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:..No Service Gateway or proxy available. Establishing a direct connection..Executing Trend Micro Endpoint Basecamp......[ ] 0% actions completed.[ ] 0% actions completed.[ ] 0% actions completed.[ ] 0% actions completed.[ ] 0% actions completed.[ ] 0% actions completed.[ ] 0% actions completed.[ ] 0% actions completed.[ ] 0% actions completed.[ ] 0% actions completed.[ ] 0% actions completed.[ ] 0% actions completed.[ ] 0% actions completed.[

                                                                                                                                                                                    Static File Info

                                                                                                                                                                                    General

                                                                                                                                                                                    File type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                    Entropy (8bit):7.999842803419388
                                                                                                                                                                                    TrID:
                                                                                                                                                                                    • ZIP compressed archive (8000/1) 100.00%
                                                                                                                                                                                    File name:MDE_File_Sample_2e8af1680bf59a7e23cb35e16cfa1b28a5cef9e8.zip
                                                                                                                                                                                    File size:1'266'638 bytes
                                                                                                                                                                                    MD5:af3e71c7756cb6c75746de36270858a1
                                                                                                                                                                                    SHA1:13d2f0a5bda4e14e1811f29fa0fe2f19f5d323f1
                                                                                                                                                                                    SHA256:e9ceeb05f2c4e8eada9cfc8bae2b3a691be5822ea26857b4f69762f28d6ac788
                                                                                                                                                                                    SHA512:e786bb94494b51e69696acba7afe4ff7169460a9b90c21166c146704cb8f2f0e05362102f3c8b8d0ed7cfcbd270677fa93b72015b6b40326484289585952fbca
                                                                                                                                                                                    SSDEEP:24576:ky4LXOSVWv+u3hfjeYoSH5ncCmvTLoo/zUhLaZwPEf4:kXWvrzoSZcCMTf7UhL4wPk4
                                                                                                                                                                                    TLSH:2B453396AF0D89E30EF40B960C907BC920634B7E908B57D7F678A258977D4E39CE4187
                                                                                                                                                                                    File Content Preview:PK........A-.V.0n..S...b2...$.wBbo19Zh5pD.zip.. .........!6...... 6.......6.......+.....]..Zx..F....r...B.Y.!..}..].".RV.PoGV0G4.U..d.E..f.7&..RxB8.t..>.i.X.6..@...K]5WW.|.O...Y....5...:...........).O..5y..S..D.s.|..HD.a .V.x.q&.A...tq...O_*.....\r.;..^..

                                                                                                                                                                                    File Icon

                                                                                                                                                                                    Icon Hash:1c1c1e4e4ececedc

                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                    Download Network PCAP: filteredfull

                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                    • Total Packets: 221
                                                                                                                                                                                    • 443 (HTTPS)
                                                                                                                                                                                    • 53 (DNS)
                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                    Jun 27, 2023 08:30:45.481667995 CEST49748443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:30:45.481740952 CEST443497483.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:45.481875896 CEST49748443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:30:45.492130041 CEST49748443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:30:45.492180109 CEST443497483.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:45.575946093 CEST443497483.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:45.576128960 CEST49748443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:30:45.586489916 CEST49748443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:30:45.586513996 CEST443497483.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:45.586884022 CEST443497483.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:45.627259016 CEST49748443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:30:45.964250088 CEST49748443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:30:45.964365959 CEST49748443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:30:45.964589119 CEST443497483.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:46.073860884 CEST443497483.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:46.074227095 CEST443497483.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:46.074341059 CEST49748443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:30:46.081177950 CEST49748443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:30:46.081222057 CEST443497483.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:46.081305981 CEST49748443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:30:46.081324100 CEST443497483.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:52.808020115 CEST49749443192.168.2.33.123.174.180
                                                                                                                                                                                    Jun 27, 2023 08:30:52.808110952 CEST443497493.123.174.180192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:52.808278084 CEST49749443192.168.2.33.123.174.180
                                                                                                                                                                                    Jun 27, 2023 08:30:52.811218023 CEST49749443192.168.2.33.123.174.180
                                                                                                                                                                                    Jun 27, 2023 08:30:52.811259031 CEST443497493.123.174.180192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:52.881552935 CEST443497493.123.174.180192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:52.881679058 CEST49749443192.168.2.33.123.174.180
                                                                                                                                                                                    Jun 27, 2023 08:30:52.887943983 CEST49749443192.168.2.33.123.174.180
                                                                                                                                                                                    Jun 27, 2023 08:30:52.887962103 CEST443497493.123.174.180192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:52.888389111 CEST443497493.123.174.180192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:52.928834915 CEST49749443192.168.2.33.123.174.180
                                                                                                                                                                                    Jun 27, 2023 08:30:53.061646938 CEST49749443192.168.2.33.123.174.180
                                                                                                                                                                                    Jun 27, 2023 08:30:53.061713934 CEST49749443192.168.2.33.123.174.180
                                                                                                                                                                                    Jun 27, 2023 08:30:53.061810970 CEST443497493.123.174.180192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.102999926 CEST443497493.123.174.180192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.103156090 CEST443497493.123.174.180192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.103236914 CEST49749443192.168.2.33.123.174.180
                                                                                                                                                                                    Jun 27, 2023 08:30:53.103318930 CEST49749443192.168.2.33.123.174.180
                                                                                                                                                                                    Jun 27, 2023 08:30:53.103339911 CEST443497493.123.174.180192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.225018978 CEST49750443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:30:53.225081921 CEST443497503.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.225198984 CEST49750443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:30:53.226118088 CEST49750443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:30:53.226140022 CEST443497503.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.276889086 CEST443497503.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.277043104 CEST49750443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:30:53.280280113 CEST49750443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:30:53.280303001 CEST443497503.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.281028986 CEST443497503.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.284509897 CEST49750443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:30:53.284632921 CEST49750443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:30:53.284647942 CEST443497503.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.361088991 CEST443497503.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.361263037 CEST443497503.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.361378908 CEST49750443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:30:53.362215996 CEST49750443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:30:53.362246990 CEST443497503.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.362274885 CEST49750443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:30:53.362289906 CEST443497503.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.561707973 CEST49751443192.168.2.318.198.47.153
                                                                                                                                                                                    Jun 27, 2023 08:30:53.561794043 CEST4434975118.198.47.153192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.561903000 CEST49751443192.168.2.318.198.47.153
                                                                                                                                                                                    Jun 27, 2023 08:30:53.562525034 CEST49751443192.168.2.318.198.47.153
                                                                                                                                                                                    Jun 27, 2023 08:30:53.562561035 CEST4434975118.198.47.153192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.637336969 CEST4434975118.198.47.153192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.637475967 CEST49751443192.168.2.318.198.47.153
                                                                                                                                                                                    Jun 27, 2023 08:30:53.663213015 CEST49751443192.168.2.318.198.47.153
                                                                                                                                                                                    Jun 27, 2023 08:30:53.663261890 CEST4434975118.198.47.153192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.664140940 CEST4434975118.198.47.153192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.690439939 CEST49751443192.168.2.318.198.47.153
                                                                                                                                                                                    Jun 27, 2023 08:30:53.692003012 CEST49751443192.168.2.318.198.47.153
                                                                                                                                                                                    Jun 27, 2023 08:30:53.692029953 CEST4434975118.198.47.153192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.712155104 CEST49752443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:30:53.712238073 CEST4434975235.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.712348938 CEST49752443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:30:53.713229895 CEST49752443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:30:53.713268042 CEST4434975235.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.713957071 CEST4434975118.198.47.153192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.714152098 CEST49751443192.168.2.318.198.47.153
                                                                                                                                                                                    Jun 27, 2023 08:30:53.714210987 CEST49751443192.168.2.318.198.47.153
                                                                                                                                                                                    Jun 27, 2023 08:30:53.714502096 CEST4434975118.198.47.153192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.714586973 CEST4434975118.198.47.153192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.714701891 CEST49751443192.168.2.318.198.47.153
                                                                                                                                                                                    Jun 27, 2023 08:30:53.789072037 CEST4434975235.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.789176941 CEST49752443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:30:53.802016973 CEST49752443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:30:53.802047968 CEST4434975235.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.802777052 CEST4434975235.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.811512947 CEST49752443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:30:53.811564922 CEST49752443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:30:53.811767101 CEST4434975235.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.912707090 CEST4434975235.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.912898064 CEST4434975235.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.913475990 CEST49752443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:30:53.914233923 CEST49752443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:30:53.914273024 CEST4434975235.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.914298058 CEST49752443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:30:53.914314985 CEST4434975235.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:54.129481077 CEST49753443192.168.2.33.122.217.205
                                                                                                                                                                                    Jun 27, 2023 08:30:54.129542112 CEST443497533.122.217.205192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:54.129718065 CEST49753443192.168.2.33.122.217.205
                                                                                                                                                                                    Jun 27, 2023 08:30:54.130465984 CEST49753443192.168.2.33.122.217.205
                                                                                                                                                                                    Jun 27, 2023 08:30:54.130501032 CEST443497533.122.217.205192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:54.206760883 CEST443497533.122.217.205192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:54.206887960 CEST49753443192.168.2.33.122.217.205
                                                                                                                                                                                    Jun 27, 2023 08:30:54.211783886 CEST49753443192.168.2.33.122.217.205
                                                                                                                                                                                    Jun 27, 2023 08:30:54.211798906 CEST443497533.122.217.205192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:54.212272882 CEST443497533.122.217.205192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:54.236097097 CEST49753443192.168.2.33.122.217.205
                                                                                                                                                                                    Jun 27, 2023 08:30:54.236097097 CEST49753443192.168.2.33.122.217.205
                                                                                                                                                                                    Jun 27, 2023 08:30:54.236155987 CEST443497533.122.217.205192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:54.259013891 CEST443497533.122.217.205192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:54.261436939 CEST49753443192.168.2.33.122.217.205
                                                                                                                                                                                    Jun 27, 2023 08:30:54.261496067 CEST49753443192.168.2.33.122.217.205
                                                                                                                                                                                    Jun 27, 2023 08:30:54.261811972 CEST443497533.122.217.205192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:54.261885881 CEST443497533.122.217.205192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:54.261984110 CEST49753443192.168.2.33.122.217.205
                                                                                                                                                                                    Jun 27, 2023 08:30:54.458595991 CEST49754443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:30:54.458679914 CEST443497543.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:54.458776951 CEST49754443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:30:54.459585905 CEST49754443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:30:54.459621906 CEST443497543.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:54.535896063 CEST443497543.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:54.536104918 CEST49754443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:30:54.540242910 CEST49754443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:30:54.540280104 CEST443497543.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:54.540847063 CEST443497543.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:54.542725086 CEST49754443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:30:54.542891979 CEST49754443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:30:54.542921066 CEST443497543.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:54.637808084 CEST443497543.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:54.637979031 CEST443497543.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:54.638097048 CEST49754443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:30:54.650094986 CEST49754443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:30:54.650142908 CEST443497543.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:54.650172949 CEST49754443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:30:54.650187969 CEST443497543.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:54.891191959 CEST49755443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:30:54.891241074 CEST4434975518.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:54.891350031 CEST49755443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:30:54.892606020 CEST49755443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:30:54.892632961 CEST4434975518.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:54.969024897 CEST4434975518.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:54.969180107 CEST49755443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:30:54.999481916 CEST49755443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:30:54.999536037 CEST4434975518.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:55.000392914 CEST4434975518.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:55.002609968 CEST49755443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:30:55.002650023 CEST49755443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:30:55.002667904 CEST4434975518.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:55.025571108 CEST4434975518.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:55.027422905 CEST49755443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:30:55.027468920 CEST49755443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:30:55.027869940 CEST4434975518.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:55.027978897 CEST4434975518.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:55.028057098 CEST49755443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:30:55.240741014 CEST49756443192.168.2.33.122.217.205
                                                                                                                                                                                    Jun 27, 2023 08:30:55.240803003 CEST443497563.122.217.205192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:55.240926027 CEST49756443192.168.2.33.122.217.205
                                                                                                                                                                                    Jun 27, 2023 08:30:55.241627932 CEST49756443192.168.2.33.122.217.205
                                                                                                                                                                                    Jun 27, 2023 08:30:55.241663933 CEST443497563.122.217.205192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:55.293940067 CEST443497563.122.217.205192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:55.294078112 CEST49756443192.168.2.33.122.217.205
                                                                                                                                                                                    Jun 27, 2023 08:30:55.295779943 CEST49756443192.168.2.33.122.217.205
                                                                                                                                                                                    Jun 27, 2023 08:30:55.295802116 CEST443497563.122.217.205192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:55.296475887 CEST443497563.122.217.205192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:55.301465988 CEST49756443192.168.2.33.122.217.205
                                                                                                                                                                                    Jun 27, 2023 08:30:55.301527977 CEST49756443192.168.2.33.122.217.205
                                                                                                                                                                                    Jun 27, 2023 08:30:55.301542044 CEST443497563.122.217.205192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:55.382313013 CEST443497563.122.217.205192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:55.382481098 CEST443497563.122.217.205192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:55.382601976 CEST49756443192.168.2.33.122.217.205
                                                                                                                                                                                    Jun 27, 2023 08:30:55.383549929 CEST49756443192.168.2.33.122.217.205
                                                                                                                                                                                    Jun 27, 2023 08:30:55.383584976 CEST443497563.122.217.205192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:55.383618116 CEST49756443192.168.2.33.122.217.205
                                                                                                                                                                                    Jun 27, 2023 08:30:55.383634090 CEST443497563.122.217.205192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:01.989610910 CEST49757443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:01.989686012 CEST4434975718.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:01.989809990 CEST49757443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:01.991219044 CEST49757443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:01.991241932 CEST4434975718.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:02.044276953 CEST4434975718.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:02.044445038 CEST49757443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:02.046775103 CEST49757443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:02.046801090 CEST4434975718.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:02.047633886 CEST4434975718.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:02.049415112 CEST49757443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:02.049416065 CEST49757443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:02.049598932 CEST4434975718.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:02.072487116 CEST4434975718.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:02.072993994 CEST49757443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:02.073060036 CEST49757443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:02.073352098 CEST4434975718.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:02.073429108 CEST4434975718.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:02.073607922 CEST49757443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:02.290129900 CEST49758443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:31:02.290191889 CEST443497583.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:02.290298939 CEST49758443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:31:02.291517019 CEST49758443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:31:02.291554928 CEST443497583.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:02.338891029 CEST443497583.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:02.339106083 CEST49758443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:31:02.347214937 CEST49758443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:31:02.347258091 CEST443497583.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:02.347668886 CEST443497583.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:02.349811077 CEST49758443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:31:02.349931002 CEST49758443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:31:02.349946022 CEST443497583.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:02.431194067 CEST443497583.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:02.431320906 CEST443497583.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:02.431413889 CEST49758443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:31:02.432717085 CEST49758443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:31:02.432765007 CEST443497583.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:02.432796955 CEST49758443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:31:02.432812929 CEST443497583.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:14.551448107 CEST49759443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:14.551495075 CEST4434975918.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:14.551661968 CEST49759443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:14.553145885 CEST49759443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:14.553174973 CEST4434975918.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:14.601950884 CEST4434975918.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:14.602102995 CEST49759443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:14.610490084 CEST49759443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:14.610510111 CEST4434975918.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:14.611165047 CEST4434975918.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:14.612914085 CEST49759443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:14.613013983 CEST49759443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:14.613030910 CEST4434975918.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:14.635940075 CEST4434975918.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:14.636173964 CEST49759443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:14.636209965 CEST49759443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:14.636547089 CEST4434975918.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:14.636643887 CEST4434975918.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:14.636723042 CEST49759443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:14.847558975 CEST49760443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:31:14.847624063 CEST4434976035.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:14.847752094 CEST49760443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:31:14.851195097 CEST49760443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:31:14.851238012 CEST4434976035.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:14.902417898 CEST4434976035.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:14.902576923 CEST49760443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:31:14.906552076 CEST49760443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:31:14.906572104 CEST4434976035.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:14.907368898 CEST4434976035.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:14.909425020 CEST49760443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:31:14.909466982 CEST49760443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:31:14.909482956 CEST4434976035.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:14.981765032 CEST4434976035.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:14.981941938 CEST4434976035.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:14.982063055 CEST49760443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:31:14.984951019 CEST49760443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:31:14.984992027 CEST4434976035.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:14.985018015 CEST49760443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:31:14.985033035 CEST4434976035.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:15.157219887 CEST49761443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:31:15.157279968 CEST443497613.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:15.157581091 CEST49761443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:31:15.158457994 CEST49761443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:31:15.158499002 CEST443497613.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:15.209906101 CEST443497613.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:15.210021973 CEST49761443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:31:15.213171959 CEST49761443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:31:15.213193893 CEST443497613.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:15.213720083 CEST443497613.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:15.215466022 CEST49761443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:31:15.215533972 CEST49761443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:31:15.215548992 CEST443497613.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:15.286745071 CEST443497613.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:15.286931038 CEST443497613.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:15.286983967 CEST49761443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:31:15.287029028 CEST443497613.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:15.287071943 CEST49761443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:31:15.287071943 CEST49761443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:31:15.287091017 CEST443497613.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:15.287106991 CEST443497613.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:15.512254953 CEST49762443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:31:15.512326002 CEST443497623.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:15.512557983 CEST49762443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:31:15.514972925 CEST49762443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:31:15.515003920 CEST443497623.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:15.566001892 CEST443497623.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:15.566240072 CEST49762443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:31:15.570256948 CEST49762443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:31:15.570293903 CEST443497623.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:15.570997000 CEST443497623.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:15.574965000 CEST49762443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:31:15.575174093 CEST49762443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:31:15.575192928 CEST443497623.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:15.648226976 CEST443497623.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:15.648407936 CEST443497623.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:15.648550987 CEST49762443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:31:15.649244070 CEST49762443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:31:15.649300098 CEST443497623.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:15.649327040 CEST49762443192.168.2.33.123.46.19
                                                                                                                                                                                    Jun 27, 2023 08:31:15.649343014 CEST443497623.123.46.19192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:17.491247892 CEST49763443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:17.491306067 CEST4434976318.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:17.491430998 CEST49763443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:17.492587090 CEST49763443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:17.492633104 CEST4434976318.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:17.543437958 CEST4434976318.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:17.543632984 CEST49763443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:17.547856092 CEST49763443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:17.547883034 CEST4434976318.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:17.548439026 CEST4434976318.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:17.552547932 CEST49763443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:17.552671909 CEST49763443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:17.552687883 CEST4434976318.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:17.574742079 CEST4434976318.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:17.575098991 CEST49763443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:17.575221062 CEST49763443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:17.575417042 CEST4434976318.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:17.575506926 CEST4434976318.158.200.227192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:17.575660944 CEST49763443192.168.2.318.158.200.227
                                                                                                                                                                                    Jun 27, 2023 08:31:17.828314066 CEST49764443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:31:17.828360081 CEST443497643.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:17.828454971 CEST49764443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:31:17.829493046 CEST49764443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:31:17.829528093 CEST443497643.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:17.881063938 CEST443497643.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:17.881237030 CEST49764443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:31:17.886483908 CEST49764443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:31:17.886529922 CEST443497643.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:17.887383938 CEST443497643.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:17.889530897 CEST49764443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:31:17.889641047 CEST49764443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:31:17.889662981 CEST443497643.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:17.962646961 CEST443497643.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:17.962832928 CEST443497643.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:17.962953091 CEST49764443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:31:17.964616060 CEST49764443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:31:17.964656115 CEST443497643.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:17.964685917 CEST49764443192.168.2.33.121.204.45
                                                                                                                                                                                    Jun 27, 2023 08:31:17.964700937 CEST443497643.121.204.45192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:18.127681971 CEST49765443192.168.2.33.123.174.180
                                                                                                                                                                                    Jun 27, 2023 08:31:18.127748966 CEST443497653.123.174.180192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:18.127870083 CEST49765443192.168.2.33.123.174.180
                                                                                                                                                                                    Jun 27, 2023 08:31:18.129384995 CEST49765443192.168.2.33.123.174.180
                                                                                                                                                                                    Jun 27, 2023 08:31:18.129420996 CEST443497653.123.174.180192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:18.180746078 CEST443497653.123.174.180192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:18.180922031 CEST49765443192.168.2.33.123.174.180
                                                                                                                                                                                    Jun 27, 2023 08:31:18.184259892 CEST49765443192.168.2.33.123.174.180
                                                                                                                                                                                    Jun 27, 2023 08:31:18.184319973 CEST443497653.123.174.180192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:18.184845924 CEST443497653.123.174.180192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:18.186858892 CEST49765443192.168.2.33.123.174.180
                                                                                                                                                                                    Jun 27, 2023 08:31:18.186924934 CEST49765443192.168.2.33.123.174.180
                                                                                                                                                                                    Jun 27, 2023 08:31:18.186944008 CEST443497653.123.174.180192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:18.265466928 CEST443497653.123.174.180192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:18.265631914 CEST443497653.123.174.180192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:18.265779972 CEST49765443192.168.2.33.123.174.180
                                                                                                                                                                                    Jun 27, 2023 08:31:18.266002893 CEST49765443192.168.2.33.123.174.180
                                                                                                                                                                                    Jun 27, 2023 08:31:18.266056061 CEST443497653.123.174.180192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:18.266083002 CEST49765443192.168.2.33.123.174.180
                                                                                                                                                                                    Jun 27, 2023 08:31:18.266098976 CEST443497653.123.174.180192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:18.488240004 CEST49766443192.168.2.33.123.64.229
                                                                                                                                                                                    Jun 27, 2023 08:31:18.488329887 CEST443497663.123.64.229192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:18.488426924 CEST49766443192.168.2.33.123.64.229
                                                                                                                                                                                    Jun 27, 2023 08:31:18.489567995 CEST49766443192.168.2.33.123.64.229
                                                                                                                                                                                    Jun 27, 2023 08:31:18.489603996 CEST443497663.123.64.229192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:18.563915014 CEST443497663.123.64.229192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:18.564133883 CEST49766443192.168.2.33.123.64.229
                                                                                                                                                                                    Jun 27, 2023 08:31:18.568792105 CEST49766443192.168.2.33.123.64.229
                                                                                                                                                                                    Jun 27, 2023 08:31:18.568820000 CEST443497663.123.64.229192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:18.569380999 CEST443497663.123.64.229192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:18.573487997 CEST49766443192.168.2.33.123.64.229
                                                                                                                                                                                    Jun 27, 2023 08:31:18.573704958 CEST49766443192.168.2.33.123.64.229
                                                                                                                                                                                    Jun 27, 2023 08:31:18.573720932 CEST443497663.123.64.229192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:18.660339117 CEST443497663.123.64.229192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:18.660511017 CEST443497663.123.64.229192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:18.660648108 CEST49766443192.168.2.33.123.64.229
                                                                                                                                                                                    Jun 27, 2023 08:31:18.674422026 CEST49766443192.168.2.33.123.64.229
                                                                                                                                                                                    Jun 27, 2023 08:31:18.674475908 CEST443497663.123.64.229192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:18.674510956 CEST49766443192.168.2.33.123.64.229
                                                                                                                                                                                    Jun 27, 2023 08:31:18.674527884 CEST443497663.123.64.229192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:19.796406031 CEST49767443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:31:19.796487093 CEST4434976735.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:19.796658993 CEST49767443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:31:19.800324917 CEST49767443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:31:19.800364017 CEST4434976735.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:19.850370884 CEST4434976735.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:19.850678921 CEST49767443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:31:19.854635954 CEST49767443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:31:19.854672909 CEST4434976735.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:19.855201960 CEST4434976735.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:19.882213116 CEST49767443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:31:19.882308006 CEST49767443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:31:19.882332087 CEST4434976735.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:19.933069944 CEST4434976735.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:19.933235884 CEST4434976735.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:19.933392048 CEST49767443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:31:19.935453892 CEST49767443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:31:19.935483932 CEST4434976735.156.105.124192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:19.935559988 CEST49767443192.168.2.335.156.105.124
                                                                                                                                                                                    Jun 27, 2023 08:31:19.935578108 CEST4434976735.156.105.124192.168.2.3
                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                    Jun 27, 2023 08:30:45.448935032 CEST5294553192.168.2.31.1.1.1
                                                                                                                                                                                    Jun 27, 2023 08:30:45.467022896 CEST53529451.1.1.1192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:52.775681019 CEST6275953192.168.2.31.1.1.1
                                                                                                                                                                                    Jun 27, 2023 08:30:52.793334007 CEST53627591.1.1.1192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.205665112 CEST6474953192.168.2.31.1.1.1
                                                                                                                                                                                    Jun 27, 2023 08:30:53.223089933 CEST53647491.1.1.1192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.534595013 CEST6475553192.168.2.31.1.1.1
                                                                                                                                                                                    Jun 27, 2023 08:30:53.552515030 CEST53647551.1.1.1192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:53.637397051 CEST5060153192.168.2.31.1.1.1
                                                                                                                                                                                    Jun 27, 2023 08:30:53.655029058 CEST53506011.1.1.1192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:54.109236956 CEST5356353192.168.2.31.1.1.1
                                                                                                                                                                                    Jun 27, 2023 08:30:54.128240108 CEST53535631.1.1.1192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:54.438848972 CEST5268853192.168.2.31.1.1.1
                                                                                                                                                                                    Jun 27, 2023 08:30:54.455916882 CEST53526881.1.1.1192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:54.869175911 CEST5887453192.168.2.31.1.1.1
                                                                                                                                                                                    Jun 27, 2023 08:30:54.886601925 CEST53588741.1.1.1192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:30:55.218529940 CEST6521653192.168.2.31.1.1.1
                                                                                                                                                                                    Jun 27, 2023 08:30:55.235793114 CEST53652161.1.1.1192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:01.961462021 CEST5060553192.168.2.31.1.1.1
                                                                                                                                                                                    Jun 27, 2023 08:31:01.979819059 CEST53506051.1.1.1192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:02.270231962 CEST5517253192.168.2.31.1.1.1
                                                                                                                                                                                    Jun 27, 2023 08:31:02.287915945 CEST53551721.1.1.1192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:14.531723022 CEST5496853192.168.2.31.1.1.1
                                                                                                                                                                                    Jun 27, 2023 08:31:14.548999071 CEST53549681.1.1.1192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:14.828002930 CEST6036953192.168.2.31.1.1.1
                                                                                                                                                                                    Jun 27, 2023 08:31:14.846050978 CEST53603691.1.1.1192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:15.138231039 CEST4983453192.168.2.31.1.1.1
                                                                                                                                                                                    Jun 27, 2023 08:31:15.155761003 CEST53498341.1.1.1192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:15.490854025 CEST5717353192.168.2.31.1.1.1
                                                                                                                                                                                    Jun 27, 2023 08:31:15.508492947 CEST53571731.1.1.1192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:17.471688032 CEST6059753192.168.2.31.1.1.1
                                                                                                                                                                                    Jun 27, 2023 08:31:17.489342928 CEST53605971.1.1.1192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:17.808749914 CEST4994053192.168.2.31.1.1.1
                                                                                                                                                                                    Jun 27, 2023 08:31:17.826463938 CEST53499401.1.1.1192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:18.108700991 CEST6029553192.168.2.31.1.1.1
                                                                                                                                                                                    Jun 27, 2023 08:31:18.126013041 CEST53602951.1.1.1192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:18.468105078 CEST5867753192.168.2.31.1.1.1
                                                                                                                                                                                    Jun 27, 2023 08:31:18.486371040 CEST53586771.1.1.1192.168.2.3
                                                                                                                                                                                    Jun 27, 2023 08:31:19.773952961 CEST5117253192.168.2.31.1.1.1
                                                                                                                                                                                    Jun 27, 2023 08:31:19.792507887 CEST53511721.1.1.1192.168.2.3

                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                    Jun 27, 2023 08:30:45.448935032 CEST192.168.2.31.1.1.10xec90Standard query (0)api-eu1.xbc.trendmicro.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:52.775681019 CEST192.168.2.31.1.1.10xe518Standard query (0)api-eu1.xbc.trendmicro.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:53.205665112 CEST192.168.2.31.1.1.10x39a3Standard query (0)api-eu1.xbc.trendmicro.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:53.534595013 CEST192.168.2.31.1.1.10xec28Standard query (0)api-eu1.xbc.trendmicro.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:53.637397051 CEST192.168.2.31.1.1.10xe719Standard query (0)api-eu1.xbc.trendmicro.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:54.109236956 CEST192.168.2.31.1.1.10x5f71Standard query (0)api-eu1.xbc.trendmicro.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:54.438848972 CEST192.168.2.31.1.1.10x815eStandard query (0)api-eu1.xbc.trendmicro.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:54.869175911 CEST192.168.2.31.1.1.10x674cStandard query (0)api-eu1.xbc.trendmicro.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:55.218529940 CEST192.168.2.31.1.1.10xec9cStandard query (0)api-eu1.xbc.trendmicro.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:01.961462021 CEST192.168.2.31.1.1.10xbe35Standard query (0)api-eu1.xbc.trendmicro.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:02.270231962 CEST192.168.2.31.1.1.10x5fdaStandard query (0)api-eu1.xbc.trendmicro.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:14.531723022 CEST192.168.2.31.1.1.10xc1ffStandard query (0)api-eu1.xbc.trendmicro.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:14.828002930 CEST192.168.2.31.1.1.10x8990Standard query (0)api-eu1.xbc.trendmicro.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:15.138231039 CEST192.168.2.31.1.1.10xf197Standard query (0)api-eu1.xbc.trendmicro.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:15.490854025 CEST192.168.2.31.1.1.10xe942Standard query (0)api-eu1.xbc.trendmicro.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:17.471688032 CEST192.168.2.31.1.1.10x75d4Standard query (0)api-eu1.xbc.trendmicro.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:17.808749914 CEST192.168.2.31.1.1.10x4cc3Standard query (0)api-eu1.xbc.trendmicro.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:18.108700991 CEST192.168.2.31.1.1.10x6458Standard query (0)api-eu1.xbc.trendmicro.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:18.468105078 CEST192.168.2.31.1.1.10xd315Standard query (0)api-eu1.xbc.trendmicro.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:19.773952961 CEST192.168.2.31.1.1.10x59c4Standard query (0)api-eu1.xbc.trendmicro.comA (IP address)IN (0x0001)false

                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                    Jun 27, 2023 08:30:45.467022896 CEST1.1.1.1192.168.2.30xec90No error (0)api-eu1.xbc.trendmicro.com3.123.46.19A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:45.467022896 CEST1.1.1.1192.168.2.30xec90No error (0)api-eu1.xbc.trendmicro.com35.156.105.124A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:45.467022896 CEST1.1.1.1192.168.2.30xec90No error (0)api-eu1.xbc.trendmicro.com3.123.64.229A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:45.467022896 CEST1.1.1.1192.168.2.30xec90No error (0)api-eu1.xbc.trendmicro.com3.123.174.180A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:45.467022896 CEST1.1.1.1192.168.2.30xec90No error (0)api-eu1.xbc.trendmicro.com3.121.204.45A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:45.467022896 CEST1.1.1.1192.168.2.30xec90No error (0)api-eu1.xbc.trendmicro.com18.158.200.227A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:45.467022896 CEST1.1.1.1192.168.2.30xec90No error (0)api-eu1.xbc.trendmicro.com3.122.217.205A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:45.467022896 CEST1.1.1.1192.168.2.30xec90No error (0)api-eu1.xbc.trendmicro.com18.198.47.153A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:52.793334007 CEST1.1.1.1192.168.2.30xe518No error (0)api-eu1.xbc.trendmicro.com3.123.174.180A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:52.793334007 CEST1.1.1.1192.168.2.30xe518No error (0)api-eu1.xbc.trendmicro.com18.198.47.153A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:52.793334007 CEST1.1.1.1192.168.2.30xe518No error (0)api-eu1.xbc.trendmicro.com3.123.46.19A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:52.793334007 CEST1.1.1.1192.168.2.30xe518No error (0)api-eu1.xbc.trendmicro.com18.158.200.227A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:52.793334007 CEST1.1.1.1192.168.2.30xe518No error (0)api-eu1.xbc.trendmicro.com3.122.217.205A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:52.793334007 CEST1.1.1.1192.168.2.30xe518No error (0)api-eu1.xbc.trendmicro.com3.121.204.45A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:52.793334007 CEST1.1.1.1192.168.2.30xe518No error (0)api-eu1.xbc.trendmicro.com35.156.105.124A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:52.793334007 CEST1.1.1.1192.168.2.30xe518No error (0)api-eu1.xbc.trendmicro.com3.123.64.229A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:53.223089933 CEST1.1.1.1192.168.2.30x39a3No error (0)api-eu1.xbc.trendmicro.com3.123.46.19A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:53.223089933 CEST1.1.1.1192.168.2.30x39a3No error (0)api-eu1.xbc.trendmicro.com35.156.105.124A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:53.223089933 CEST1.1.1.1192.168.2.30x39a3No error (0)api-eu1.xbc.trendmicro.com3.123.174.180A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:53.223089933 CEST1.1.1.1192.168.2.30x39a3No error (0)api-eu1.xbc.trendmicro.com18.158.200.227A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:53.223089933 CEST1.1.1.1192.168.2.30x39a3No error (0)api-eu1.xbc.trendmicro.com3.121.204.45A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:53.223089933 CEST1.1.1.1192.168.2.30x39a3No error (0)api-eu1.xbc.trendmicro.com18.198.47.153A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:53.223089933 CEST1.1.1.1192.168.2.30x39a3No error (0)api-eu1.xbc.trendmicro.com3.123.64.229A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:53.223089933 CEST1.1.1.1192.168.2.30x39a3No error (0)api-eu1.xbc.trendmicro.com3.122.217.205A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:53.552515030 CEST1.1.1.1192.168.2.30xec28No error (0)api-eu1.xbc.trendmicro.com18.198.47.153A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:53.552515030 CEST1.1.1.1192.168.2.30xec28No error (0)api-eu1.xbc.trendmicro.com3.122.217.205A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:53.552515030 CEST1.1.1.1192.168.2.30xec28No error (0)api-eu1.xbc.trendmicro.com18.158.200.227A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:53.552515030 CEST1.1.1.1192.168.2.30xec28No error (0)api-eu1.xbc.trendmicro.com3.123.46.19A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:53.552515030 CEST1.1.1.1192.168.2.30xec28No error (0)api-eu1.xbc.trendmicro.com3.123.64.229A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:53.552515030 CEST1.1.1.1192.168.2.30xec28No error (0)api-eu1.xbc.trendmicro.com3.121.204.45A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:53.552515030 CEST1.1.1.1192.168.2.30xec28No error (0)api-eu1.xbc.trendmicro.com3.123.174.180A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:53.552515030 CEST1.1.1.1192.168.2.30xec28No error (0)api-eu1.xbc.trendmicro.com35.156.105.124A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:53.655029058 CEST1.1.1.1192.168.2.30xe719No error (0)api-eu1.xbc.trendmicro.com35.156.105.124A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:53.655029058 CEST1.1.1.1192.168.2.30xe719No error (0)api-eu1.xbc.trendmicro.com3.123.64.229A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:53.655029058 CEST1.1.1.1192.168.2.30xe719No error (0)api-eu1.xbc.trendmicro.com18.158.200.227A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:53.655029058 CEST1.1.1.1192.168.2.30xe719No error (0)api-eu1.xbc.trendmicro.com3.122.217.205A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:53.655029058 CEST1.1.1.1192.168.2.30xe719No error (0)api-eu1.xbc.trendmicro.com3.121.204.45A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:53.655029058 CEST1.1.1.1192.168.2.30xe719No error (0)api-eu1.xbc.trendmicro.com3.123.46.19A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:53.655029058 CEST1.1.1.1192.168.2.30xe719No error (0)api-eu1.xbc.trendmicro.com18.198.47.153A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:53.655029058 CEST1.1.1.1192.168.2.30xe719No error (0)api-eu1.xbc.trendmicro.com3.123.174.180A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:54.128240108 CEST1.1.1.1192.168.2.30x5f71No error (0)api-eu1.xbc.trendmicro.com3.122.217.205A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:54.128240108 CEST1.1.1.1192.168.2.30x5f71No error (0)api-eu1.xbc.trendmicro.com3.123.46.19A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:54.128240108 CEST1.1.1.1192.168.2.30x5f71No error (0)api-eu1.xbc.trendmicro.com18.158.200.227A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:54.128240108 CEST1.1.1.1192.168.2.30x5f71No error (0)api-eu1.xbc.trendmicro.com3.121.204.45A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:54.128240108 CEST1.1.1.1192.168.2.30x5f71No error (0)api-eu1.xbc.trendmicro.com3.123.174.180A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:54.128240108 CEST1.1.1.1192.168.2.30x5f71No error (0)api-eu1.xbc.trendmicro.com18.198.47.153A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:54.128240108 CEST1.1.1.1192.168.2.30x5f71No error (0)api-eu1.xbc.trendmicro.com35.156.105.124A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:54.128240108 CEST1.1.1.1192.168.2.30x5f71No error (0)api-eu1.xbc.trendmicro.com3.123.64.229A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:54.455916882 CEST1.1.1.1192.168.2.30x815eNo error (0)api-eu1.xbc.trendmicro.com3.121.204.45A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:54.455916882 CEST1.1.1.1192.168.2.30x815eNo error (0)api-eu1.xbc.trendmicro.com3.123.64.229A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:54.455916882 CEST1.1.1.1192.168.2.30x815eNo error (0)api-eu1.xbc.trendmicro.com3.123.174.180A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:54.455916882 CEST1.1.1.1192.168.2.30x815eNo error (0)api-eu1.xbc.trendmicro.com35.156.105.124A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:54.455916882 CEST1.1.1.1192.168.2.30x815eNo error (0)api-eu1.xbc.trendmicro.com3.122.217.205A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:54.455916882 CEST1.1.1.1192.168.2.30x815eNo error (0)api-eu1.xbc.trendmicro.com3.123.46.19A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:54.455916882 CEST1.1.1.1192.168.2.30x815eNo error (0)api-eu1.xbc.trendmicro.com18.198.47.153A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:54.455916882 CEST1.1.1.1192.168.2.30x815eNo error (0)api-eu1.xbc.trendmicro.com18.158.200.227A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:54.886601925 CEST1.1.1.1192.168.2.30x674cNo error (0)api-eu1.xbc.trendmicro.com18.158.200.227A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:54.886601925 CEST1.1.1.1192.168.2.30x674cNo error (0)api-eu1.xbc.trendmicro.com3.121.204.45A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:54.886601925 CEST1.1.1.1192.168.2.30x674cNo error (0)api-eu1.xbc.trendmicro.com3.123.46.19A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:54.886601925 CEST1.1.1.1192.168.2.30x674cNo error (0)api-eu1.xbc.trendmicro.com3.122.217.205A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:54.886601925 CEST1.1.1.1192.168.2.30x674cNo error (0)api-eu1.xbc.trendmicro.com3.123.64.229A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:54.886601925 CEST1.1.1.1192.168.2.30x674cNo error (0)api-eu1.xbc.trendmicro.com18.198.47.153A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:54.886601925 CEST1.1.1.1192.168.2.30x674cNo error (0)api-eu1.xbc.trendmicro.com3.123.174.180A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:54.886601925 CEST1.1.1.1192.168.2.30x674cNo error (0)api-eu1.xbc.trendmicro.com35.156.105.124A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:55.235793114 CEST1.1.1.1192.168.2.30xec9cNo error (0)api-eu1.xbc.trendmicro.com3.122.217.205A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:55.235793114 CEST1.1.1.1192.168.2.30xec9cNo error (0)api-eu1.xbc.trendmicro.com35.156.105.124A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:55.235793114 CEST1.1.1.1192.168.2.30xec9cNo error (0)api-eu1.xbc.trendmicro.com3.123.64.229A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:55.235793114 CEST1.1.1.1192.168.2.30xec9cNo error (0)api-eu1.xbc.trendmicro.com18.158.200.227A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:55.235793114 CEST1.1.1.1192.168.2.30xec9cNo error (0)api-eu1.xbc.trendmicro.com3.123.174.180A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:55.235793114 CEST1.1.1.1192.168.2.30xec9cNo error (0)api-eu1.xbc.trendmicro.com3.123.46.19A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:55.235793114 CEST1.1.1.1192.168.2.30xec9cNo error (0)api-eu1.xbc.trendmicro.com18.198.47.153A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:30:55.235793114 CEST1.1.1.1192.168.2.30xec9cNo error (0)api-eu1.xbc.trendmicro.com3.121.204.45A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:01.979819059 CEST1.1.1.1192.168.2.30xbe35No error (0)api-eu1.xbc.trendmicro.com18.158.200.227A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:01.979819059 CEST1.1.1.1192.168.2.30xbe35No error (0)api-eu1.xbc.trendmicro.com3.121.204.45A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:01.979819059 CEST1.1.1.1192.168.2.30xbe35No error (0)api-eu1.xbc.trendmicro.com18.198.47.153A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:01.979819059 CEST1.1.1.1192.168.2.30xbe35No error (0)api-eu1.xbc.trendmicro.com3.123.64.229A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:01.979819059 CEST1.1.1.1192.168.2.30xbe35No error (0)api-eu1.xbc.trendmicro.com3.122.217.205A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:01.979819059 CEST1.1.1.1192.168.2.30xbe35No error (0)api-eu1.xbc.trendmicro.com35.156.105.124A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:01.979819059 CEST1.1.1.1192.168.2.30xbe35No error (0)api-eu1.xbc.trendmicro.com3.123.46.19A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:01.979819059 CEST1.1.1.1192.168.2.30xbe35No error (0)api-eu1.xbc.trendmicro.com3.123.174.180A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:02.287915945 CEST1.1.1.1192.168.2.30x5fdaNo error (0)api-eu1.xbc.trendmicro.com3.123.46.19A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:02.287915945 CEST1.1.1.1192.168.2.30x5fdaNo error (0)api-eu1.xbc.trendmicro.com18.158.200.227A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:02.287915945 CEST1.1.1.1192.168.2.30x5fdaNo error (0)api-eu1.xbc.trendmicro.com18.198.47.153A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:02.287915945 CEST1.1.1.1192.168.2.30x5fdaNo error (0)api-eu1.xbc.trendmicro.com3.122.217.205A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:02.287915945 CEST1.1.1.1192.168.2.30x5fdaNo error (0)api-eu1.xbc.trendmicro.com3.121.204.45A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:02.287915945 CEST1.1.1.1192.168.2.30x5fdaNo error (0)api-eu1.xbc.trendmicro.com3.123.174.180A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:02.287915945 CEST1.1.1.1192.168.2.30x5fdaNo error (0)api-eu1.xbc.trendmicro.com3.123.64.229A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:02.287915945 CEST1.1.1.1192.168.2.30x5fdaNo error (0)api-eu1.xbc.trendmicro.com35.156.105.124A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:14.548999071 CEST1.1.1.1192.168.2.30xc1ffNo error (0)api-eu1.xbc.trendmicro.com18.158.200.227A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:14.548999071 CEST1.1.1.1192.168.2.30xc1ffNo error (0)api-eu1.xbc.trendmicro.com3.123.46.19A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:14.548999071 CEST1.1.1.1192.168.2.30xc1ffNo error (0)api-eu1.xbc.trendmicro.com3.123.174.180A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:14.548999071 CEST1.1.1.1192.168.2.30xc1ffNo error (0)api-eu1.xbc.trendmicro.com3.121.204.45A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:14.548999071 CEST1.1.1.1192.168.2.30xc1ffNo error (0)api-eu1.xbc.trendmicro.com3.123.64.229A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:14.548999071 CEST1.1.1.1192.168.2.30xc1ffNo error (0)api-eu1.xbc.trendmicro.com35.156.105.124A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:14.548999071 CEST1.1.1.1192.168.2.30xc1ffNo error (0)api-eu1.xbc.trendmicro.com3.122.217.205A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:14.548999071 CEST1.1.1.1192.168.2.30xc1ffNo error (0)api-eu1.xbc.trendmicro.com18.198.47.153A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:14.846050978 CEST1.1.1.1192.168.2.30x8990No error (0)api-eu1.xbc.trendmicro.com35.156.105.124A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:14.846050978 CEST1.1.1.1192.168.2.30x8990No error (0)api-eu1.xbc.trendmicro.com3.123.64.229A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:14.846050978 CEST1.1.1.1192.168.2.30x8990No error (0)api-eu1.xbc.trendmicro.com18.198.47.153A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:14.846050978 CEST1.1.1.1192.168.2.30x8990No error (0)api-eu1.xbc.trendmicro.com3.121.204.45A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:14.846050978 CEST1.1.1.1192.168.2.30x8990No error (0)api-eu1.xbc.trendmicro.com3.123.174.180A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:14.846050978 CEST1.1.1.1192.168.2.30x8990No error (0)api-eu1.xbc.trendmicro.com18.158.200.227A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:14.846050978 CEST1.1.1.1192.168.2.30x8990No error (0)api-eu1.xbc.trendmicro.com3.122.217.205A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:14.846050978 CEST1.1.1.1192.168.2.30x8990No error (0)api-eu1.xbc.trendmicro.com3.123.46.19A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:15.155761003 CEST1.1.1.1192.168.2.30xf197No error (0)api-eu1.xbc.trendmicro.com3.121.204.45A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:15.155761003 CEST1.1.1.1192.168.2.30xf197No error (0)api-eu1.xbc.trendmicro.com3.123.64.229A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:15.155761003 CEST1.1.1.1192.168.2.30xf197No error (0)api-eu1.xbc.trendmicro.com3.123.46.19A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:15.155761003 CEST1.1.1.1192.168.2.30xf197No error (0)api-eu1.xbc.trendmicro.com18.158.200.227A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:15.155761003 CEST1.1.1.1192.168.2.30xf197No error (0)api-eu1.xbc.trendmicro.com3.122.217.205A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:15.155761003 CEST1.1.1.1192.168.2.30xf197No error (0)api-eu1.xbc.trendmicro.com35.156.105.124A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:15.155761003 CEST1.1.1.1192.168.2.30xf197No error (0)api-eu1.xbc.trendmicro.com3.123.174.180A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:15.155761003 CEST1.1.1.1192.168.2.30xf197No error (0)api-eu1.xbc.trendmicro.com18.198.47.153A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:15.508492947 CEST1.1.1.1192.168.2.30xe942No error (0)api-eu1.xbc.trendmicro.com3.123.46.19A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:15.508492947 CEST1.1.1.1192.168.2.30xe942No error (0)api-eu1.xbc.trendmicro.com3.121.204.45A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:15.508492947 CEST1.1.1.1192.168.2.30xe942No error (0)api-eu1.xbc.trendmicro.com18.158.200.227A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:15.508492947 CEST1.1.1.1192.168.2.30xe942No error (0)api-eu1.xbc.trendmicro.com3.123.64.229A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:15.508492947 CEST1.1.1.1192.168.2.30xe942No error (0)api-eu1.xbc.trendmicro.com35.156.105.124A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:15.508492947 CEST1.1.1.1192.168.2.30xe942No error (0)api-eu1.xbc.trendmicro.com18.198.47.153A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:15.508492947 CEST1.1.1.1192.168.2.30xe942No error (0)api-eu1.xbc.trendmicro.com3.123.174.180A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:15.508492947 CEST1.1.1.1192.168.2.30xe942No error (0)api-eu1.xbc.trendmicro.com3.122.217.205A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:17.489342928 CEST1.1.1.1192.168.2.30x75d4No error (0)api-eu1.xbc.trendmicro.com18.158.200.227A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:17.489342928 CEST1.1.1.1192.168.2.30x75d4No error (0)api-eu1.xbc.trendmicro.com3.123.64.229A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:17.489342928 CEST1.1.1.1192.168.2.30x75d4No error (0)api-eu1.xbc.trendmicro.com3.121.204.45A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:17.489342928 CEST1.1.1.1192.168.2.30x75d4No error (0)api-eu1.xbc.trendmicro.com3.123.46.19A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:17.489342928 CEST1.1.1.1192.168.2.30x75d4No error (0)api-eu1.xbc.trendmicro.com3.123.174.180A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:17.489342928 CEST1.1.1.1192.168.2.30x75d4No error (0)api-eu1.xbc.trendmicro.com18.198.47.153A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:17.489342928 CEST1.1.1.1192.168.2.30x75d4No error (0)api-eu1.xbc.trendmicro.com35.156.105.124A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:17.489342928 CEST1.1.1.1192.168.2.30x75d4No error (0)api-eu1.xbc.trendmicro.com3.122.217.205A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:17.826463938 CEST1.1.1.1192.168.2.30x4cc3No error (0)api-eu1.xbc.trendmicro.com3.121.204.45A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:17.826463938 CEST1.1.1.1192.168.2.30x4cc3No error (0)api-eu1.xbc.trendmicro.com3.123.174.180A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:17.826463938 CEST1.1.1.1192.168.2.30x4cc3No error (0)api-eu1.xbc.trendmicro.com3.123.46.19A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:17.826463938 CEST1.1.1.1192.168.2.30x4cc3No error (0)api-eu1.xbc.trendmicro.com18.158.200.227A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:17.826463938 CEST1.1.1.1192.168.2.30x4cc3No error (0)api-eu1.xbc.trendmicro.com18.198.47.153A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:17.826463938 CEST1.1.1.1192.168.2.30x4cc3No error (0)api-eu1.xbc.trendmicro.com3.123.64.229A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:17.826463938 CEST1.1.1.1192.168.2.30x4cc3No error (0)api-eu1.xbc.trendmicro.com3.122.217.205A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:17.826463938 CEST1.1.1.1192.168.2.30x4cc3No error (0)api-eu1.xbc.trendmicro.com35.156.105.124A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:18.126013041 CEST1.1.1.1192.168.2.30x6458No error (0)api-eu1.xbc.trendmicro.com3.123.174.180A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:18.126013041 CEST1.1.1.1192.168.2.30x6458No error (0)api-eu1.xbc.trendmicro.com18.198.47.153A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:18.126013041 CEST1.1.1.1192.168.2.30x6458No error (0)api-eu1.xbc.trendmicro.com3.123.46.19A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:18.126013041 CEST1.1.1.1192.168.2.30x6458No error (0)api-eu1.xbc.trendmicro.com18.158.200.227A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:18.126013041 CEST1.1.1.1192.168.2.30x6458No error (0)api-eu1.xbc.trendmicro.com3.122.217.205A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:18.126013041 CEST1.1.1.1192.168.2.30x6458No error (0)api-eu1.xbc.trendmicro.com3.121.204.45A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:18.126013041 CEST1.1.1.1192.168.2.30x6458No error (0)api-eu1.xbc.trendmicro.com35.156.105.124A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:18.126013041 CEST1.1.1.1192.168.2.30x6458No error (0)api-eu1.xbc.trendmicro.com3.123.64.229A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:18.486371040 CEST1.1.1.1192.168.2.30xd315No error (0)api-eu1.xbc.trendmicro.com3.123.64.229A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:18.486371040 CEST1.1.1.1192.168.2.30xd315No error (0)api-eu1.xbc.trendmicro.com3.123.46.19A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:18.486371040 CEST1.1.1.1192.168.2.30xd315No error (0)api-eu1.xbc.trendmicro.com3.121.204.45A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:18.486371040 CEST1.1.1.1192.168.2.30xd315No error (0)api-eu1.xbc.trendmicro.com18.158.200.227A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:18.486371040 CEST1.1.1.1192.168.2.30xd315No error (0)api-eu1.xbc.trendmicro.com18.198.47.153A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:18.486371040 CEST1.1.1.1192.168.2.30xd315No error (0)api-eu1.xbc.trendmicro.com35.156.105.124A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:18.486371040 CEST1.1.1.1192.168.2.30xd315No error (0)api-eu1.xbc.trendmicro.com3.122.217.205A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:18.486371040 CEST1.1.1.1192.168.2.30xd315No error (0)api-eu1.xbc.trendmicro.com3.123.174.180A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:19.792507887 CEST1.1.1.1192.168.2.30x59c4No error (0)api-eu1.xbc.trendmicro.com35.156.105.124A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:19.792507887 CEST1.1.1.1192.168.2.30x59c4No error (0)api-eu1.xbc.trendmicro.com3.123.64.229A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:19.792507887 CEST1.1.1.1192.168.2.30x59c4No error (0)api-eu1.xbc.trendmicro.com3.121.204.45A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:19.792507887 CEST1.1.1.1192.168.2.30x59c4No error (0)api-eu1.xbc.trendmicro.com3.122.217.205A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:19.792507887 CEST1.1.1.1192.168.2.30x59c4No error (0)api-eu1.xbc.trendmicro.com18.158.200.227A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:19.792507887 CEST1.1.1.1192.168.2.30x59c4No error (0)api-eu1.xbc.trendmicro.com18.198.47.153A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:19.792507887 CEST1.1.1.1192.168.2.30x59c4No error (0)api-eu1.xbc.trendmicro.com3.123.46.19A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jun 27, 2023 08:31:19.792507887 CEST1.1.1.1192.168.2.30x59c4No error (0)api-eu1.xbc.trendmicro.com3.123.174.180A (IP address)IN (0x0001)false

                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                    • api-eu1.xbc.trendmicro.com

                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    0192.168.2.3497483.123.46.19443C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2023-06-27 06:30:45 UTC0OUTPOST /api/agent/get_upgrade_actions/v1.0 HTTP/1.1
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: TrendMicro WinHttp Module
                                                                                                                                                                                    x-client-version: 1.1.0.3702
                                                                                                                                                                                    x-client-platform: win32
                                                                                                                                                                                    x-auth-algorithm: 2
                                                                                                                                                                                    x-posix-time: 1687851711
                                                                                                                                                                                    Content-Length: 70
                                                                                                                                                                                    Host: api-eu1.xbc.trendmicro.com
                                                                                                                                                                                    2023-06-27 06:30:45 UTC0OUTData Raw: 7b 22 70 61 63 6b 61 67 65 73 22 3a 7b 22 78 62 63 5f 61 67 65 6e 74 22 3a 7b 22 76 65 72 73 69 6f 6e 22 3a 22 31 2e 31 2e 30 2e 33 37 30 32 22 7d 7d 2c 22 70 6c 61 74 66 6f 72 6d 22 3a 22 77 69 6e 33 32 22 7d
                                                                                                                                                                                    Data Ascii: {"packages":{"xbc_agent":{"version":"1.1.0.3702"}},"platform":"win32"}
                                                                                                                                                                                    2023-06-27 06:30:46 UTC0INHTTP/1.1 200 OK
                                                                                                                                                                                    content-type: application/json
                                                                                                                                                                                    date: Tue, 27 Jun 2023 06:30:46 GMT
                                                                                                                                                                                    server: istio-envoy
                                                                                                                                                                                    x-auth-algorithm: 2
                                                                                                                                                                                    x-envoy-upstream-service-time: 26
                                                                                                                                                                                    x-posix-time: 1687847446
                                                                                                                                                                                    x-server-version: 1.0.5481
                                                                                                                                                                                    x-signature: 1io3uV4MLjOPnjuWCm8c6dHZm6Nhc8nB2SOFWqEkago7Vz88mfHGqzalvss7/mVoHkvF+m0H0fd5/Mnreb1cjgeAiGF0TitzUHRJeKEYb4GMZgKNpZzZYoQJ0hdX/U3GpNs72ttCSsnOvVdAalow51+At6G+a09+fmqfunBDEPAaUmAstAPLT+rGFqoS43acB7WHVWXvD7Z6RLQSrEdAF1SpfWT1bkewmAuISPC3nCkn7D4dvCdhEyLxpyLObd98jDAqnQBD63+IUsNYJ78w/nee1mOvGVyAoEHTtvuJBDXvxwQF0SD4nvHiLfbQDIwb7K8YgNrezYynL2QnaXns+JfslOlsrxlL/D/x5aEyoPIFCvNdjX6kTGGjFhwDRD57r5u7xNeZdb5twz3Wcl+6rA/ssU8m+ILyD8XZoFGt74zWCJxMNVVjW3uifq3fX9Igo6IwZHNnk32H6pC3isbDqhJ8zQJWSEm+udYhh7LThaB6Y4I97lOlQT+62n0lJjB1ucmuIvgdHIiFuFAng/CLGRWocE9Nd+1gT7AGT2CqSS3LiAlhjCvOD1dMPD27XbYqZQbaIPlga5HZucSr/mwI5bgpJtRHynxgWtv7FSXVJ69NPXO6wqAo0TiZpOkjFNE0cTdgcGQuv0MYeXUAnHriUoeuGmGQrFI/HXteVgN0NUE=
                                                                                                                                                                                    x-trace-id: 2b52734f-0992-4152-ae3f-1cccd0f9ac9b
                                                                                                                                                                                    Content-Length: 128
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    2023-06-27 06:30:46 UTC1INData Raw: 7b 22 6e 6f 74 5f 61 66 74 65 72 22 3a 31 36 38 37 39 33 33 38 34 36 2c 22 6e 6f 74 5f 62 65 66 6f 72 65 22 3a 31 36 38 37 37 36 31 30 34 36 2c 22 72 75 6e 5f 73 74 65 70 73 22 3a 5b 5d 2c 22 75 70 67 72 61 64 65 5f 61 63 74 69 6f 6e 73 5f 66 72 65 71 5f 6d 61 78 22 3a 34 32 30 30 2c 22 75 70 67 72 61 64 65 5f 61 63 74 69 6f 6e 73 5f 66 72 65 71 5f 6d 69 6e 22 3a 33 30 30 30 7d 0a
                                                                                                                                                                                    Data Ascii: {"not_after":1687933846,"not_before":1687761046,"run_steps":[],"upgrade_actions_freq_max":4200,"upgrade_actions_freq_min":3000}


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    1192.168.2.3497493.123.174.180443C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2023-06-27 06:30:53 UTC1OUTPOST /api/agent/register_device/v2.0 HTTP/1.1
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: TrendMicro WinHttp Module
                                                                                                                                                                                    x-auth-algorithm: 2
                                                                                                                                                                                    x-client-version: 1.1.0.3702
                                                                                                                                                                                    x-signature: OHq1e7hsvbew19mgbWafveooWZLPXrU+v4+dGmGFAJAaY2VMbSou6hY9gxSUD+xk9SepZRiBBRa/VK0mYFUaCojvw5lhSZ6X5RxN7yJb3d8Z0xqXsgEdJGJSNfJe1vz2j4nxqq/QKXAfoJ9uiRZrOXPfhD8T8JLVw8KSKUMZDt5DA1fj8Qf2MDvcPYdfZreJhd5Y3ejVjOlyauXhCRUAj1rCgCtIcy5DjYpWXhBCbFGmF/B6H3ibio1BsMnAlXkvhzG3ONFuiSnSbrtMM0lVbaaUaFH7COEWT4QUeUh89A2d4Xz8BcslnEUFsm9a1hU4tL7H1LpCx6KLfd9n58c9grzGQ8NzlE1a7mvsZJ8wq1nLbeqvdxtej0bkzMoTBQJRvUeXk7KEm2Gs9xRxubvPXz0C4kHuBfjnkc/R6Dss4SvHYY6Y94GC4ReXcHRg2xGS+pqUy3qejKCbMTwmRImpdhg36wmqLYa5wn/NEqd97+vYNMJ5MjXTvHIvZaEIS3ampHGfESQoOoc/II4qiFTJLMptHxh6jMePsc+E1xWd5JHM7/w120OyfYm9P2HF3m5z1Co1j2FQQiSpC6kdpovjX9jo3xr0lnQqEGfsVjSS0gkDr0/DkLDbb+6Bhag1tGynbN/sW6S8Tz5p2A5G5hH/vXdI5C2yJ5/p+lAAwHmimVM=
                                                                                                                                                                                    x-posix-time: 1687851718
                                                                                                                                                                                    x-client-platform: win32
                                                                                                                                                                                    Content-Length: 917
                                                                                                                                                                                    Host: api-eu1.xbc.trendmicro.com
                                                                                                                                                                                    2023-06-27 06:30:53 UTC2OUTData Raw: 7b 22 63 72 65 61 74 65 5f 64 65 76 69 63 65 5f 69 64 5f 6f 6e 5f 63 6f 6e 66 6c 69 63 74 22 3a 74 72 75 65 2c 22 64 65 76 69 63 65 5f 69 64 22 3a 22 65 39 39 63 63 34 30 35 2d 65 61 32 33 2d 34 39 36 31 2d 62 34 61 66 2d 34 37 36 34 61 31 30 64 31 63 30 35 22 2c 22 64 65 76 69 63 65 5f 70 75 62 6c 69 63 5f 6b 65 79 22 3a 22 2d 2d 2d 2d 2d 42 45 47 49 4e 20 50 55 42 4c 49 43 20 4b 45 59 2d 2d 2d 2d 2d 5c 6e 4d 49 49 43 49 44 41 4e 42 67 6b 71 68 6b 69 47 39 77 30 42 41 51 45 46 41 41 4f 43 41 67 30 41 4d 49 49 43 43 41 4b 43 41 67 45 41 37 36 73 61 66 6d 38 6c 37 78 30 79 6e 61 37 35 38 41 51 46 46 76 46 47 52 47 34 42 5c 6e 4f 5a 70 70 66 67 47 7a 52 45 6a 59 72 4a 58 30 2f 6f 65 59 50 74 69 68 55 7a 65 43 4f 67 74 66 4a 79 6c 76 5a 41 77 46 43 41 57 32
                                                                                                                                                                                    Data Ascii: {"create_device_id_on_conflict":true,"device_id":"e99cc405-ea23-4961-b4af-4764a10d1c05","device_public_key":"-----BEGIN PUBLIC KEY-----\nMIICIDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEA76safm8l7x0yna758AQFFvFGRG4B\nOZppfgGzREjYrJX0/oeYPtihUzeCOgtfJylvZAwFCAW2
                                                                                                                                                                                    2023-06-27 06:30:53 UTC3INHTTP/1.1 401 Unauthorized
                                                                                                                                                                                    date: Tue, 27 Jun 2023 06:30:53 GMT
                                                                                                                                                                                    server: istio-envoy
                                                                                                                                                                                    x-envoy-upstream-service-time: 1
                                                                                                                                                                                    x-posix-time-lag: 4265
                                                                                                                                                                                    x-server-version: gw.v1.0.1257
                                                                                                                                                                                    x-trace-id: b551a3c4-4d28-4341-9fbb-ff6a47d81cc1
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    Connection: Close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    10192.168.2.3497583.123.46.19443C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2023-06-27 06:31:02 UTC13OUTPOST /api/agent/report_exception/v2.0 HTTP/1.1
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: TrendMicro WinHttp Module
                                                                                                                                                                                    x-client-device-id: e99cc405-ea23-4961-b4af-4764a10d1c05
                                                                                                                                                                                    x-client-version: 1.1.0.3702
                                                                                                                                                                                    x-client-platform: win32
                                                                                                                                                                                    Content-Length: 378
                                                                                                                                                                                    Host: api-eu1.xbc.trendmicro.com
                                                                                                                                                                                    2023-06-27 06:31:02 UTC13OUTData Raw: 7b 22 64 65 76 69 63 65 5f 69 64 22 3a 22 65 39 39 63 63 34 30 35 2d 65 61 32 33 2d 34 39 36 31 2d 62 34 61 66 2d 34 37 36 34 61 31 30 64 31 63 30 35 22 2c 22 65 78 63 65 70 74 69 6f 6e 5f 64 65 74 61 69 6c 22 3a 7b 22 65 6e 64 5f 74 69 6d 65 22 3a 31 36 38 37 38 35 31 38 34 37 2c 22 6f 73 5f 61 72 63 68 22 3a 22 78 38 36 5f 36 34 22 2c 22 6f 73 5f 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 57 69 6e 64 6f 77 73 20 31 30 20 45 6e 74 65 72 70 72 69 73 65 22 2c 22 6f 73 5f 76 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 38 33 36 33 22 2c 22 70 6c 61 74 66 6f 72 6d 5f 74 79 70 65 22 3a 22 64 65 73 6b 74 6f 70 22 2c 22 72 65 61 73 6f 6e 22 3a 22 52 65 67 69 73 74 65 72 20 64 65 76 69 63 65 20 66 61 69 6c 65 64 20 77 69 74 68 20 48 54 54 50 53 74 61 74 75 73
                                                                                                                                                                                    Data Ascii: {"device_id":"e99cc405-ea23-4961-b4af-4764a10d1c05","exception_detail":{"end_time":1687851847,"os_arch":"x86_64","os_display_name":"Windows 10 Enterprise","os_version":"10.0.18363","platform_type":"desktop","reason":"Register device failed with HTTPStatus
                                                                                                                                                                                    2023-06-27 06:31:02 UTC14INHTTP/1.1 200 OK
                                                                                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                                                                                    date: Tue, 27 Jun 2023 06:31:02 GMT
                                                                                                                                                                                    server: istio-envoy
                                                                                                                                                                                    x-envoy-upstream-service-time: 11
                                                                                                                                                                                    x-server-version: 1.0.5481
                                                                                                                                                                                    x-trace-id: b41c7ff9-1cca-4ef2-a915-8c13c121bf1e
                                                                                                                                                                                    Content-Length: 2
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    2023-06-27 06:31:02 UTC14INData Raw: 6f 6b
                                                                                                                                                                                    Data Ascii: ok


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    11192.168.2.34975918.158.200.227443C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2023-06-27 06:31:14 UTC14OUTPOST /api/agent/register_device/v2.0 HTTP/1.1
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: TrendMicro WinHttp Module
                                                                                                                                                                                    x-auth-algorithm: 2
                                                                                                                                                                                    x-client-version: 1.1.0.3702
                                                                                                                                                                                    x-signature: NvdqxEOoZdFeJ6LxUBb4wF/4T/7lTYI8ISr436qV95BVDgSuCeFSL159sWo3Q1YwDKunMmiFHmbtpwCQXVXU3InFD1Tv61xZbIWhhun7Pd4rpuKxUT2EsBmYIYnJoGZqEEQGka3RtQChLS38rGKzk2NPIiYK7wQg/JUQ54XhmCg0P9xD4RB6pxLvb6QWo/4jOWGkrbnuqBvINYmx2Q4czilRisCXyNBWrnUrlvSX4TGM4GuveIVIOBrAmVoHWKD8o2t+ZHNfBakYmdx0NGGjtuEIU/CfJfVhVL9h2gJudHVhkXGbcWy6Z2oVqbLn+yHZhL5PDROcJtbKgxPgV8fe8xCrZ1CSH2xg3t9QbZTWh3XkZoyf70KjCXmkOGvIpzNdMHjvbQAG6NI1belBjcmz/QeO3vm/OrshRgJAfLOXo7mN07dzk03BBe0SSu69BgQqtdW8RBJOQfflCsjmVMquEfZEKtuNX8XpV+qopJYxepoCcnT4J5HdkRm8O32PI1/qO++1kXNXxdiWPo9URpfQm3NOGhbpafDgW8FIQ2oysXFnSFmIiRoBH2cnR1COiLvR2mV3yd14UTmSY/1gN/pyERg2z6nS2N3LJVuKIgWCbCC3cTcL7ZNoEfZVWm16JIxZHZ7sNqlsGpf161Ccz+agqkVlrjn1qdNzkCizrtnn1eM=
                                                                                                                                                                                    x-posix-time: 1687851859
                                                                                                                                                                                    x-client-platform: win32
                                                                                                                                                                                    Content-Length: 917
                                                                                                                                                                                    Host: api-eu1.xbc.trendmicro.com
                                                                                                                                                                                    2023-06-27 06:31:14 UTC15OUTData Raw: 7b 22 63 72 65 61 74 65 5f 64 65 76 69 63 65 5f 69 64 5f 6f 6e 5f 63 6f 6e 66 6c 69 63 74 22 3a 74 72 75 65 2c 22 64 65 76 69 63 65 5f 69 64 22 3a 22 65 39 39 63 63 34 30 35 2d 65 61 32 33 2d 34 39 36 31 2d 62 34 61 66 2d 34 37 36 34 61 31 30 64 31 63 30 35 22 2c 22 64 65 76 69 63 65 5f 70 75 62 6c 69 63 5f 6b 65 79 22 3a 22 2d 2d 2d 2d 2d 42 45 47 49 4e 20 50 55 42 4c 49 43 20 4b 45 59 2d 2d 2d 2d 2d 5c 6e 4d 49 49 43 49 44 41 4e 42 67 6b 71 68 6b 69 47 39 77 30 42 41 51 45 46 41 41 4f 43 41 67 30 41 4d 49 49 43 43 41 4b 43 41 67 45 41 36 6f 37 69 56 41 30 79 58 47 46 76 5a 6c 59 54 69 52 6a 6a 69 79 6d 64 76 4c 59 53 5c 6e 6d 33 73 74 42 67 46 33 71 42 35 43 55 78 51 31 73 45 50 61 77 48 2b 64 74 4f 37 45 75 72 32 41 4f 61 47 36 31 6c 35 2b 65 6b 69 71
                                                                                                                                                                                    Data Ascii: {"create_device_id_on_conflict":true,"device_id":"e99cc405-ea23-4961-b4af-4764a10d1c05","device_public_key":"-----BEGIN PUBLIC KEY-----\nMIICIDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEA6o7iVA0yXGFvZlYTiRjjiymdvLYS\nm3stBgF3qB5CUxQ1sEPawH+dtO7Eur2AOaG61l5+ekiq
                                                                                                                                                                                    2023-06-27 06:31:14 UTC16INHTTP/1.1 401 Unauthorized
                                                                                                                                                                                    date: Tue, 27 Jun 2023 06:31:14 GMT
                                                                                                                                                                                    server: istio-envoy
                                                                                                                                                                                    x-posix-time-lag: 4385
                                                                                                                                                                                    x-server-version: gw.v1.0.1257
                                                                                                                                                                                    x-trace-id: 843375d5-a254-400c-9c05-b549a7982adc
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    Connection: Close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    12192.168.2.34976035.156.105.124443C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2023-06-27 06:31:14 UTC16OUTPOST /api/agent/report_exception/v2.0 HTTP/1.1
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: TrendMicro WinHttp Module
                                                                                                                                                                                    x-client-device-id: e99cc405-ea23-4961-b4af-4764a10d1c05
                                                                                                                                                                                    x-client-version: 1.1.0.3702
                                                                                                                                                                                    x-client-platform: win32
                                                                                                                                                                                    Content-Length: 378
                                                                                                                                                                                    Host: api-eu1.xbc.trendmicro.com
                                                                                                                                                                                    2023-06-27 06:31:14 UTC16OUTData Raw: 7b 22 64 65 76 69 63 65 5f 69 64 22 3a 22 65 39 39 63 63 34 30 35 2d 65 61 32 33 2d 34 39 36 31 2d 62 34 61 66 2d 34 37 36 34 61 31 30 64 31 63 30 35 22 2c 22 65 78 63 65 70 74 69 6f 6e 5f 64 65 74 61 69 6c 22 3a 7b 22 65 6e 64 5f 74 69 6d 65 22 3a 31 36 38 37 38 35 31 38 35 39 2c 22 6f 73 5f 61 72 63 68 22 3a 22 78 38 36 5f 36 34 22 2c 22 6f 73 5f 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 57 69 6e 64 6f 77 73 20 31 30 20 45 6e 74 65 72 70 72 69 73 65 22 2c 22 6f 73 5f 76 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 38 33 36 33 22 2c 22 70 6c 61 74 66 6f 72 6d 5f 74 79 70 65 22 3a 22 64 65 73 6b 74 6f 70 22 2c 22 72 65 61 73 6f 6e 22 3a 22 52 65 67 69 73 74 65 72 20 64 65 76 69 63 65 20 66 61 69 6c 65 64 20 77 69 74 68 20 48 54 54 50 53 74 61 74 75 73
                                                                                                                                                                                    Data Ascii: {"device_id":"e99cc405-ea23-4961-b4af-4764a10d1c05","exception_detail":{"end_time":1687851859,"os_arch":"x86_64","os_display_name":"Windows 10 Enterprise","os_version":"10.0.18363","platform_type":"desktop","reason":"Register device failed with HTTPStatus
                                                                                                                                                                                    2023-06-27 06:31:14 UTC17INHTTP/1.1 200 OK
                                                                                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                                                                                    date: Tue, 27 Jun 2023 06:31:14 GMT
                                                                                                                                                                                    server: istio-envoy
                                                                                                                                                                                    x-envoy-upstream-service-time: 4
                                                                                                                                                                                    x-server-version: 1.0.5481
                                                                                                                                                                                    x-trace-id: d3e4698b-2927-46ac-805c-b3accbc1a3c3
                                                                                                                                                                                    Content-Length: 2
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    2023-06-27 06:31:14 UTC17INData Raw: 6f 6b
                                                                                                                                                                                    Data Ascii: ok


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    13192.168.2.3497613.121.204.45443C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2023-06-27 06:31:15 UTC17OUTPOST /xbc-ams/get_actions/v3.0/00000000-0000-0000-0001-000000000000/e99cc405-ea23-4961-b4af-4764a10d1c05 HTTP/1.1
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: TrendMicro WinHttp Module
                                                                                                                                                                                    x-auth-algorithm: 2
                                                                                                                                                                                    x-client-device-id: e99cc405-ea23-4961-b4af-4764a10d1c05
                                                                                                                                                                                    x-client-version: 1.1.0.3702
                                                                                                                                                                                    x-device-signature: 3UG4vNUdGJ/s3gGaxt1ITUbgGlOgwAhM8b1cAQKtcyBa1TKoi42n+4I3CxYXgs7tMtJJyZpiVZeEoh+GsEdkOFXHCg3ngrnaEjrd99w+FUcp+POg93GlCU2gd1ETHjOj+ZhSohL9cpHIspnLoCrego4APXWzVrNT4z/q/9A6+dCxkkVxr/CBBOlJMVBUjj3ynUMN/jG6iCjckbXmcdek64kO113u/K8ap0MPIC1mLvAlwZtrjTMNJGMsFvd1F9fkZhYKKsinOCACKjw4oDakSW99AnC86Q21QfH3ADMpNAutFy+ulXBuaUABH5NY8RtQqM+bL1woJjDMxvsxIy7DPZTkM7c7l0G331ZXdSeNi/36r7QnZedht2HHG5xrvmACH1MviCkBRNmGM92Mh5Vx0fAZ6/A9LTY+WgdbEEt0/FCG0Dpf+sKRz7DzeCnPT8Ow+n5jpjKny7BOA0K91aH1Mxqn/daRqk/ACbo2DuvK09nbrOAmIDw7H9EK2a4+sKVkcO1mzZR6MtnAUXrMsAt9dNWWCEmDB0NDal3KW7jkHbxq99Bd1GsalWt44DKuowJwJAKv9nScV2mmIlZdrBzN/Qz6v4ko+DKXUuMtPwYjRjAX+wlWg0o89TW5GJ798aeHl3seO20nN49qbSt0CRn5PywOK6CEGe1O6ofiBXIKPxY=
                                                                                                                                                                                    x-client-platform: win32
                                                                                                                                                                                    x-posix-time: 1687851855
                                                                                                                                                                                    Content-Length: 28
                                                                                                                                                                                    Host: api-eu1.xbc.trendmicro.com
                                                                                                                                                                                    2023-06-27 06:31:15 UTC18OUTData Raw: 7b 22 78 62 63 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 31 2e 30 2e 33 37 30 32 22 7d
                                                                                                                                                                                    Data Ascii: {"xbc_version":"1.1.0.3702"}
                                                                                                                                                                                    2023-06-27 06:31:15 UTC18INHTTP/1.1 401 Unauthorized
                                                                                                                                                                                    date: Tue, 27 Jun 2023 06:31:15 GMT
                                                                                                                                                                                    server: istio-envoy
                                                                                                                                                                                    x-envoy-upstream-service-time: 0
                                                                                                                                                                                    x-posix-time-lag: 4380
                                                                                                                                                                                    x-trace-id: 5bb56857-5dcc-4010-be86-f512e6ec3c99
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    Connection: Close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    14192.168.2.3497623.123.46.19443C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2023-06-27 06:31:15 UTC18OUTPOST /api/agent/report_exception/v2.0 HTTP/1.1
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: TrendMicro WinHttp Module
                                                                                                                                                                                    x-client-device-id: e99cc405-ea23-4961-b4af-4764a10d1c05
                                                                                                                                                                                    x-client-version: 1.1.0.3702
                                                                                                                                                                                    x-client-platform: win32
                                                                                                                                                                                    Content-Length: 355
                                                                                                                                                                                    Host: api-eu1.xbc.trendmicro.com
                                                                                                                                                                                    2023-06-27 06:31:15 UTC19OUTData Raw: 7b 22 64 65 76 69 63 65 5f 69 64 22 3a 22 65 39 39 63 63 34 30 35 2d 65 61 32 33 2d 34 39 36 31 2d 62 34 61 66 2d 34 37 36 34 61 31 30 64 31 63 30 35 22 2c 22 65 78 63 65 70 74 69 6f 6e 5f 64 65 74 61 69 6c 22 3a 7b 22 65 6e 64 5f 74 69 6d 65 22 3a 31 36 38 37 38 35 31 38 36 30 2c 22 6f 73 5f 61 72 63 68 22 3a 22 78 38 36 5f 36 34 22 2c 22 6f 73 5f 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 57 69 6e 64 6f 77 73 20 31 30 20 45 6e 74 65 72 70 72 69 73 65 22 2c 22 6f 73 5f 76 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 38 33 36 33 22 2c 22 70 6c 61 74 66 6f 72 6d 5f 74 79 70 65 22 3a 22 64 65 73 6b 74 6f 70 22 2c 22 72 65 61 73 6f 6e 22 3a 22 73 65 72 76 65 72 20 72 65 73 70 6f 6e 64 73 20 75 6e 61 75 74 68 6f 72 69 7a 65 64 22 2c 22 73 74 61 72 74 5f 74
                                                                                                                                                                                    Data Ascii: {"device_id":"e99cc405-ea23-4961-b4af-4764a10d1c05","exception_detail":{"end_time":1687851860,"os_arch":"x86_64","os_display_name":"Windows 10 Enterprise","os_version":"10.0.18363","platform_type":"desktop","reason":"server responds unauthorized","start_t
                                                                                                                                                                                    2023-06-27 06:31:15 UTC19INHTTP/1.1 200 OK
                                                                                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                                                                                    date: Tue, 27 Jun 2023 06:31:15 GMT
                                                                                                                                                                                    server: istio-envoy
                                                                                                                                                                                    x-envoy-upstream-service-time: 4
                                                                                                                                                                                    x-server-version: 1.0.5481
                                                                                                                                                                                    x-trace-id: 414007fb-4f99-4ede-8b5f-2e9ffce61ab2
                                                                                                                                                                                    Content-Length: 2
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    2023-06-27 06:31:15 UTC19INData Raw: 6f 6b
                                                                                                                                                                                    Data Ascii: ok


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    15192.168.2.34976318.158.200.227443C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2023-06-27 06:31:17 UTC19OUTPOST /api/agent/register_device/v2.0 HTTP/1.1
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: TrendMicro WinHttp Module
                                                                                                                                                                                    x-auth-algorithm: 2
                                                                                                                                                                                    x-client-version: 1.1.0.3702
                                                                                                                                                                                    x-signature: QpMJaYcHNp8QlO4IIuIaNGc/cfxfIDiUU1WCIXdKeANa/XHUrJMJXFD5KE42Df0o1r12QmSo3jK8ZITp+ZUnpED16Ft0Dr5lU8DQOtc5d/DgfxkgyVU248jmAXnkQfuKPNgbKvJP9uKUybc3EG2Zf+Att/UlalAweHtY0CBFkFCAwRWTl1IOzmVR6zgm/LaSoo8CiZnHn2gS2XwHh3v4fyAl6cENmtzr1lJudkR5iLXYncWfvvXKcQrRfQbIkI+RdrwiVXTCpfypqEYx3mdCJs+7GcRlt9jcdsmVek3yOHa8ykPZ9UwFwyNkdy09fh/DbV8V2sLOguX1/lxcmvUEwyqfE326wA0C7FDuFiR72YD4ebYbHhaLM/bvHRJtZPzDB/ift8fWxiPmdNQjAKRckw3LYgfyl/57yacKm158X7pW01afc27rjdNtEMs3gbYn79MGei9qOB4t0k0eMu09aa0px4ft4fiN1rfjbSn4KholStiHXQ9B+zu4mbN5o3+sQpPWg7w3K5nafnEdOwX1QS31DO1BsfaWNFhN1O7VMYqaeWhC3gFut75CkGBbg/cSbjx70/TEvaBRTn7vU8Q98V+TTKnL+LEZu4KTzJ/w9TyO2JxtHeuHUImMN3AtRPcceJqUE1RGRFzTu8rD8ZvPE6zw08FOZnyIJqtZVz/l2WA=
                                                                                                                                                                                    x-posix-time: 1687851862
                                                                                                                                                                                    x-client-platform: win32
                                                                                                                                                                                    Content-Length: 917
                                                                                                                                                                                    Host: api-eu1.xbc.trendmicro.com
                                                                                                                                                                                    2023-06-27 06:31:17 UTC20OUTData Raw: 7b 22 63 72 65 61 74 65 5f 64 65 76 69 63 65 5f 69 64 5f 6f 6e 5f 63 6f 6e 66 6c 69 63 74 22 3a 74 72 75 65 2c 22 64 65 76 69 63 65 5f 69 64 22 3a 22 65 39 39 63 63 34 30 35 2d 65 61 32 33 2d 34 39 36 31 2d 62 34 61 66 2d 34 37 36 34 61 31 30 64 31 63 30 35 22 2c 22 64 65 76 69 63 65 5f 70 75 62 6c 69 63 5f 6b 65 79 22 3a 22 2d 2d 2d 2d 2d 42 45 47 49 4e 20 50 55 42 4c 49 43 20 4b 45 59 2d 2d 2d 2d 2d 5c 6e 4d 49 49 43 49 44 41 4e 42 67 6b 71 68 6b 69 47 39 77 30 42 41 51 45 46 41 41 4f 43 41 67 30 41 4d 49 49 43 43 41 4b 43 41 67 45 41 6d 37 2f 34 48 6e 55 4b 6d 4d 6d 6d 4d 34 69 50 52 51 7a 59 59 4f 38 50 34 75 47 44 5c 6e 79 73 49 37 72 47 67 39 4b 74 4e 73 32 67 43 53 66 70 35 4f 43 38 36 55 72 6d 36 35 42 51 5a 4b 5a 54 72 56 6e 33 58 68 62 58 43 53
                                                                                                                                                                                    Data Ascii: {"create_device_id_on_conflict":true,"device_id":"e99cc405-ea23-4961-b4af-4764a10d1c05","device_public_key":"-----BEGIN PUBLIC KEY-----\nMIICIDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEAm7/4HnUKmMmmM4iPRQzYYO8P4uGD\nysI7rGg9KtNs2gCSfp5OC86Urm65BQZKZTrVn3XhbXCS
                                                                                                                                                                                    2023-06-27 06:31:17 UTC21INHTTP/1.1 401 Unauthorized
                                                                                                                                                                                    date: Tue, 27 Jun 2023 06:31:17 GMT
                                                                                                                                                                                    server: istio-envoy
                                                                                                                                                                                    x-posix-time-lag: 4385
                                                                                                                                                                                    x-server-version: gw.v1.0.1257
                                                                                                                                                                                    x-trace-id: a0151f00-84b0-4b0c-bd7d-3ee4f4a32182
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    Connection: Close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    16192.168.2.3497643.121.204.45443C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2023-06-27 06:31:17 UTC22OUTPOST /api/agent/report_exception/v2.0 HTTP/1.1
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: TrendMicro WinHttp Module
                                                                                                                                                                                    x-client-device-id: e99cc405-ea23-4961-b4af-4764a10d1c05
                                                                                                                                                                                    x-client-version: 1.1.0.3702
                                                                                                                                                                                    x-client-platform: win32
                                                                                                                                                                                    Content-Length: 378
                                                                                                                                                                                    Host: api-eu1.xbc.trendmicro.com
                                                                                                                                                                                    2023-06-27 06:31:17 UTC22OUTData Raw: 7b 22 64 65 76 69 63 65 5f 69 64 22 3a 22 65 39 39 63 63 34 30 35 2d 65 61 32 33 2d 34 39 36 31 2d 62 34 61 66 2d 34 37 36 34 61 31 30 64 31 63 30 35 22 2c 22 65 78 63 65 70 74 69 6f 6e 5f 64 65 74 61 69 6c 22 3a 7b 22 65 6e 64 5f 74 69 6d 65 22 3a 31 36 38 37 38 35 31 38 36 32 2c 22 6f 73 5f 61 72 63 68 22 3a 22 78 38 36 5f 36 34 22 2c 22 6f 73 5f 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 57 69 6e 64 6f 77 73 20 31 30 20 45 6e 74 65 72 70 72 69 73 65 22 2c 22 6f 73 5f 76 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 38 33 36 33 22 2c 22 70 6c 61 74 66 6f 72 6d 5f 74 79 70 65 22 3a 22 64 65 73 6b 74 6f 70 22 2c 22 72 65 61 73 6f 6e 22 3a 22 52 65 67 69 73 74 65 72 20 64 65 76 69 63 65 20 66 61 69 6c 65 64 20 77 69 74 68 20 48 54 54 50 53 74 61 74 75 73
                                                                                                                                                                                    Data Ascii: {"device_id":"e99cc405-ea23-4961-b4af-4764a10d1c05","exception_detail":{"end_time":1687851862,"os_arch":"x86_64","os_display_name":"Windows 10 Enterprise","os_version":"10.0.18363","platform_type":"desktop","reason":"Register device failed with HTTPStatus
                                                                                                                                                                                    2023-06-27 06:31:17 UTC22INHTTP/1.1 200 OK
                                                                                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                                                                                    date: Tue, 27 Jun 2023 06:31:17 GMT
                                                                                                                                                                                    server: istio-envoy
                                                                                                                                                                                    x-envoy-upstream-service-time: 4
                                                                                                                                                                                    x-server-version: 1.0.5481
                                                                                                                                                                                    x-trace-id: fbb8a774-c4e1-4be7-becd-2581aabc0ccd
                                                                                                                                                                                    Content-Length: 2
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    2023-06-27 06:31:17 UTC22INData Raw: 6f 6b
                                                                                                                                                                                    Data Ascii: ok


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    17192.168.2.3497653.123.174.180443C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2023-06-27 06:31:18 UTC22OUTPOST /xbc-ams/next_command/v4.0/e99cc405-ea23-4961-b4af-4764a10d1c05 HTTP/1.1
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: TrendMicro WinHttp Module
                                                                                                                                                                                    x-auth-algorithm: 2
                                                                                                                                                                                    x-client-device-id: e99cc405-ea23-4961-b4af-4764a10d1c05
                                                                                                                                                                                    x-client-version: 1.1.0.3702
                                                                                                                                                                                    x-device-signature: YwEPmd8RZ2GupxkRzjSVob3NHThrwJYzKh8M4Fb8yXeqaXkpJvQNlJZhfEvHUr8jCnbiJOKH0N+Enam4Ozy5ayDBC7e+n0QpQThpPkeXug1MmcxtKqjBRSxDRFoX/QSMPio/xGn9vyqrlMhvVsAqZtifq8WIvjshwmHHBLuIGMQrhWsTc8cfn+73FDZAGQwIdTMg0vbiQa9OoLCJnUhwvtPTX4NoSNHg9uQ7sDVX3K/4YCqrkO031ZaEgP7XlKJKungurZfQbsAWuXbatmJ+JCORLv6yFT5VKOCb8V14qW+5uiuRigLGOSxq7uOWxCxVKovYod+iWbiN7AtHTx6YwHzn9XAoqazWquOBrf1Fkmp2vysISRlSlOeziFwr6+0uBsiJb6WUwiUwLqSWl8MmB/JFU4V/L6grGSDWi85+i+KlXV7fFYdf9++QFcmO7rY9zOsaWDSmP4+f3byz6ocAFB5dswaMRLazP58EPwb9zjxFTJ/LkjKBL5WrFWmWM8o/96vBkA2YSTqJ9JJTjPHVrXjCPpicc5nG9KpQF9fkS5noh/DLm2yg+1ztXtKDd4gXrfS4z7VeS76vQszmtiNxVnuys3JtWehlIc7dhdTAJrjPHJbHO8SRnElLrtoQFg/kL+otwh3B/d0h34dwlUPGZ7L9GagjMOLpzRxSZgMchhs=
                                                                                                                                                                                    x-client-platform: win32
                                                                                                                                                                                    x-posix-time: 1687851861
                                                                                                                                                                                    Content-Length: 58
                                                                                                                                                                                    Host: api-eu1.xbc.trendmicro.com
                                                                                                                                                                                    2023-06-27 06:31:18 UTC24OUTData Raw: 7b 22 61 67 65 6e 74 5f 69 6e 66 6f 22 3a 7b 22 70 6c 61 74 66 6f 72 6d 22 3a 22 77 69 6e 33 32 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 31 2e 31 2e 30 2e 33 37 30 32 22 7d 7d
                                                                                                                                                                                    Data Ascii: {"agent_info":{"platform":"win32","version":"1.1.0.3702"}}
                                                                                                                                                                                    2023-06-27 06:31:18 UTC24INHTTP/1.1 401 Unauthorized
                                                                                                                                                                                    date: Tue, 27 Jun 2023 06:31:18 GMT
                                                                                                                                                                                    server: istio-envoy
                                                                                                                                                                                    x-envoy-upstream-service-time: 1
                                                                                                                                                                                    x-posix-time-lag: 4383
                                                                                                                                                                                    x-trace-id: 28935a30-4d8e-4a0a-b732-d8b1f3a8f1d9
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    Connection: Close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    18192.168.2.3497663.123.64.229443C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2023-06-27 06:31:18 UTC24OUTPOST /api/agent/report_exception/v2.0 HTTP/1.1
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: TrendMicro WinHttp Module
                                                                                                                                                                                    x-client-device-id: e99cc405-ea23-4961-b4af-4764a10d1c05
                                                                                                                                                                                    x-client-version: 1.1.0.3702
                                                                                                                                                                                    x-client-platform: win32
                                                                                                                                                                                    Content-Length: 356
                                                                                                                                                                                    Host: api-eu1.xbc.trendmicro.com
                                                                                                                                                                                    2023-06-27 06:31:18 UTC24OUTData Raw: 7b 22 64 65 76 69 63 65 5f 69 64 22 3a 22 65 39 39 63 63 34 30 35 2d 65 61 32 33 2d 34 39 36 31 2d 62 34 61 66 2d 34 37 36 34 61 31 30 64 31 63 30 35 22 2c 22 65 78 63 65 70 74 69 6f 6e 5f 64 65 74 61 69 6c 22 3a 7b 22 65 6e 64 5f 74 69 6d 65 22 3a 31 36 38 37 38 35 31 38 36 33 2c 22 6f 73 5f 61 72 63 68 22 3a 22 78 38 36 5f 36 34 22 2c 22 6f 73 5f 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 57 69 6e 64 6f 77 73 20 31 30 20 45 6e 74 65 72 70 72 69 73 65 22 2c 22 6f 73 5f 76 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 38 33 36 33 22 2c 22 70 6c 61 74 66 6f 72 6d 5f 74 79 70 65 22 3a 22 64 65 73 6b 74 6f 70 22 2c 22 72 65 61 73 6f 6e 22 3a 22 73 65 72 76 65 72 20 72 65 73 70 6f 6e 64 73 20 75 6e 61 75 74 68 6f 72 69 7a 65 64 22 2c 22 73 74 61 72 74 5f 74
                                                                                                                                                                                    Data Ascii: {"device_id":"e99cc405-ea23-4961-b4af-4764a10d1c05","exception_detail":{"end_time":1687851863,"os_arch":"x86_64","os_display_name":"Windows 10 Enterprise","os_version":"10.0.18363","platform_type":"desktop","reason":"server responds unauthorized","start_t
                                                                                                                                                                                    2023-06-27 06:31:18 UTC25INHTTP/1.1 200 OK
                                                                                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                                                                                    date: Tue, 27 Jun 2023 06:31:18 GMT
                                                                                                                                                                                    server: istio-envoy
                                                                                                                                                                                    x-envoy-upstream-service-time: 5
                                                                                                                                                                                    x-server-version: 1.0.5481
                                                                                                                                                                                    x-trace-id: 64556762-c1bb-4ec3-87d5-7b541b312a9f
                                                                                                                                                                                    Content-Length: 2
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    2023-06-27 06:31:18 UTC25INData Raw: 6f 6b
                                                                                                                                                                                    Data Ascii: ok


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    19192.168.2.34976735.156.105.124443C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2023-06-27 06:31:19 UTC25OUTPOST /api/agent/report_exception/v2.0 HTTP/1.1
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: TrendMicro WinHttp Module
                                                                                                                                                                                    x-client-device-id: e99cc405-ea23-4961-b4af-4764a10d1c05
                                                                                                                                                                                    x-client-version: 1.1.0.3702
                                                                                                                                                                                    x-client-platform: win32
                                                                                                                                                                                    Content-Length: 378
                                                                                                                                                                                    Host: api-eu1.xbc.trendmicro.com
                                                                                                                                                                                    2023-06-27 06:31:19 UTC25OUTData Raw: 7b 22 64 65 76 69 63 65 5f 69 64 22 3a 22 65 39 39 63 63 34 30 35 2d 65 61 32 33 2d 34 39 36 31 2d 62 34 61 66 2d 34 37 36 34 61 31 30 64 31 63 30 35 22 2c 22 65 78 63 65 70 74 69 6f 6e 5f 64 65 74 61 69 6c 22 3a 7b 22 65 6e 64 5f 74 69 6d 65 22 3a 31 36 38 37 38 35 31 37 34 35 2c 22 6f 73 5f 61 72 63 68 22 3a 22 78 38 36 5f 36 34 22 2c 22 6f 73 5f 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 57 69 6e 64 6f 77 73 20 31 30 20 45 6e 74 65 72 70 72 69 73 65 22 2c 22 6f 73 5f 76 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 38 33 36 33 22 2c 22 70 6c 61 74 66 6f 72 6d 5f 74 79 70 65 22 3a 22 64 65 73 6b 74 6f 70 22 2c 22 72 65 61 73 6f 6e 22 3a 22 64 6f 5f 61 63 74 69 6f 6e 73 3a 20 74 65 72 6d 69 6e 61 74 65 64 20 62 79 20 77 69 6e 64 6f 77 20 63 6c 6f 73 65
                                                                                                                                                                                    Data Ascii: {"device_id":"e99cc405-ea23-4961-b4af-4764a10d1c05","exception_detail":{"end_time":1687851745,"os_arch":"x86_64","os_display_name":"Windows 10 Enterprise","os_version":"10.0.18363","platform_type":"desktop","reason":"do_actions: terminated by window close
                                                                                                                                                                                    2023-06-27 06:31:19 UTC26INHTTP/1.1 200 OK
                                                                                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                                                                                    date: Tue, 27 Jun 2023 06:31:19 GMT
                                                                                                                                                                                    server: istio-envoy
                                                                                                                                                                                    x-envoy-upstream-service-time: 4
                                                                                                                                                                                    x-server-version: 1.0.5481
                                                                                                                                                                                    x-trace-id: 4db9be6e-bfb3-4bdc-b855-305a5272fd16
                                                                                                                                                                                    Content-Length: 2
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    2023-06-27 06:31:19 UTC26INData Raw: 6f 6b
                                                                                                                                                                                    Data Ascii: ok


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    2192.168.2.3497503.123.46.19443C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2023-06-27 06:30:53 UTC3OUTPOST /api/agent/report_exception/v2.0 HTTP/1.1
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: TrendMicro WinHttp Module
                                                                                                                                                                                    x-client-device-id: e99cc405-ea23-4961-b4af-4764a10d1c05
                                                                                                                                                                                    x-client-version: 1.1.0.3702
                                                                                                                                                                                    x-client-platform: win32
                                                                                                                                                                                    Content-Length: 378
                                                                                                                                                                                    Host: api-eu1.xbc.trendmicro.com
                                                                                                                                                                                    2023-06-27 06:30:53 UTC3OUTData Raw: 7b 22 64 65 76 69 63 65 5f 69 64 22 3a 22 65 39 39 63 63 34 30 35 2d 65 61 32 33 2d 34 39 36 31 2d 62 34 61 66 2d 34 37 36 34 61 31 30 64 31 63 30 35 22 2c 22 65 78 63 65 70 74 69 6f 6e 5f 64 65 74 61 69 6c 22 3a 7b 22 65 6e 64 5f 74 69 6d 65 22 3a 31 36 38 37 38 35 31 37 31 38 2c 22 6f 73 5f 61 72 63 68 22 3a 22 78 38 36 5f 36 34 22 2c 22 6f 73 5f 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 57 69 6e 64 6f 77 73 20 31 30 20 45 6e 74 65 72 70 72 69 73 65 22 2c 22 6f 73 5f 76 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 38 33 36 33 22 2c 22 70 6c 61 74 66 6f 72 6d 5f 74 79 70 65 22 3a 22 64 65 73 6b 74 6f 70 22 2c 22 72 65 61 73 6f 6e 22 3a 22 52 65 67 69 73 74 65 72 20 64 65 76 69 63 65 20 66 61 69 6c 65 64 20 77 69 74 68 20 48 54 54 50 53 74 61 74 75 73
                                                                                                                                                                                    Data Ascii: {"device_id":"e99cc405-ea23-4961-b4af-4764a10d1c05","exception_detail":{"end_time":1687851718,"os_arch":"x86_64","os_display_name":"Windows 10 Enterprise","os_version":"10.0.18363","platform_type":"desktop","reason":"Register device failed with HTTPStatus
                                                                                                                                                                                    2023-06-27 06:30:53 UTC4INHTTP/1.1 200 OK
                                                                                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                                                                                    date: Tue, 27 Jun 2023 06:30:53 GMT
                                                                                                                                                                                    server: istio-envoy
                                                                                                                                                                                    x-envoy-upstream-service-time: 4
                                                                                                                                                                                    x-server-version: 1.0.5481
                                                                                                                                                                                    x-trace-id: b438e027-d1af-4e42-bb45-10b4def27fc8
                                                                                                                                                                                    Content-Length: 2
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    2023-06-27 06:30:53 UTC4INData Raw: 6f 6b
                                                                                                                                                                                    Data Ascii: ok


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    3192.168.2.34975118.198.47.153443C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2023-06-27 06:30:53 UTC4OUTPOST /xbc-ams/register_company/v2.0/e99cc405-ea23-4961-b4af-4764a10d1c05 HTTP/1.1
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: TrendMicro WinHttp Module
                                                                                                                                                                                    x-auth-algorithm: 2
                                                                                                                                                                                    x-client-device-id: e99cc405-ea23-4961-b4af-4764a10d1c05
                                                                                                                                                                                    x-client-version: 1.1.0.3702
                                                                                                                                                                                    x-client-platform: win32
                                                                                                                                                                                    x-posix-time: 1687851719
                                                                                                                                                                                    Content-Length: 84
                                                                                                                                                                                    Host: api-eu1.xbc.trendmicro.com
                                                                                                                                                                                    2023-06-27 06:30:53 UTC5OUTData Raw: 7b 22 61 67 65 6e 74 5f 74 6f 6b 65 6e 73 22 3a 5b 22 30 30 30 30 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 2d 30 30 30 31 2d 30 30 30 30 30 30 30 30 30 30 30 30 22 5d 2c 22 78 62 63 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 31 2e 30 2e 33 37 30 32 22 7d
                                                                                                                                                                                    Data Ascii: {"agent_tokens":["00000000-0000-0000-0001-000000000000"],"xbc_version":"1.1.0.3702"}
                                                                                                                                                                                    2023-06-27 06:30:53 UTC5INHTTP/1.1 401 Unauthorized
                                                                                                                                                                                    date: Tue, 27 Jun 2023 06:30:53 GMT
                                                                                                                                                                                    server: istio-envoy
                                                                                                                                                                                    x-trace-id: 85830f1f-cf4d-4919-8664-c377bba33075
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    Connection: Close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    4192.168.2.34975235.156.105.124443C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2023-06-27 06:30:53 UTC5OUTPOST /api/agent/get_upgrade_actions/v1.0 HTTP/1.1
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: TrendMicro WinHttp Module
                                                                                                                                                                                    x-client-version: 1.1.0.3702
                                                                                                                                                                                    x-client-platform: win32
                                                                                                                                                                                    x-auth-algorithm: 2
                                                                                                                                                                                    x-posix-time: 1687851838
                                                                                                                                                                                    Content-Length: 70
                                                                                                                                                                                    Host: api-eu1.xbc.trendmicro.com
                                                                                                                                                                                    2023-06-27 06:30:53 UTC5OUTData Raw: 7b 22 70 61 63 6b 61 67 65 73 22 3a 7b 22 78 62 63 5f 61 67 65 6e 74 22 3a 7b 22 76 65 72 73 69 6f 6e 22 3a 22 31 2e 31 2e 30 2e 33 37 30 32 22 7d 7d 2c 22 70 6c 61 74 66 6f 72 6d 22 3a 22 77 69 6e 33 32 22 7d
                                                                                                                                                                                    Data Ascii: {"packages":{"xbc_agent":{"version":"1.1.0.3702"}},"platform":"win32"}
                                                                                                                                                                                    2023-06-27 06:30:53 UTC5INHTTP/1.1 200 OK
                                                                                                                                                                                    content-type: application/json
                                                                                                                                                                                    date: Tue, 27 Jun 2023 06:30:53 GMT
                                                                                                                                                                                    server: istio-envoy
                                                                                                                                                                                    x-auth-algorithm: 2
                                                                                                                                                                                    x-envoy-upstream-service-time: 19
                                                                                                                                                                                    x-posix-time: 1687847453
                                                                                                                                                                                    x-server-version: 1.0.5481
                                                                                                                                                                                    x-signature: B0gV6Rw2uJlGTIjSH3oOYDLivYB0Ndi4VZKkS5rn+NQreTIlRV947TZHin6sI3uocM/lkYs3+7fbf1lkgoqTorKuFVXNwiK0iwmYAAJ+RKUaTWaRdPHYzdk6Hy/Z//Gjrmz2pseVdDggFtEUydJ/e6YNVeejfqvQkNq3eclRZe7OlZClnY9v/VEVzIbCFH212alirUjWkTcloS8ImFDc9aqKUvpebNNQIj/IumB1y6MM1gJuyd/5NcL8VSiVm5ecuw/cyeNnH4sNIKqROHclrWP2O17DutEARpEgyMpXTtrjibgWWUydJEN2wviFFgED4xrrkiGn4CvtCRIfD2A2dMasUQc+lHXnQLgujvZgVzVsV6a2pvylJJj83YkcKMvHK4sjGIevOmkwfgiUyPY7VS5mzdTbrDZlmQYV1ifZdK/wZAOi1tsZRZl+ZjVQypxEsAYSfXrt8QWCfgQuEPXlSaNX1R7/QhemlBL/33yF8Vy0qalAPb0nvqsxYdZqWzbt722y+RV5+KoUHKtlvMx/CNBXcsUnUEAJOJ3TUUicr7Qig8X3Nlg1mdWGlqZfdAA9603kEPuSUuLW+q7xHjxjb+/ywFjaU9juowgfoKzYiJHfXgzPKMm3BwvQs/HbNVnWZulcoG5ybxsw98gTbPUBTW93PdFejKre0mNxVf5DrFI=
                                                                                                                                                                                    x-trace-id: b537fbac-2c9e-49a9-902d-e7bb6d52e0ca
                                                                                                                                                                                    Content-Length: 128
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    2023-06-27 06:30:53 UTC6INData Raw: 7b 22 6e 6f 74 5f 61 66 74 65 72 22 3a 31 36 38 37 39 33 33 38 35 33 2c 22 6e 6f 74 5f 62 65 66 6f 72 65 22 3a 31 36 38 37 37 36 31 30 35 33 2c 22 72 75 6e 5f 73 74 65 70 73 22 3a 5b 5d 2c 22 75 70 67 72 61 64 65 5f 61 63 74 69 6f 6e 73 5f 66 72 65 71 5f 6d 61 78 22 3a 34 32 30 30 2c 22 75 70 67 72 61 64 65 5f 61 63 74 69 6f 6e 73 5f 66 72 65 71 5f 6d 69 6e 22 3a 33 30 30 30 7d 0a
                                                                                                                                                                                    Data Ascii: {"not_after":1687933853,"not_before":1687761053,"run_steps":[],"upgrade_actions_freq_max":4200,"upgrade_actions_freq_min":3000}


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    5192.168.2.3497533.122.217.205443C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2023-06-27 06:30:54 UTC6OUTPOST /xbc-ams/get_actions/v3.0/00000000-0000-0000-0001-000000000000/e99cc405-ea23-4961-b4af-4764a10d1c05 HTTP/1.1
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: TrendMicro WinHttp Module
                                                                                                                                                                                    x-auth-algorithm: 2
                                                                                                                                                                                    x-client-device-id: e99cc405-ea23-4961-b4af-4764a10d1c05
                                                                                                                                                                                    x-client-version: 1.1.0.3702
                                                                                                                                                                                    x-device-signature: aIzABDtUkTt5yy6HlCmJzHDd0NCERSujBvyrXeTcg57NJMatV+Xyb8JDI6IAAjd/6iBftPXrOyaQ2CNChKepV7q+Z6mB/atczGrKOYKb2TeV8m9UF7loiicQqgTKEbe7HQ6Pa6adj792TJUEPHOiS2ryeh27XPtxD0zFMAbkOvf6P1S29Vlyu86KdgV7cDAsN4DWEBrLVp+Ui8edmoqwvHwLQ3Kpss/0S7HmVAQPOetbt2k121Yy/pJkoZ2BVV/Diy8BulAnDf0+6fbYd8xMFAA800sFy19BUmFSLj/MJK48+/J1U27JF3wGKWI/h6Qjk6MJtV+8DUIdfI08V/PNJnUr45vYH2iMvfqmiCIMMm69JwJSoJnFxQyjtic+FJs5wHAtxbdr7FlYLTcqWPqg0rMUJETEgWfobIugpQBvZjkEiKkpvdGCjd1eMEkbUNGGu5mLnc7tfhuhbyMO5r5wqJn3nFdNwuEiM4b2wg0YJAhgPywOl4g/jyFTasGxg4ocG6oR2NuXR55eQ/3B9Q6umsjTeAzuVgKR+0taeGwnlOYmNA6cd/C9OKtgAsC79gVnTp2GmJEF3s5eTN0rT0eyb7q+klcSj2z65h/U0Diy53yYdCur5ts3Y+aAA2cWA4nn5YJCi5KHY12I3xTUXkEFH75uKbmK2YGF4lmOU+43UQY=
                                                                                                                                                                                    x-client-platform: win32
                                                                                                                                                                                    x-posix-time: 1687851839
                                                                                                                                                                                    Content-Length: 28
                                                                                                                                                                                    Host: api-eu1.xbc.trendmicro.com
                                                                                                                                                                                    2023-06-27 06:30:54 UTC7OUTData Raw: 7b 22 78 62 63 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 31 2e 30 2e 33 37 30 32 22 7d
                                                                                                                                                                                    Data Ascii: {"xbc_version":"1.1.0.3702"}
                                                                                                                                                                                    2023-06-27 06:30:54 UTC7INHTTP/1.1 401 Unauthorized
                                                                                                                                                                                    date: Tue, 27 Jun 2023 06:30:54 GMT
                                                                                                                                                                                    server: istio-envoy
                                                                                                                                                                                    x-posix-time-lag: 4385
                                                                                                                                                                                    x-trace-id: 2bcb37fe-3416-457a-b1b9-15159fa98867
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    Connection: Close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    6192.168.2.3497543.121.204.45443C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2023-06-27 06:30:54 UTC8OUTPOST /api/agent/report_exception/v2.0 HTTP/1.1
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: TrendMicro WinHttp Module
                                                                                                                                                                                    x-client-device-id: e99cc405-ea23-4961-b4af-4764a10d1c05
                                                                                                                                                                                    x-client-version: 1.1.0.3702
                                                                                                                                                                                    x-client-platform: win32
                                                                                                                                                                                    Content-Length: 355
                                                                                                                                                                                    Host: api-eu1.xbc.trendmicro.com
                                                                                                                                                                                    2023-06-27 06:30:54 UTC8OUTData Raw: 7b 22 64 65 76 69 63 65 5f 69 64 22 3a 22 65 39 39 63 63 34 30 35 2d 65 61 32 33 2d 34 39 36 31 2d 62 34 61 66 2d 34 37 36 34 61 31 30 64 31 63 30 35 22 2c 22 65 78 63 65 70 74 69 6f 6e 5f 64 65 74 61 69 6c 22 3a 7b 22 65 6e 64 5f 74 69 6d 65 22 3a 31 36 38 37 38 35 31 38 33 39 2c 22 6f 73 5f 61 72 63 68 22 3a 22 78 38 36 5f 36 34 22 2c 22 6f 73 5f 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 57 69 6e 64 6f 77 73 20 31 30 20 45 6e 74 65 72 70 72 69 73 65 22 2c 22 6f 73 5f 76 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 38 33 36 33 22 2c 22 70 6c 61 74 66 6f 72 6d 5f 74 79 70 65 22 3a 22 64 65 73 6b 74 6f 70 22 2c 22 72 65 61 73 6f 6e 22 3a 22 73 65 72 76 65 72 20 72 65 73 70 6f 6e 64 73 20 75 6e 61 75 74 68 6f 72 69 7a 65 64 22 2c 22 73 74 61 72 74 5f 74
                                                                                                                                                                                    Data Ascii: {"device_id":"e99cc405-ea23-4961-b4af-4764a10d1c05","exception_detail":{"end_time":1687851839,"os_arch":"x86_64","os_display_name":"Windows 10 Enterprise","os_version":"10.0.18363","platform_type":"desktop","reason":"server responds unauthorized","start_t
                                                                                                                                                                                    2023-06-27 06:30:54 UTC8INHTTP/1.1 200 OK
                                                                                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                                                                                    date: Tue, 27 Jun 2023 06:30:54 GMT
                                                                                                                                                                                    server: istio-envoy
                                                                                                                                                                                    x-envoy-upstream-service-time: 6
                                                                                                                                                                                    x-server-version: 1.0.5481
                                                                                                                                                                                    x-trace-id: bc70b180-6aef-4b39-bcbc-9698ff6225cf
                                                                                                                                                                                    Content-Length: 2
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    2023-06-27 06:30:54 UTC9INData Raw: 6f 6b
                                                                                                                                                                                    Data Ascii: ok


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    7192.168.2.34975518.158.200.227443C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2023-06-27 06:30:55 UTC9OUTPOST /xbc-ams/next_command/v4.0/e99cc405-ea23-4961-b4af-4764a10d1c05 HTTP/1.1
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: TrendMicro WinHttp Module
                                                                                                                                                                                    x-auth-algorithm: 2
                                                                                                                                                                                    x-client-device-id: e99cc405-ea23-4961-b4af-4764a10d1c05
                                                                                                                                                                                    x-client-version: 1.1.0.3702
                                                                                                                                                                                    x-device-signature: ivtKk8aB2qqEuLJyFP50fIvpKL9rIZW2Je2saJG5ia8HE4esW35TQXJ6q9h+WvNKeXdVqcpCfEHVvpfOljXRKiH0zy/NbT3mzGuqS402HM0jHN//Uz1YhAH/ukf8bGQ9BSxwJGiOpP3EfjckR8XYrmhzOuqIwrB5ETW7gdXM+s92FIh2bzaKMizSspf8loHd7UM+SyP+51RU4YFxmeB2Au2X4QVh+MsEXx6uN96gjIvaLb4oXVLj0BluFsu++zha0WQxvpDor2RsMNrwsZY7Y3fCWWCXniHMXR1+SNNDxUP9GwueXbEJPp25piuJE8e0bnw5UsF/2fBPzaUJaaVINA3aN47E5oKwEb2nWeR3B+w6g/vG6AO5qU0yLH5y6byAZ9ng8nB/ObmYnDVG88Rzi6cp6ZszWePZ7Qz0i2YG0pPdxKzPnJSeE2BVZbF2TCo57l9wmDsiX1CJZKQG1SD5+TX4/+2kp1TMG5/LZGb01JrAQSDD5sATZSlOUMNcoDGJakg/9eTFY8jnDwtlSSoJDot187rkgLJ+SY8OT4hliN1fqfUbYQ+hcjs3QcDrKWvwDSY91EnQ4CI39hIaX7Z9QUdjDR90iz1kEz76+fyh48EhMx9uzBkIB5NLCphp8CguL8qAsQQrYyHYhU+Ziyy+v96hOVJCwK55Y5izJaK+290=
                                                                                                                                                                                    x-client-platform: win32
                                                                                                                                                                                    x-posix-time: 1687851840
                                                                                                                                                                                    Content-Length: 58
                                                                                                                                                                                    Host: api-eu1.xbc.trendmicro.com
                                                                                                                                                                                    2023-06-27 06:30:55 UTC10OUTData Raw: 7b 22 61 67 65 6e 74 5f 69 6e 66 6f 22 3a 7b 22 70 6c 61 74 66 6f 72 6d 22 3a 22 77 69 6e 33 32 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 31 2e 31 2e 30 2e 33 37 30 32 22 7d 7d
                                                                                                                                                                                    Data Ascii: {"agent_info":{"platform":"win32","version":"1.1.0.3702"}}
                                                                                                                                                                                    2023-06-27 06:30:55 UTC10INHTTP/1.1 401 Unauthorized
                                                                                                                                                                                    date: Tue, 27 Jun 2023 06:30:54 GMT
                                                                                                                                                                                    server: istio-envoy
                                                                                                                                                                                    x-posix-time-lag: 4386
                                                                                                                                                                                    x-trace-id: 1a981d87-c5b0-4908-a926-1ecfcef6f9b0
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    Connection: Close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    8192.168.2.3497563.122.217.205443C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2023-06-27 06:30:55 UTC10OUTPOST /api/agent/report_exception/v2.0 HTTP/1.1
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: TrendMicro WinHttp Module
                                                                                                                                                                                    x-client-device-id: e99cc405-ea23-4961-b4af-4764a10d1c05
                                                                                                                                                                                    x-client-version: 1.1.0.3702
                                                                                                                                                                                    x-client-platform: win32
                                                                                                                                                                                    Content-Length: 356
                                                                                                                                                                                    Host: api-eu1.xbc.trendmicro.com
                                                                                                                                                                                    2023-06-27 06:30:55 UTC10OUTData Raw: 7b 22 64 65 76 69 63 65 5f 69 64 22 3a 22 65 39 39 63 63 34 30 35 2d 65 61 32 33 2d 34 39 36 31 2d 62 34 61 66 2d 34 37 36 34 61 31 30 64 31 63 30 35 22 2c 22 65 78 63 65 70 74 69 6f 6e 5f 64 65 74 61 69 6c 22 3a 7b 22 65 6e 64 5f 74 69 6d 65 22 3a 31 36 38 37 38 35 31 38 34 30 2c 22 6f 73 5f 61 72 63 68 22 3a 22 78 38 36 5f 36 34 22 2c 22 6f 73 5f 64 69 73 70 6c 61 79 5f 6e 61 6d 65 22 3a 22 57 69 6e 64 6f 77 73 20 31 30 20 45 6e 74 65 72 70 72 69 73 65 22 2c 22 6f 73 5f 76 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 38 33 36 33 22 2c 22 70 6c 61 74 66 6f 72 6d 5f 74 79 70 65 22 3a 22 64 65 73 6b 74 6f 70 22 2c 22 72 65 61 73 6f 6e 22 3a 22 73 65 72 76 65 72 20 72 65 73 70 6f 6e 64 73 20 75 6e 61 75 74 68 6f 72 69 7a 65 64 22 2c 22 73 74 61 72 74 5f 74
                                                                                                                                                                                    Data Ascii: {"device_id":"e99cc405-ea23-4961-b4af-4764a10d1c05","exception_detail":{"end_time":1687851840,"os_arch":"x86_64","os_display_name":"Windows 10 Enterprise","os_version":"10.0.18363","platform_type":"desktop","reason":"server responds unauthorized","start_t
                                                                                                                                                                                    2023-06-27 06:30:55 UTC11INHTTP/1.1 200 OK
                                                                                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                                                                                    date: Tue, 27 Jun 2023 06:30:55 GMT
                                                                                                                                                                                    server: istio-envoy
                                                                                                                                                                                    x-envoy-upstream-service-time: 5
                                                                                                                                                                                    x-server-version: 1.0.5481
                                                                                                                                                                                    x-trace-id: 1166fa07-0f70-4795-bf5f-ec936175b5ca
                                                                                                                                                                                    Content-Length: 2
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    2023-06-27 06:30:55 UTC11INData Raw: 6f 6b
                                                                                                                                                                                    Data Ascii: ok


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                    9192.168.2.34975718.158.200.227443C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exe
                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                    2023-06-27 06:31:02 UTC11OUTPOST /api/agent/register_device/v2.0 HTTP/1.1
                                                                                                                                                                                    Connection: Close
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: TrendMicro WinHttp Module
                                                                                                                                                                                    x-auth-algorithm: 2
                                                                                                                                                                                    x-client-version: 1.1.0.3702
                                                                                                                                                                                    x-signature: K5pA+IhX/bX4QO1XapW6D/ts81/+EWYmMGt0cDRi08UDzXm8iHXo4WyLpz76PnRbklRqBXr98tdT7CDKHd8o+0psxgEzzlF0SPVhyI5n0SX3M/EAHNIoMZcu5aDO+ymbFDgbgIPmL4OPxdnZP2l2Yp07K3sUVUkc6d2uqH+wH+anqlOYTkkzDNP3DcAntWHC4R4s8iU0vwCWD5qfy6mF+ulYqajxh1d5WzTtOPh209VyjsXoD5/fExfS1SyI5Usy5BT7s+TsuZTvkZEiB/swDPk6JkLIY4ENN+tNSopdtm5l7T2dGezTSdrTzKZR5/f+ctzNGJFLJePQ1got9mf9RyAvyPeSal942Gn1g8VxMZHPehqwgEFY8GBySuNpBHWzsv6dZk6KGfsHC44SOLb5fkfRVUeoIo2OjkScBG3Ki1nguumtSXAUS3jAptCM3iabDacEx1DzAhT4fEgRmG80dQGmKialMPXyX9OvL3fV8nvwEvtoIGz7GHZuN/3IEkgxjF3qprVRGIOhu+z23YrM51rFwxNo/QG+AlFt5xbXZxxyXeGz0u+Pn7DPLnaFm5o+kOjMJ9mYMAOr8QL86vGHvgCs7P4W5C5DubFg5zVcoIF96UMf+LK3qmREtHvPrysX/EiMkhKxXOyig12UaG5Pb0usErPoSauR6bIci4vKYaI=
                                                                                                                                                                                    x-posix-time: 1687851847
                                                                                                                                                                                    x-client-platform: win32
                                                                                                                                                                                    Content-Length: 917
                                                                                                                                                                                    Host: api-eu1.xbc.trendmicro.com
                                                                                                                                                                                    2023-06-27 06:31:02 UTC12OUTData Raw: 7b 22 63 72 65 61 74 65 5f 64 65 76 69 63 65 5f 69 64 5f 6f 6e 5f 63 6f 6e 66 6c 69 63 74 22 3a 74 72 75 65 2c 22 64 65 76 69 63 65 5f 69 64 22 3a 22 65 39 39 63 63 34 30 35 2d 65 61 32 33 2d 34 39 36 31 2d 62 34 61 66 2d 34 37 36 34 61 31 30 64 31 63 30 35 22 2c 22 64 65 76 69 63 65 5f 70 75 62 6c 69 63 5f 6b 65 79 22 3a 22 2d 2d 2d 2d 2d 42 45 47 49 4e 20 50 55 42 4c 49 43 20 4b 45 59 2d 2d 2d 2d 2d 5c 6e 4d 49 49 43 49 44 41 4e 42 67 6b 71 68 6b 69 47 39 77 30 42 41 51 45 46 41 41 4f 43 41 67 30 41 4d 49 49 43 43 41 4b 43 41 67 45 41 6c 39 6a 6e 41 72 63 66 36 4c 39 57 31 38 78 47 61 34 55 51 6d 51 33 78 44 6f 46 72 5c 6e 6a 73 56 7a 41 46 67 45 4e 2b 35 58 38 44 45 75 75 50 56 56 2b 4e 61 4f 57 4d 62 2f 35 7a 38 6f 73 2b 61 4c 51 43 6b 43 5a 39 71 6a
                                                                                                                                                                                    Data Ascii: {"create_device_id_on_conflict":true,"device_id":"e99cc405-ea23-4961-b4af-4764a10d1c05","device_public_key":"-----BEGIN PUBLIC KEY-----\nMIICIDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEAl9jnArcf6L9W18xGa4UQmQ3xDoFr\njsVzAFgEN+5X8DEuuPVV+NaOWMb/5z8os+aLQCkCZ9qj
                                                                                                                                                                                    2023-06-27 06:31:02 UTC13INHTTP/1.1 401 Unauthorized
                                                                                                                                                                                    date: Tue, 27 Jun 2023 06:31:02 GMT
                                                                                                                                                                                    server: istio-envoy
                                                                                                                                                                                    x-posix-time-lag: 4385
                                                                                                                                                                                    x-server-version: gw.v1.0.1257
                                                                                                                                                                                    x-trace-id: 48948e52-604b-4c2b-a4d0-71869ad22174
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    Connection: Close


                                                                                                                                                                                    Statistics

                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                    • File
                                                                                                                                                                                    • Registry

                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                    Behavior

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    System Behavior

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                    Start time:08:29:57
                                                                                                                                                                                    Start date:27/06/2023
                                                                                                                                                                                    Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
                                                                                                                                                                                    Imagebase:0x7ff61d4c0000
                                                                                                                                                                                    File size:53'744 bytes
                                                                                                                                                                                    MD5 hash:9520A99E77D6196D0D09833146424113
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                    Show Windows behavior

                                                                                                                                                                                    Section Activities

                                                                                                                                                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                    Show Windows behavior

                                                                                                                                                                                    Process Activities

                                                                                                                                                                                    Show Windows behavior

                                                                                                                                                                                    Thread Activities

                                                                                                                                                                                    Show Windows behavior

                                                                                                                                                                                    Memory Activities

                                                                                                                                                                                    Show Windows behavior

                                                                                                                                                                                    System Activities

                                                                                                                                                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:1
                                                                                                                                                                                    Start time:08:30:42
                                                                                                                                                                                    Start date:27/06/2023
                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exe"
                                                                                                                                                                                    Imagebase:0xc10000
                                                                                                                                                                                    File size:3'301'760 bytes
                                                                                                                                                                                    MD5 hash:7719DE2021CEC0078EEC00943DF400C5
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Show Windows behavior

                                                                                                                                                                                    Memory Activities


                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                    Start time:08:30:43
                                                                                                                                                                                    Start date:27/06/2023
                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\Temp1_wBbo19Zh5pD.zip\EndpointBasecamp.exe"
                                                                                                                                                                                    Imagebase:0xc10000
                                                                                                                                                                                    File size:3'301'760 bytes
                                                                                                                                                                                    MD5 hash:7719DE2021CEC0078EEC00943DF400C5
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Show Windows behavior

                                                                                                                                                                                    File Activities

                                                                                                                                                                                    Show Windows behavior

                                                                                                                                                                                    Section Activities

                                                                                                                                                                                    Show Windows behavior

                                                                                                                                                                                    Registry Activities

                                                                                                                                                                                    Show Windows behavior

                                                                                                                                                                                    Mutex Activities

                                                                                                                                                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                    Show Windows behavior

                                                                                                                                                                                    Thread Activities

                                                                                                                                                                                    Show Windows behavior

                                                                                                                                                                                    Memory Activities

                                                                                                                                                                                    Show Windows behavior

                                                                                                                                                                                    System Activities

                                                                                                                                                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                    Start time:08:30:43
                                                                                                                                                                                    Start date:27/06/2023
                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                    Imagebase:0x7ff7603a0000
                                                                                                                                                                                    File size:885'760 bytes
                                                                                                                                                                                    MD5 hash:C5E9B1D1103EDCEA2E408E9497A5A88F
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Show Windows behavior

                                                                                                                                                                                    File Activities

                                                                                                                                                                                    Show Windows behavior

                                                                                                                                                                                    Section Activities

                                                                                                                                                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                    Show Windows behavior

                                                                                                                                                                                    Mutex Activities

                                                                                                                                                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                    Show Windows behavior

                                                                                                                                                                                    Thread Activities

                                                                                                                                                                                    Show Windows behavior

                                                                                                                                                                                    Memory Activities

                                                                                                                                                                                    Show Windows behavior

                                                                                                                                                                                    System Activities

                                                                                                                                                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                    Show Windows behavior

                                                                                                                                                                                    Windows UI Activities

                                                                                                                                                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                    Start time:08:30:46
                                                                                                                                                                                    Start date:27/06/2023
                                                                                                                                                                                    Path:C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\\Program Files (x86)\\Trend Micro\\Endpoint Basecamp\\EndpointBasecamp.exe" /service
                                                                                                                                                                                    Imagebase:0xf60000
                                                                                                                                                                                    File size:3'301'760 bytes
                                                                                                                                                                                    MD5 hash:7719DE2021CEC0078EEC00943DF400C5
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Show Windows behavior

                                                                                                                                                                                    File Activities

                                                                                                                                                                                    Show Windows behavior

                                                                                                                                                                                    Section Activities

                                                                                                                                                                                    Show Windows behavior

                                                                                                                                                                                    Registry Activities

                                                                                                                                                                                    Show Windows behavior

                                                                                                                                                                                    Mutex Activities

                                                                                                                                                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                    Show Windows behavior

                                                                                                                                                                                    Thread Activities

                                                                                                                                                                                    Show Windows behavior

                                                                                                                                                                                    Memory Activities

                                                                                                                                                                                    Show Windows behavior

                                                                                                                                                                                    System Activities

                                                                                                                                                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                                                                    Disassembly

                                                                                                                                                                                    No disassembly