Windows
Analysis Report
52e69dd2-1038-4cc3-9a28-bd4e33724309.eml
Overview
General Information
Detection
Score: | 3 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
- OUTLOOK.EXE (PID: 5888 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\OUTLO OK.EXE" /e ml "C:\Use rs\user\De sktop\52e6 9dd2-1038- 4cc3-9a28- bd4e337243 09.eml" MD5: 91A5292942864110ED734005B7E005C0) - ai.exe (PID: 6192 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\vfs\ ProgramFil esCommonX6 4\Microsof t Shared\O ffice16\ai .exe" "CCF 90C33-8674 -4F41-8D53 -541E86A85 C8C" "418C E8A4-BC4B- 4A98-89AA- 7B01E6DED6 D1" "5888" "C:\Progr am Files ( x86)\Micro soft Offic e\Root\Off ice16\OUTL OOK.EXE" " WordCombin edFloatieL reOnline.o nnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD) - chrome.exe (PID: 1764 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t C:\Users \user\AppD ata\Local\ Microsoft\ Windows\IN etCache\Co ntent.Outl ook\20CO8U YI\.html MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 676 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2156 --fi eld-trial- handle=194 4,i,100098 9140538363 3377,35990 0768920422 90,262144 --disable- features=O ptimizatio nGuideMode lDownloadi ng,Optimiz ationHints ,Optimizat ionHintsFe tching,Opt imizationT argetPredi ction /pre fetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 1996 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t C:\Users \user\AppD ata\Local\ Microsoft\ Windows\IN etCache\Co ntent.Outl ook\20CO8U YI\.html MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 3368 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2180 --fi eld-trial- handle=202 4,i,134617 3400140182 5318,98340 4624111950 0868,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- rundll32.exe (PID: 6728 cmdline:
C:\Windows \System32\ rundll32.e xe C:\Wind ows\System 32\shell32 .dll,SHCre ateLocalSe rverRunDll {9aa46009 -3ce0-458a -a354-7156 10a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
- cleanup
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Source: | Author: frack113: |
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window found: | Jump to behavior |
Source: | Window detected: |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Key value created or modified: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | File Volume queried: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | 1 Modify Registry | LSASS Memory | 1 File and Directory Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Registry Run Keys / Startup Folder | 1 Rundll32 | Security Account Manager | 14 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Process Injection | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 142.250.185.100 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.185.100 | www.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
172.217.16.132 | unknown | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.16 |
192.168.2.4 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1501431 |
Start date and time: | 2024-08-29 22:22:21 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 11s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 25 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 52e69dd2-1038-4cc3-9a28-bd4e33724309.eml |
Detection: | CLEAN |
Classification: | clean3.winEML@25/25@4/5 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.109.32.97, 93.184.221.240, 52.113.194.132, 52.109.28.47, 2.19.126.160, 2.19.126.151, 52.109.28.48, 51.116.246.104, 142.250.186.163, 142.250.186.142, 66.102.1.84, 34.104.35.123, 51.104.15.252, 40.79.167.8, 13.89.179.13, 142.250.185.227, 20.189.173.15, 172.217.18.14
- Excluded domains from analysis (whitelisted): osiprod-uks-bronze-azsc-000.uksouth.cloudapp.azure.com, omex.cdn.office.net, odc.officeapps.live.com, slscr.update.microsoft.com, europe.odcsm1.live.com.akadns.net, clientservices.googleapis.com, eur.roaming1.live.com.akadns.net, ecs-office.s-0005.s-msedge.net, onedscolprdgwc00.germanywestcentral.cloudapp.azure.com, roaming.officeapps.live.com, clients2.google.com, onedscolprdcus21.centralus.cloudapp.azure.com, login.live.com, update.googleapis.com, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, onedscolprdwus14.westus.cloudapp.azure.com, a1864.dscd.akamai.net, clients1.google.com, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, accounts.google.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, onedscolprdaue02.australiaeast.cloudapp.azure.com, ctldl.windowsupdate.com, settings-win.data.microsoft.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, osiprod-uks-buff-azsc-000.uksouth.
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtCreateFile calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtSetValueKey calls found.
- VT rate limit hit for: 52e69dd2-1038-4cc3-9a28-bd4e33724309.eml
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
239.255.255.250 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | EvilProxy, HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 231348 |
Entropy (8bit): | 4.396262924119448 |
Encrypted: | false |
SSDEEP: | 1536:vLYL+pgscvohzvT1xgsZCNcAz79ysQqt2NaNclqoQ5xrcm0FvpciygnHXTb5r8u/:E4gWjTg/miGu2nqoQ7rt0FvUIPyqNAc |
MD5: | 053E2BA9BC9B63F683DB9B1B3D54FE29 |
SHA1: | 4CAECA416603E0B28BA41E73645794C24D8837F7 |
SHA-256: | FF4693AB5600268E7995A62CA857BA693E7023CEE284B7F8E4FA018CD4898020 |
SHA-512: | 681118B09737372F3254BDC4ABB60EAF65C03BAD33DAF77C0C0E0D80383E7DA704EC8DE438D9D40C0F44FF8830876878E99640A0EF1A47F9536C957E043330D9 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 322260 |
Entropy (8bit): | 4.000299760592446 |
Encrypted: | false |
SSDEEP: | 6144:dztCFLNyoAHq5Rv2SCtUTnRe4N2+A/3oKBL37GZbTSB+pMZIrh:HMLgvKz9CtgRemO3oUHi3SBSMZIl |
MD5: | CC90D669144261B198DEAD45AA266572 |
SHA1: | EF164048A8BC8BD3A015CF63E78BDAC720071305 |
SHA-256: | 89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899 |
SHA-512: | 16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 10 |
Entropy (8bit): | 2.6464393446710157 |
Encrypted: | false |
SSDEEP: | 3:LBcbcs:t0v |
MD5: | 57212EF644619184FF215E2FEED8E9D7 |
SHA1: | 7EF50EA45D0423018C2B8BC5E2FF4C90FE6DCB4C |
SHA-256: | 0B983456AEDB542B692BCA3EAB0C52AE07715F7AAF9CC7D481EC736DFDD03ED2 |
SHA-512: | 2997CC51007167D926DC4184630CA1201494F7153D745CE0F9A484869B6C53BFF37F8A03BFD5CA4AB5E1E3FD0F4941B0BA9229C9B7E6826E9559F849843F3691 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\F681DE31-A5E1-452D-BDF4-78922174436B
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 176428 |
Entropy (8bit): | 5.287397724335617 |
Encrypted: | false |
SSDEEP: | 1536:Di2XfRAqcbH41gwEiLe7HW8bM/o/NMYcAZl1p5ihs7EXX2EAD2Odad:W4e7HW8bM/o/wXzku |
MD5: | E95EF247C4C76664329E917A81FBF78C |
SHA1: | B1EC7A457DD9F76A4942927AA0BDD60421876532 |
SHA-256: | 4BA46073B50A80D0ECF3134958FE42405D61377911E0691FA6C855AEB8F82EEE |
SHA-512: | C184C2ECD45EBEE5D8B52DC038137226C8462BBE2A38CD6D6FE2C96E57A8DF6C9F945404C57E9924CD09FF7C19C0DA3B4E5B8A5C0985C4365DCA951C63B33B54 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4096 |
Entropy (8bit): | 0.09216609452072291 |
Encrypted: | false |
SSDEEP: | 3:lSWFN3l/klslpF/4llfll:l9F8E0/ |
MD5: | F138A66469C10D5761C6CBB36F2163C3 |
SHA1: | EEA136206474280549586923B7A4A3C6D5DB1E25 |
SHA-256: | C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6 |
SHA-512: | 9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4616 |
Entropy (8bit): | 0.13619563930970963 |
Encrypted: | false |
SSDEEP: | 3:7FEG2l+4Ftsll/FllkpMRgSWbNFl/sl+ltlslVlllfll4Fn:7+/l3FiBg9bNFlEs1EP/Yn |
MD5: | 16545DA08A035A7F4644EB0E62612541 |
SHA1: | DF4EA29736046E0006B022AE043C9FF5D4AB13A7 |
SHA-256: | 35BDB600AE3C564C8E0B064BD7C063557B39CFC35A04783F765633B0422012CD |
SHA-512: | C6C2ACAE57BE915109C42E1E09B1D9612CE90D06A938A8B5A187E4EB9B821FCAF24FDC72EA371EB7284F1D4AB83C0EF50C87AF5943CEC305A82B59490078A4EA |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.04482848510499482 |
Encrypted: | false |
SSDEEP: | 3:G4l2fD0xtsl2fD0xtel8lL9//Xlvlll1lllwlvlllglbXdbllAlldl+l:G4l2IMl2I+l0L9XXPH4l942U |
MD5: | 4DA482B4A5D9A4279F95F73965A26273 |
SHA1: | 1DDF40580946BB2559C640D8210818E6653340F7 |
SHA-256: | 687825760B45B850F4BCEAC62326086CE9EB88349B5D7DC2E2C2C076E7B26287 |
SHA-512: | F3D0A3DB67B034E496577A86409619BC5A3D5A9B206E3644C64C3345DADF9DA9DEA2B17B3CC5FECA31DACF65AE805FA14DDA0F47A316F2FDF2BF4394FB7BAFE6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 45352 |
Entropy (8bit): | 0.39453178716546183 |
Encrypted: | false |
SSDEEP: | 24:KAEgQ3zRDNYs8Ull7DBtDi4kZERDHTzqt8VtbDBtDi4kZERDz:NEgQ1SFUll7DYMPzO8VFDYM |
MD5: | CAB54A90A98416F5E0650C2C6C21944F |
SHA1: | 32F3669CF97F9B8C0CDBF224DBFDCD293BFF3E56 |
SHA-256: | 5522DC108412BE4C450D18EEEEB9A90E701628A0E8C8848B1D4F2D572FE2CE64 |
SHA-512: | DFB350DDF45B15AE6BE7D1598B11BA7358D6C7D4925FE5A0BB6B8CD0BD23D2D3D5F1E1C6135408903E4EE0779E1164982F100026E27321AB3571B3E5A09BBA87 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2278 |
Entropy (8bit): | 3.8360604405156 |
Encrypted: | false |
SSDEEP: | 48:uiTrlKxsxxGuJxl9Il8u04pSlys+KBZZJUxiIgOIytw7YMXDd1rc:vp9YLOyHziI+ytrMU |
MD5: | A9859CEC90E9A29B90C2CA380A05F997 |
SHA1: | 40C7D37AB37EDCEB269B5DDFFCFA47387C56B48F |
SHA-256: | 15BE345C27D27ADD8EC5A8AE51DEDFE269EAFE93CBDBD9F58DAA376086616870 |
SHA-512: | 93F5ADF2DB82D16A2C01D11A223AE96E0F68F29EE69D179B423C6808419C5BD356C387F97596D200EE0A719F054E33BF70A9178767563E1A055E3CF75DC8F91F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4542 |
Entropy (8bit): | 4.005819623436629 |
Encrypted: | false |
SSDEEP: | 96:kuYLaDxJclKu30ZMSh8OyiAQp8Blvd/dZ9hS9Kb:TJxv1uSTyqyBlvln1b |
MD5: | 5113BEA84108CA0F6A42F392D28A634A |
SHA1: | 13500F5AB0703CE08CBFED7A25CAA7445276C786 |
SHA-256: | D6FE99362D3CB5741A30DCD59E188ECA01E75B3DFCF3E678418B8000EB78D544 |
SHA-512: | 48C6B7E9A315CDC407A419F4BDB9B49DDB075F4D2915667F5D5CB18CC8B94646D53A2E1DE5068602521592BB0A6E00185E977ECC8E8A2F4590C645A4B5E35D26 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\20CO8UYI\ (002).html:Zone.Identifier
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:gAWY3n:qY3n |
MD5: | FBCCF14D504B7B2DBCB5A5BDA75BD93B |
SHA1: | D59FC84CDD5217C6CF74785703655F78DA6B582B |
SHA-256: | EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913 |
SHA-512: | AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\20CO8UYI\.html:Zone.Identifier
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:gAWY3n:qY3n |
MD5: | FBCCF14D504B7B2DBCB5A5BDA75BD93B |
SHA1: | D59FC84CDD5217C6CF74785703655F78DA6B582B |
SHA-256: | EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913 |
SHA-512: | AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{A7A489C4-33D2-4748-B6FA-14B0B49FA7E2}.tmp
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 3952 |
Entropy (8bit): | 3.1426571681695963 |
Encrypted: | false |
SSDEEP: | 24:vcEjkqnZ7GFNw3Vfr2n2DFvzWKavLyhlsrk/h9mNC+1BbSZTAnDelQo1M5QnUFby:0scFNopoGCLyhkC6tHnDxDcm8p |
MD5: | D89CD0985CE9FB49C3B12EA9F68E142C |
SHA1: | BF12CA86AD1DFE140094EB1C49A87B5D80F85CC0 |
SHA-256: | F1759481E3D31BF890669E47D304E9D6E7546402A0E4577800740130F6A4F85A |
SHA-512: | 51D2DC5BAC6156BE217C51EB30C50AF820C9D14641B034344ECD75CDD3958AAF09F9FA5152468AC122430B156543E80493DA99995262F1BFDB0234359C82954C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1724962973184847000_2132E419-568C-4C9D-B774-A97F0A3B7661.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.006149432983310596 |
Encrypted: | false |
SSDEEP: | 192:i/0W/8KTHnlLuXhrR814HWHT6Hw3ujDIomnsB06VE3VoB:e0KzTHlL0F81uSTew+jDILnf6a3WB |
MD5: | 7353C2B997274B22521F260277C21B38 |
SHA1: | 1D07D190F57A3CC0B7A29735F5E6108C741F6A2D |
SHA-256: | 2E6E6BEFF928100FF080862B1B073BB0EB0E3178A9010FA1E0D6E6601AB23C06 |
SHA-512: | B31443F024CE51EE4A271C665307E4BD6273F64120A5D73473784DFA6B51F540306C57CFFFF247F0847F1D16274ED5ABEE01AC2975BBEF52D028BAAC3B02818B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1724962973185463000_2132E419-568C-4C9D-B774-A97F0A3B7661.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | 8F4E33F3DC3E414FF94E5FB6905CBA8C |
SHA1: | 9674344C90C2F0646F0B78026E127C9B86E3AD77 |
SHA-256: | CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC |
SHA-512: | 7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240829T1622520998-5888.etl
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 192512 |
Entropy (8bit): | 4.8109835171454485 |
Encrypted: | false |
SSDEEP: | 1536:r4F39XMAjG2oA2BaeVIXb9SgNSDT8OMACOS2WuCeEJxbJvXan:r4F3hMA+2DYDwNpXan |
MD5: | B6B3E0F8E3481A332A53B2BDDE410463 |
SHA1: | C2FE1630476062D888EB2F8B6E2D4DAE261D205D |
SHA-256: | 395E43A3A0FAA0BA175093259194C59EACE6C4218C78FB5002BC33A5420C0958 |
SHA-512: | FFF29DFC27B7D613C813C05C26B6FE7691E52953BA90FC983884628A793B4251CEBF9323F3DEC53C56BA28EE8475D9DE4E6993A39D3D5EB9FD62D926AA88F87A |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 1.2389205950315936 |
Encrypted: | false |
SSDEEP: | 3:K1Z:K |
MD5: | 4F736005B6CED26F21CF10B590913C7F |
SHA1: | 87EA75DEF38813A1CC1D1C514FAE224026070E6E |
SHA-256: | 7EA5AD222CB0AD0A02FE4D7B0B794F10788CA54B337A879318D724ADE738A4DF |
SHA-512: | FF8801C6EAA077D25F533FCF316065F960E916AB5AED66C2E2B75BBF756C4AAD718866829C674C4240EB7CC84DFC77A9EB2FFEEF592953BF3CF5DD9741427943 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.990745192896675 |
Encrypted: | false |
SSDEEP: | 48:8adOTqGKH5ZidAKZdA1FehwiZUklqehly+3:8T/qqy |
MD5: | 4E9B48A8AD1341DD5D49AD03A2F5B52B |
SHA1: | E3A04DD5E20FD38C8E0D2D10FDDDD1D54E678CBB |
SHA-256: | 807B2ECC68BA42442DC2E589E45F6720FCAB0CBC0C945098EDAD5C30E8D43A31 |
SHA-512: | E4F5EB122756E9F39FB23B4FC741F82D92D4F5BDABAAD743C202CF2F94B5D0B6D834FAFBC19160BB7591589AC2A91ADAC7E5D8BDDF438399853BBC1D95B1DBA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 4.007092337152222 |
Encrypted: | false |
SSDEEP: | 48:8qdOTqGKH5ZidAKZdA1seh/iZUkAQkqehay+2:8j/E9Qny |
MD5: | 806A917BBB74C4A96CD9088258C6406A |
SHA1: | 4B671D549067ACF09CC2328E0679E07309E82B6A |
SHA-256: | 61429EB564F92AFBF2C78617DC0509A7590B771295F2EFE3164E6FA5042D83C7 |
SHA-512: | ABB784EAB68C6FA607059B9E36922FEE509934064ADF5D16C6D787E5B22DC017D2AA7CE7066EC02E3AA8707FB749242C257C88002771332E3FF85EDC32DBA4EB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.0123139719857965 |
Encrypted: | false |
SSDEEP: | 48:8udOTqGAH5ZidAKZdA14meh7sFiZUkmgqeh7sMy+BX:8//inmy |
MD5: | DDE0339F093573BE9ADE20AE03CFDDAC |
SHA1: | 2DA57519D71279724B1BE396C283A77A20221E22 |
SHA-256: | 21587BD5AB7C19182CAD6E474141A3526E0BA02B5E8A3E92C6A496A4F93F1B28 |
SHA-512: | 0247149DBA42E7D8D930356AE086A721230AE51EB5DEF75057D7E439F3AD4A015A6A586B345C0CAD3FD77597CFE3A1A4A5B8F751608924C5CE43B8B6E7B5692C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 4.004878444643731 |
Encrypted: | false |
SSDEEP: | 48:8GdOTqGKH5ZidAKZdA1TehDiZUkwqehey+R:83/fky |
MD5: | 25B32A4C25607FA8E1A5B26CA46FD6C1 |
SHA1: | ACA803CB97D47E40BD91C585C906849ACF6D6119 |
SHA-256: | 1A76A841A67D70FB4C8B92A30C03A8A956C747290815B850A508E5FF4D600CCC |
SHA-512: | E62F353AE0929450ED1E117EAA5AB799D4F91BF507DF9249C9748376457008A8C4565E09EF4FBD4D4BDCA3A0AFA53D91AB32E6282D77D929D2110343FE4F5EAD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.993335636142665 |
Encrypted: | false |
SSDEEP: | 48:8sdOTqGKH5ZidAKZdA1dehBiZUk1W1qehoy+C:8N//9Iy |
MD5: | EDD2F1E9972970B967383B18C4789637 |
SHA1: | 1B7B2E13D6896D3727479F523BBA2E92E82BC853 |
SHA-256: | 36B8E00F8C44CBD20AB8CD4A10EF3C0D267D801B85B16DF8056C25C535900E16 |
SHA-512: | 334A14EF9C06F42A506DCFD1182A561FC657B232C1818235A7BFBE86F480103DC72891E63B9CA678A05B6BA0474641DF6AC85E6AE00EDCD3FBE6DAC16EE8812A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 4.001897168945366 |
Encrypted: | false |
SSDEEP: | 48:8D2dOTqGKH5ZidAKZdA1duTeehOuTbbiZUk5OjqehOuTbmy+yT+:8Dn/DTfTbxWOvTbmy7T |
MD5: | 923C48AA8AF5946400CAC24BE5376CF8 |
SHA1: | 293A8322F4AFE32FECE85F4B1139A0756F019F25 |
SHA-256: | 5A09039327D07063A222F478E6D9C5C345C4B99047356661EF3B3105119CD2C6 |
SHA-512: | 48D91DE1419DEE6E93E9DE9BC78F41349CF6B8348250D207C94498271B75DF997E9B028F9EF830A1E52B9D7260B422A6EC894A80AE381B7545C93976412ABD71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 271360 |
Entropy (8bit): | 2.8119643215089756 |
Encrypted: | false |
SSDEEP: | 1536:TTPjxBKxn0508CnfMVeFnl5vvStHtzcGAFxCYUt3kDfcjEpEy10BAwrCrJW53jEp:/PWEzcVb1pfBpjiw8pj |
MD5: | C90F76C4D9FD5A45284DD7ECF8AFCCF3 |
SHA1: | 0D72D3013D2DDF87FFD8B6B09181719256797B88 |
SHA-256: | F5A1AD93547E0EB18715A829F299A09E87B218B095319050964CE9272D918446 |
SHA-512: | 512E4B410791D1A92B9CA0E76CAD0600A612B32CBF77B8FC78ACB514ED4E7F77781BEE9271956D7F2C032410726FF935EF4870866FFEABD1993D7E032F913E98 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 2.9553379554759878 |
Encrypted: | false |
SSDEEP: | 1536:MW53jEpEHPVQ10BAwr1w53TXYdZRsUTL050It3cd7yW53jEpEHPVQ10BAwr:OpjMsAapj |
MD5: | 6EFEAEF524700265BDB96F6FAC3E70E9 |
SHA1: | A27DC560B6FDE4AB7484701C76720895F9F39679 |
SHA-256: | C9119A7BD854DDB04468D665509AD9C46D301A21E048DDD406F82F5E00BACD4D |
SHA-512: | 44F243929A8EF6EA8195B844775F7685A34760A1164393B4EF3419480CC87B4B18E0138873F03685D9C82F4E3C9EAB7ADF7C938B5D41BE5FACEF26CBAE18D552 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 5.949923509672728 |
TrID: |
|
File name: | 52e69dd2-1038-4cc3-9a28-bd4e33724309.eml |
File size: | 23'141 bytes |
MD5: | b3e60c264ee4c75b4c57331cc73b6c11 |
SHA1: | 6dd959e25ec399909bc82d957a1741e56b8f9676 |
SHA256: | 36c19f3f6fa525b9c38297399a5ae77638088460e84ceb36658783cd0a496143 |
SHA512: | 44dae2440baaef7763ea582448788cbaeaf36c4348d87f1bb8ed27bf41bb4239c3966a4e7b21ebca75e6185f4eda038eacf9c4174f3b1e05b7db2c4b641a0e2e |
SSDEEP: | 384:gacIUAqR5/ONVhDCZRNNXrezI999999999injKKhrrNrb47YnG:gPIKRuaNtrKjjKKhrrNrb47YG |
TLSH: | 47A2C403568B4383407ACE117B533BBA7F23785D936C4B70F560926C976AC5AB6132FA |
File Content Preview: | Received: from SA1PR06MB8472.namprd06.prod.outlook.com (2603:10b6:806:1cf::17).. by BYAPR06MB6007.namprd06.prod.outlook.com with HTTPS; Thu, 29 Aug 2024.. 09:31:00 +0000..Received: from YQZPR01CA0150.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c01:8c::9).. by SA |
Subject: | Due Invoices |
From: | Accoutning <bt@termitac.com.sg> |
To: | sbenjimen@imax.com |
Cc: | |
BCC: | |
Date: | Thu, 29 Aug 2024 05:30:16 -0400 |
Communications: |
|
Attachments: |
|
Key | Value |
---|---|
Received | from <ssl.SSLContext object at 0x7c4626aefdc0> (102.188.227.35.bc.googleusercontent.com [35.227.188.102]) by sgsmtp15.sgcloudhosting.com with SMTP (version=Tls12 cipher=Aes256 bits=256); Thu, 29 Aug 2024 17:29:52 +0800 |
Authentication-Results | spf=fail (sender IP is 67.231.150.198) smtp.mailfrom=termitac.com.sg; dkim=fail (signature did not verify) header.d=spamexpertfilter.sgcloudhosting.com;dmarc=none action=none header.from=termitac.com.sg;compauth=none reason=405 |
Received-SPF | Fail (protection.outlook.com: domain of termitac.com.sg does not designate 67.231.150.198 as permitted sender) receiver=protection.outlook.com; client-ip=67.231.150.198; helo=mx0d-007a8001.pphosted.com; |
Date | Thu, 29 Aug 2024 05:30:16 -0400 |
Authentication-Results-Original | sesg01.sgcloudhosting.com; auth=pass (login) smtp.auth=sgsmtp15@spamexpertfilter.sgcloudhosting.com |
DKIM-Signature | v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=spamexpertfilter.sgcloudhosting.com; s=default; h=Subject:To:From: MIME-Version:Content-Type:Message-ID:date:reply-to:sender:cc:bcc:in-reply-to: references:content-transfer-encoding; bh=MvIAZmkAbsnH9StAP+WvtT6Q6g+EFFP6GxDTsAWL6is=; b=gXUKY1mD2sLeI4mbV0eNF9Hy3v /VHiNhimJpLApvDVcV+0wovHjkyRY99ySfGLbAyTP6iGrYY25nODo6EgbU5+y0rnqgdeY+iius/6A 32OFPKrEQ91BcAVc5XluJh7lhfM8KnO9BWo3xI/qWHT4XZ/hqmv1dZAtNHZVgloCzjBM=; |
X-SmarterMail-Authenticated-As | bt@termitac.com.sg |
Message-ID | <bdf84c3f0a9f44659931d8423ee8abe0@7809b9a8afcf492d842b06022b321fbb> |
Content-Type | multipart/related; boundary="===============6743228520958512132==" |
From | Accoutning <bt@termitac.com.sg> |
To | sbenjimen@imax.com |
Subject | Due Invoices |
X-Originating-IP | 103.7.10.184 |
X-SpamExperts-Domain | spamexpertfilter.sgcloudhosting.com |
X-SpamExperts-Username | sgsmtp15 |
X-SpamExperts-Outgoing-Class | unsure |
X-SpamExperts-Outgoing-Evidence | Combined (0.90) |
X-Recommended-Action | accept |
X-Filter-ID | Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT9cV6AwyIQqFS6XfKSKaQA3PUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5xpjGD58QfnNnJkGkDMdPJQ3ZxuBcyOmUxBU6+ylVUSwSGU OnoG27HtwD1nWzKsYtjilbHtbFYVmmyNP/jzd7CCzPgfBgZM0FjuQW6Y55dUiQZmnW/XN+tohdLu D74c7RJlPvZRwd5GoVKxnVw2HUBSg8CBO1Snvm6qXHQp7O9kdW4XURb6ARhuU1gzjeQxGnCvcirM rI7hSGVJrov14AqR/PMbIOc80nC4/niUGh8Tcf25Cgscc2Nqd9azmDa4ZbZiw5JjPOtY6QanNQmH LTEsFEqhVt2bN9kbtY/w/v96Z80ZzaHVG6aDAfQHGejUeojGEEtfPovhjdKtGmhB6DRewSkOOve5 lOn9FzS0TDFfz987BekpxkaiZFbMyZmnki9hKzy27dJ+eI97x1+KvbnG5YE5enyccp7RH4WQio3u GQFRPUQDpR3oqH2AXACejnevcirMrI7hSGVJrov14AqRSK0R7eBBBPnXIkMgMQtV6qa5zn3o6MtK 8pf0hPbAkeCZME8HeiOTBXPmeRcbGamAcxw3qqhc+N6cuEg4XWh5Flp1pbo1ocu5uelHIOfFtowT 97z3JTzZphb20I/gkwdqsoVT3HDACMU3p+383AZ+WS7M0xUvBF0e0kNwQDW04Ohv6soFWdGLFIQa gJrDJRIFwo4f1v+sLTjHAg5x5e2Jlu0Na/DFMms7wkTHFLN/StDHdXIW3oCVmqM4DseF//SvK1Er w36W35MdVm3ym1PL6hQOj9nPwS86HDjNjGTZbcPwoI7+8/u8C0RQ4QmiddJ9UV8ShebT8U8Xw9HT DfreWYlJqvZuxbmXUehqsQ6YJ6A4XjD8YIRbIyMCDTapG1wvS4lfxpmmfCffVhjFnpBYrWN/lgJ4 Z0zPp+o7y1UpkbD1UqH31u1QBqeOcwIAfZyjNvTu2n3pJiR15/X7VnKInTDhJWoWzydYzSvR7U8w qUjKCFDsggc3JeL+rzz5uihsBJ4wgZABrDJG7ExxzKG+ADCbJuKfRG4QOzagj2x6KRKiOcGVafRv Kh/4KLN25G9D+iOkbSRSbQbOrYxN2Qisdw== |
X-Report-Abuse-To | spam@spfilter-1.sesg01.sgcloudhosting.com |
X-CLX-Shades | MLX |
X-CLX-Response | 1TFkXHxoRCkx6FxoRCllEF2xITRh6bFpccHIbEQpYWBdtYwVsXXBvRn4fGBE KeE4XZUt7HWVkWhNCcngRCkNIFxsYHxEKQ1kXGRwRCkNJFxoEGhoaEQpZTRdnZnIRCl9ZFxsTHx EKX00XZ2ZyEQpZSRcbHXEbBhkedwYbGxIGGxoaQAYaBgcYGgYZGnEbEBp3BhoGBx8aBhoGGgYaB hpxGhAadwYaEQpZXhdoY3kRCklGF0NHS1JJRVhadUJFWV5PThEKSUcXeE9NEQpDThcbEmV4e01b dU9DXx4bW39QUlhvGltPZG1wfh97RhkHZhEKWFwXHwQaBBkdGQUbGgQbGxoEGxkeBBkZEBseGh8 aEQpeWRdPaE94bhEKTVwXBx4aEQpMWhdvaU1raxEKQk8XYUZFY3lze2R5Xk0RCkNaFxsaGQQdBB IEGB4TEQpCXhcbEQpCRRdnb3lpHkMdXRN4UhEKQk4XZUt7HWVkWhNCcngRCkJMF21jBWxdcG9Gf h8YEQpCbBdlAXBfWXljElt/SREKQkAXbX19S1taSBpMfFgRCkJYF256S0xNWgVeGRpjEQpNXhcb EQpaWBcYEQp5QxdlSHJaE39LZksBGxEKWUsXEh4YEQpwaBdnQE9IfmxeE3BebhAZGhEKcGsXYxg YZX5LfkJyfQUQEx0RCnBrF2RfXG5wRGdwZRxiEB4SEQpwbBdmaFoZYF9bcB9ARhAZGhEKcEMXbU sSHlNnfG5zfmgQGRoRCm1+FxsRClhNF0sRIA== |
X-Proofpoint-GUID | 18ORQgq_eiu41qUzxrE0qeNGZT5Ql3-L |
X-Authority-Analysis | v=2.4 cv=cbaArWDM c=1 sm=1 tr=0 ts=66d03fa8 cx=c_pps a=mumzzZgRxkYTQLKJcuPGyw==:117 a=mumzzZgRxkYTQLKJcuPGyw==:17 a=nLP2QP6c4UhoX6VlK+IQJU8aVbc=:19 a=DBwwDor5xuMA:10 a=LkmbCIK55k4A:10 a=yoJbH4e0A30A:10 a=5KLPUuaC_9wA:10 a=xFWlENlAFokA:10 a=kLNmGMx_IUS048K-xLYA:9 a=QEXdDO2ut3YA:10 |
X-Proofpoint-ORIG-GUID | 18ORQgq_eiu41qUzxrE0qeNGZT5Ql3-L |
X-Proofpoint-Banner-Trigger | unknownsender |
X-Proofpoint-Virus-Version | |
X-Proofpoint-Spam-Details | rule=inbound_notspam policy=inbound score=17 malwarescore=0 mlxscore=17 lowpriorityscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 unknownsenderscore=20 spamscore=17 mlxlogscore=69 clxscore=50 priorityscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.21.0-2407110000 definitions=main-2408290070 domainage_hfrom=842 |
Return-Path | bt@termitac.com.sg |
X-MS-Exchange-Organization-ExpirationStartTime | 29 Aug 2024 09:30:17.2272 (UTC) |
X-MS-Exchange-Organization-ExpirationStartTimeReason | OriginalSubmit |
X-MS-Exchange-Organization-ExpirationInterval | 1:00:00:00.0000000 |
X-MS-Exchange-Organization-ExpirationIntervalReason | OriginalSubmit |
X-MS-Exchange-Organization-Network-Message-Id | 81a5773f-2f12-449c-0895-08dcc80d319d |
X-EOPAttributedMessage | 0 |
X-EOPTenantAttributedMessage | 690377a2-597f-481c-a498-b51532ed1e7d:0 |
X-MS-Exchange-Organization-MessageDirectionality | Incoming |
X-MS-PublicTrafficType | |
X-MS-TrafficTypeDiagnostic | QB1PEPF00004E0D:EE_|SA1PR06MB8472:EE_|BYAPR06MB6007:EE_ |
X-MS-Exchange-Organization-AuthSource | QB1PEPF00004E0D.CANPRD01.PROD.OUTLOOK.COM |
X-MS-Exchange-Organization-AuthAs | Anonymous |
X-MS-Office365-Filtering-Correlation-Id | 81a5773f-2f12-449c-0895-08dcc80d319d |
X-MS-Exchange-AtpMessageProperties | SA|SL |
X-MS-Exchange-Organization-SCL | -1 |
X-Microsoft-Antispam | BCL:0;ARA:13230040|82310400026|3613699012|43540500003; |
X-Forefront-Antispam-Report | CIP:67.231.150.198;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:CAL;SFV:NSPM;H:mx0d-007a8001.pphosted.com;PTR:mx0d-007a8001.pphosted.com;CAT:NONE;SFS:(13230040)(82310400026)(3613699012)(43540500003);DIR:INB; |
X-MS-Exchange-CrossTenant-OriginalArrivalTime | 29 Aug 2024 09:30:17.1335 (UTC) |
X-MS-Exchange-CrossTenant-Network-Message-Id | 81a5773f-2f12-449c-0895-08dcc80d319d |
X-MS-Exchange-CrossTenant-Id | 690377a2-597f-481c-a498-b51532ed1e7d |
X-MS-Exchange-CrossTenant-AuthSource | QB1PEPF00004E0D.CANPRD01.PROD.OUTLOOK.COM |
X-MS-Exchange-CrossTenant-AuthAs | Anonymous |
X-MS-Exchange-CrossTenant-FromEntityHeader | Internet |
X-MS-Exchange-Transport-CrossTenantHeadersStamped | SA1PR06MB8472 |
X-MS-Exchange-Transport-EndToEndLatency | 00:00:43.4261006 |
X-MS-Exchange-Processed-By-BccFoldering | 15.20.7875.019 |
X-Microsoft-Antispam-Mailbox-Delivery | ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198); |
X-Microsoft-Antispam-Message-Info | l7BFpqipz9HgJSMm2DQQQkIH2ELWA3kDL9U0sqcBHklTqs/Mt3jYPHAbTvm2jzlDiNAFiv5S4r/oPdcjKjWRd2RQVOXiVNXelx3D0kBD4Mgekrx2xQ8lznXY7uM7uOFZfdGhbUXwUeMCL6N45t8+t08pDGoUJLXbcvTwTT8NJASbllYrzEvwFHFFtAff6KJEwCbc8kZm3TiApQqVG9RZ74PZhXJZF6c6tgnY2z/afXFXJiAVG7fajnCXFPIvYLn343YJHy5zgITKcaFw+GH7YZE1I0EEsPZi0ZecJe1RqeeFeFb3L6p6hPtjVmmDNTCFY80I9bcgDxFO84np4vFtanujD1ez8YBHnLtJgYFgYCcZqI4kytOCr9Gcci8EDRgBwInjLwQgtnt9fw2ylFR5ZPwtJSAGXpfl1ac8ltMEhPsyYnpjjnw3XcDCEinNi1B9HYG0hv8Q9zeZSw4xfd9d7cBIWTr1UOUU1nTGe4NtmEtFopglK233Ot6hwb6xrfZixaMpYD4nZzMi36MdoEL6EfH/USrKc9rHh/xAKaV4OhgLZS8SIdX1iZQ1RI+FWdU5guPUJHog28nGkDDf6rIGX1PUsSIbvlLcu07SwKw5Fgc8CIvs3NA8YcO/ZhccHzXzzwKlamqaKQNhEpvMUnb8cpNtppq23sZ7NT0Iu8w219soPVjwRVBUCwNQuNcZ0iJ4Ld1Re7P1BuPgM4pAd/MQ/biQ5NiPfdvpJUxQfXHZPU1OJdMm5iU6I0cKZjZ8vZe2So6lZ7Mzd2/Sfy51oV9qJNWnjupvvERdY5gALCYvDuLSnjkSrocrM/NkplAVSXgphW3CUtVOyTahb4nJaP0M4RPpAT91eyC58AGzuAvyKRVB4U6Yd0q0RW15bFRwEDwmFwlUAhsO9m8GjooMN27x/td1jN7U5s0mRmKi3XWJqJFYuNQv041i+Xb6MVp+ArDS35sfSo05KtgXZFf8WwizW1PXi+t+66a3WUCfAxcaBGOmZNTV5ZwPX+2sFVSrD9W2pEhCwXP+rZtrJ1WkWTXkNvwkbbLu8CipeDvynYDuyfOapz07anxqQG8I0/JAtFH3g9APGaqNrR3gLoGqUbtjB0QOvNzB/PGRJq16IC2/RhnyCve9wtqWf0xlWm9axi46bjY7ZUcZ26f5yrHpU7ogc+dM2LNmO2MLicHLSvoEWVlkgfEQfHRxUJvnEIAr/zRK4FcQViqxq7KWD0EoVJAbIX+x78b4EjsreZLeqY/ZEcu4k8joEBIac/1FFmscz6bVHMFQuQn9jwu4f32tpCV8BVESHum+S/cc6x+E2j2SFAgzWN85N+Ju5U1xxcoM7il5t7Elt7GCO5OCLZjfcS5tq7sn6fjE9vdJVSBzw8V9QOFx+jgs//J4zdEo7glFeiVR6EazVNDjEotpQYY7pe4PItEk3uiRn0hsAyi0oQNSDIx7wmYo2LnLN/jEjFmTAmTcHjDmtbo7TPe6ogEkH5D6pAt0RAJGqD37jGZ4qPbynCtUurT6L3jLV845ZzlWbsvOVMiUUT7rq3P/pFKk6t50/7LCjMeXbMfu+4WDRTi8ZXqpc+ACtNzgsxFKqh8Xna0bqvQIsy/Wg0l1dgY66FTcekNfN2/cULOm0dR4BpQ3PZPK0sIYTstxcSv2DdgV6REecdKirfSlF33cnasEUJe/Pctdsc7vq2IYgL9kH1X6cYKo8U20MIzDaLD0U9A2kRS6EFWUdQWJwMo3sIZRTsdOhLKABdpg3WKA3jHsjeU/yvweDU7EwGesqn8hEbCqtEo8pZvb1ugEChGyI21mwUKAgLOqK53gxFPdjMI0aVsSp5fx2a0bXPI9z9nvIhaIJHNX3+W7BhZgCPE0QIt2UxFFtyR0VZ0/nsqi42qFvrQiN6g0ty21GwtuSKPU6qA3o2BoXKvrCAx3JCI2xpav/GmBDlJnyhjCOVRJ/QjHalfSM71ufh6g1QYT0K30/YtXyUTnnaHsJ779a6+T+7LCQX+4hrstby7imjEfyOibAZqUdPrvR9w/lDbHoiRLnoZDJP8kQANZArafRCRQyPC8X/pHCzA1jieCUykStr3RZG+C6jhLOsCTIwbY5zD/4wn/zBm2JHLt9NDR47cCZ34A9k35+xNoob0nqchUmqPKWotC9Qt22DyPpb7Fx+yYTDhsDCORJInuL0e9leJHnBRhrYrRhGrepaUXIJ8gpERJ3AAPKSAzdSlSrye3O7nM7NU4qHcgz1Dceq85N7AXILUCOrXwwqeHPdKSNLk9FBpB63liaT1tOmwcqgf+OVDv+5oym5QX |
MIME-Version | 1.0 |
Icon Hash: | 46070c0a8e0c67d6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 29, 2024 22:22:53.837935925 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Aug 29, 2024 22:22:54.145694017 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Aug 29, 2024 22:22:54.759682894 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Aug 29, 2024 22:22:55.964670897 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Aug 29, 2024 22:22:56.462904930 CEST | 49689 | 80 | 192.168.2.16 | 192.229.211.108 |
Aug 29, 2024 22:22:58.364685059 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Aug 29, 2024 22:23:00.014847994 CEST | 49699 | 443 | 192.168.2.16 | 184.28.90.27 |
Aug 29, 2024 22:23:00.014899969 CEST | 443 | 49699 | 184.28.90.27 | 192.168.2.16 |
Aug 29, 2024 22:23:00.014986038 CEST | 49699 | 443 | 192.168.2.16 | 184.28.90.27 |
Aug 29, 2024 22:23:00.016727924 CEST | 49699 | 443 | 192.168.2.16 | 184.28.90.27 |
Aug 29, 2024 22:23:00.016741037 CEST | 443 | 49699 | 184.28.90.27 | 192.168.2.16 |
Aug 29, 2024 22:23:00.689152002 CEST | 443 | 49699 | 184.28.90.27 | 192.168.2.16 |
Aug 29, 2024 22:23:00.689239979 CEST | 49699 | 443 | 192.168.2.16 | 184.28.90.27 |
Aug 29, 2024 22:23:00.694797039 CEST | 49699 | 443 | 192.168.2.16 | 184.28.90.27 |
Aug 29, 2024 22:23:00.694808960 CEST | 443 | 49699 | 184.28.90.27 | 192.168.2.16 |
Aug 29, 2024 22:23:00.695110083 CEST | 443 | 49699 | 184.28.90.27 | 192.168.2.16 |
Aug 29, 2024 22:23:00.735677958 CEST | 49699 | 443 | 192.168.2.16 | 184.28.90.27 |
Aug 29, 2024 22:23:00.735922098 CEST | 49699 | 443 | 192.168.2.16 | 184.28.90.27 |
Aug 29, 2024 22:23:00.776492119 CEST | 443 | 49699 | 184.28.90.27 | 192.168.2.16 |
Aug 29, 2024 22:23:00.964272976 CEST | 443 | 49699 | 184.28.90.27 | 192.168.2.16 |
Aug 29, 2024 22:23:00.964324951 CEST | 443 | 49699 | 184.28.90.27 | 192.168.2.16 |
Aug 29, 2024 22:23:00.964382887 CEST | 49699 | 443 | 192.168.2.16 | 184.28.90.27 |
Aug 29, 2024 22:23:00.964468956 CEST | 49699 | 443 | 192.168.2.16 | 184.28.90.27 |
Aug 29, 2024 22:23:00.964493036 CEST | 443 | 49699 | 184.28.90.27 | 192.168.2.16 |
Aug 29, 2024 22:23:00.964507103 CEST | 49699 | 443 | 192.168.2.16 | 184.28.90.27 |
Aug 29, 2024 22:23:00.964512110 CEST | 443 | 49699 | 184.28.90.27 | 192.168.2.16 |
Aug 29, 2024 22:23:01.004045963 CEST | 49700 | 443 | 192.168.2.16 | 184.28.90.27 |
Aug 29, 2024 22:23:01.004081011 CEST | 443 | 49700 | 184.28.90.27 | 192.168.2.16 |
Aug 29, 2024 22:23:01.004159927 CEST | 49700 | 443 | 192.168.2.16 | 184.28.90.27 |
Aug 29, 2024 22:23:01.004424095 CEST | 49700 | 443 | 192.168.2.16 | 184.28.90.27 |
Aug 29, 2024 22:23:01.004436016 CEST | 443 | 49700 | 184.28.90.27 | 192.168.2.16 |
Aug 29, 2024 22:23:01.640634060 CEST | 443 | 49700 | 184.28.90.27 | 192.168.2.16 |
Aug 29, 2024 22:23:01.640723944 CEST | 49700 | 443 | 192.168.2.16 | 184.28.90.27 |
Aug 29, 2024 22:23:01.645812988 CEST | 49700 | 443 | 192.168.2.16 | 184.28.90.27 |
Aug 29, 2024 22:23:01.645829916 CEST | 443 | 49700 | 184.28.90.27 | 192.168.2.16 |
Aug 29, 2024 22:23:01.646063089 CEST | 443 | 49700 | 184.28.90.27 | 192.168.2.16 |
Aug 29, 2024 22:23:01.649631977 CEST | 49700 | 443 | 192.168.2.16 | 184.28.90.27 |
Aug 29, 2024 22:23:01.692507982 CEST | 443 | 49700 | 184.28.90.27 | 192.168.2.16 |
Aug 29, 2024 22:23:01.970279932 CEST | 443 | 49700 | 184.28.90.27 | 192.168.2.16 |
Aug 29, 2024 22:23:01.970355988 CEST | 443 | 49700 | 184.28.90.27 | 192.168.2.16 |
Aug 29, 2024 22:23:01.970520973 CEST | 49700 | 443 | 192.168.2.16 | 184.28.90.27 |
Aug 29, 2024 22:23:01.971239090 CEST | 49700 | 443 | 192.168.2.16 | 184.28.90.27 |
Aug 29, 2024 22:23:01.971260071 CEST | 443 | 49700 | 184.28.90.27 | 192.168.2.16 |
Aug 29, 2024 22:23:01.971270084 CEST | 49700 | 443 | 192.168.2.16 | 184.28.90.27 |
Aug 29, 2024 22:23:01.971275091 CEST | 443 | 49700 | 184.28.90.27 | 192.168.2.16 |
Aug 29, 2024 22:23:02.003000021 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Aug 29, 2024 22:23:02.317827940 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Aug 29, 2024 22:23:02.885552883 CEST | 49701 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:02.885586023 CEST | 443 | 49701 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:02.885680914 CEST | 49701 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:02.886456013 CEST | 49701 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:02.886467934 CEST | 443 | 49701 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:02.919691086 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Aug 29, 2024 22:23:03.111480951 CEST | 49702 | 443 | 192.168.2.16 | 20.12.23.50 |
Aug 29, 2024 22:23:03.111517906 CEST | 443 | 49702 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:03.111589909 CEST | 49702 | 443 | 192.168.2.16 | 20.12.23.50 |
Aug 29, 2024 22:23:03.112556934 CEST | 49702 | 443 | 192.168.2.16 | 20.12.23.50 |
Aug 29, 2024 22:23:03.112566948 CEST | 443 | 49702 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:03.169851065 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Aug 29, 2024 22:23:03.680193901 CEST | 443 | 49701 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:03.680402994 CEST | 49701 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:03.682815075 CEST | 49701 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:03.682825089 CEST | 443 | 49701 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:03.683077097 CEST | 443 | 49701 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:03.717807055 CEST | 49701 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:03.717865944 CEST | 443 | 49701 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:03.717948914 CEST | 49701 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:03.727849007 CEST | 443 | 49702 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:03.727933884 CEST | 49702 | 443 | 192.168.2.16 | 20.12.23.50 |
Aug 29, 2024 22:23:03.729300976 CEST | 49702 | 443 | 192.168.2.16 | 20.12.23.50 |
Aug 29, 2024 22:23:03.729307890 CEST | 443 | 49702 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:03.729511023 CEST | 443 | 49702 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:03.780410051 CEST | 49702 | 443 | 192.168.2.16 | 20.12.23.50 |
Aug 29, 2024 22:23:03.824500084 CEST | 443 | 49702 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:03.982202053 CEST | 443 | 49702 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:03.982222080 CEST | 443 | 49702 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:03.982228994 CEST | 443 | 49702 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:03.982239962 CEST | 443 | 49702 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:03.982269049 CEST | 443 | 49702 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:03.982323885 CEST | 49702 | 443 | 192.168.2.16 | 20.12.23.50 |
Aug 29, 2024 22:23:03.982342958 CEST | 443 | 49702 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:03.982372999 CEST | 49702 | 443 | 192.168.2.16 | 20.12.23.50 |
Aug 29, 2024 22:23:03.982402086 CEST | 49702 | 443 | 192.168.2.16 | 20.12.23.50 |
Aug 29, 2024 22:23:03.983293056 CEST | 443 | 49702 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:03.983360052 CEST | 49702 | 443 | 192.168.2.16 | 20.12.23.50 |
Aug 29, 2024 22:23:03.983361959 CEST | 443 | 49702 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:03.983412027 CEST | 49702 | 443 | 192.168.2.16 | 20.12.23.50 |
Aug 29, 2024 22:23:04.029138088 CEST | 49702 | 443 | 192.168.2.16 | 20.12.23.50 |
Aug 29, 2024 22:23:04.029153109 CEST | 443 | 49702 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:04.029165030 CEST | 49702 | 443 | 192.168.2.16 | 20.12.23.50 |
Aug 29, 2024 22:23:04.029170036 CEST | 443 | 49702 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:04.077199936 CEST | 49703 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:04.077224970 CEST | 443 | 49703 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:04.077322006 CEST | 49703 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:04.078197002 CEST | 49703 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:04.078207970 CEST | 443 | 49703 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:04.130835056 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Aug 29, 2024 22:23:04.873961926 CEST | 443 | 49703 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:04.874037027 CEST | 49703 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:04.910721064 CEST | 49703 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:04.910738945 CEST | 443 | 49703 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:04.910943985 CEST | 443 | 49703 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:04.912058115 CEST | 49703 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:04.912113905 CEST | 49703 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:04.912133932 CEST | 443 | 49703 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:05.274224997 CEST | 443 | 49703 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:05.274250031 CEST | 443 | 49703 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:05.274288893 CEST | 443 | 49703 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:05.274333000 CEST | 49703 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:05.274353981 CEST | 443 | 49703 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:05.274391890 CEST | 49703 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:05.274650097 CEST | 443 | 49703 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:05.274846077 CEST | 49703 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:05.274846077 CEST | 49703 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:05.274862051 CEST | 443 | 49703 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:05.274892092 CEST | 49703 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:05.274897099 CEST | 443 | 49703 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:05.367827892 CEST | 49704 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:05.367850065 CEST | 443 | 49704 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:05.367953062 CEST | 49704 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:05.368145943 CEST | 49704 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:05.368156910 CEST | 443 | 49704 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:05.400517941 CEST | 49705 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:05.400543928 CEST | 443 | 49705 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:05.400765896 CEST | 49705 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:05.400959015 CEST | 49705 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:05.400968075 CEST | 443 | 49705 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:06.165770054 CEST | 443 | 49704 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:06.166940928 CEST | 49704 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:06.166940928 CEST | 49704 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:06.166970015 CEST | 443 | 49704 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:06.166982889 CEST | 443 | 49704 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:06.166989088 CEST | 49704 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:06.166999102 CEST | 443 | 49704 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:06.218887091 CEST | 443 | 49705 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:06.221158981 CEST | 49705 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:06.225883007 CEST | 49705 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:06.225893974 CEST | 443 | 49705 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:06.226080894 CEST | 443 | 49705 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:06.226490021 CEST | 49705 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:06.226490021 CEST | 49705 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:06.226517916 CEST | 443 | 49705 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:06.472829103 CEST | 443 | 49704 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:06.472847939 CEST | 443 | 49704 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:06.472892046 CEST | 443 | 49704 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:06.472929955 CEST | 49704 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:06.472946882 CEST | 443 | 49704 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:06.472964048 CEST | 49704 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:06.473129034 CEST | 443 | 49704 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:06.473381042 CEST | 49704 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:06.473400116 CEST | 443 | 49704 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:06.473408937 CEST | 49704 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:06.473413944 CEST | 443 | 49704 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:06.473817110 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Aug 29, 2024 22:23:06.521769047 CEST | 49706 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:06.521806002 CEST | 443 | 49706 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:06.521907091 CEST | 49706 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:06.522094011 CEST | 49706 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:06.522108078 CEST | 443 | 49706 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:06.535707951 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Aug 29, 2024 22:23:06.539113998 CEST | 443 | 49705 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:06.539132118 CEST | 443 | 49705 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:06.539159060 CEST | 443 | 49705 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:06.539189100 CEST | 443 | 49705 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:06.539197922 CEST | 49705 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:06.539233923 CEST | 49705 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:06.539509058 CEST | 49705 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:06.539521933 CEST | 443 | 49705 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:06.539530039 CEST | 49705 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:06.539534092 CEST | 443 | 49705 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:06.786781073 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Aug 29, 2024 22:23:07.289259911 CEST | 443 | 49706 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:07.289355040 CEST | 49706 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:07.290486097 CEST | 49706 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:07.290496111 CEST | 443 | 49706 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:07.290707111 CEST | 443 | 49706 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:07.291801929 CEST | 49706 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:07.291836023 CEST | 443 | 49706 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:07.291906118 CEST | 49706 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:07.343620062 CEST | 49707 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:07.343655109 CEST | 443 | 49707 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:07.343744040 CEST | 49707 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:07.343935013 CEST | 49707 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:07.343954086 CEST | 443 | 49707 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:07.387708902 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Aug 29, 2024 22:23:08.102123976 CEST | 443 | 49707 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:08.102226019 CEST | 49707 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:08.103415966 CEST | 49707 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:08.103426933 CEST | 443 | 49707 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:08.103629112 CEST | 443 | 49707 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:08.104708910 CEST | 49707 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:08.104747057 CEST | 443 | 49707 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:08.104805946 CEST | 49707 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:08.160223007 CEST | 49708 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:08.160268068 CEST | 443 | 49708 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:08.161230087 CEST | 49708 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:08.161461115 CEST | 49708 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:08.161474943 CEST | 443 | 49708 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:08.598742008 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Aug 29, 2024 22:23:08.919286966 CEST | 443 | 49708 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:08.919367075 CEST | 49708 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:08.920476913 CEST | 49708 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:08.920490980 CEST | 443 | 49708 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:08.920686007 CEST | 443 | 49708 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:08.921725035 CEST | 49708 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:08.921762943 CEST | 443 | 49708 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:08.921818972 CEST | 49708 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:08.973316908 CEST | 49709 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:08.973342896 CEST | 443 | 49709 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:08.973433971 CEST | 49709 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:08.973625898 CEST | 49709 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:08.973638058 CEST | 443 | 49709 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:09.775644064 CEST | 443 | 49709 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:09.775724888 CEST | 49709 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:09.776978016 CEST | 49709 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:09.776988029 CEST | 443 | 49709 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:09.777193069 CEST | 443 | 49709 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:09.778223991 CEST | 49709 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:09.778263092 CEST | 443 | 49709 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:09.778321028 CEST | 49709 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:10.014442921 CEST | 49710 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:10.014478922 CEST | 443 | 49710 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:10.014584064 CEST | 49710 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:10.014843941 CEST | 49710 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:10.014857054 CEST | 443 | 49710 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:10.774523973 CEST | 443 | 49710 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:10.774605989 CEST | 49710 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:10.775871992 CEST | 49710 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:10.775883913 CEST | 443 | 49710 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:10.776086092 CEST | 443 | 49710 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:10.777267933 CEST | 49710 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:10.777304888 CEST | 443 | 49710 | 51.104.136.2 | 192.168.2.16 |
Aug 29, 2024 22:23:10.777360916 CEST | 49710 | 443 | 192.168.2.16 | 51.104.136.2 |
Aug 29, 2024 22:23:11.004781961 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Aug 29, 2024 22:23:11.335716009 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Aug 29, 2024 22:23:12.770742893 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Aug 29, 2024 22:23:15.806797981 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Aug 29, 2024 22:23:17.527848005 CEST | 49713 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:17.527903080 CEST | 443 | 49713 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:17.527986050 CEST | 49713 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:17.528366089 CEST | 49713 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:17.528378010 CEST | 443 | 49713 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:18.317003012 CEST | 443 | 49713 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:18.317080975 CEST | 49713 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:18.319103956 CEST | 49713 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:18.319116116 CEST | 443 | 49713 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:18.319361925 CEST | 443 | 49713 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:18.319921017 CEST | 49713 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:18.319921017 CEST | 49713 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:18.319951057 CEST | 443 | 49713 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:18.636647940 CEST | 443 | 49713 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:18.636667013 CEST | 443 | 49713 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:18.636697054 CEST | 443 | 49713 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:18.636739016 CEST | 49713 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:18.636753082 CEST | 443 | 49713 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:18.636768103 CEST | 443 | 49713 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:18.636785984 CEST | 49713 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:18.636835098 CEST | 49713 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:18.637228966 CEST | 49713 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:18.637228966 CEST | 49713 | 443 | 192.168.2.16 | 20.190.160.20 |
Aug 29, 2024 22:23:18.637243986 CEST | 443 | 49713 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:18.637250900 CEST | 443 | 49713 | 20.190.160.20 | 192.168.2.16 |
Aug 29, 2024 22:23:20.948744059 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Aug 29, 2024 22:23:25.410830021 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Aug 29, 2024 22:23:28.157552958 CEST | 49721 | 443 | 192.168.2.16 | 142.250.185.100 |
Aug 29, 2024 22:23:28.157602072 CEST | 443 | 49721 | 142.250.185.100 | 192.168.2.16 |
Aug 29, 2024 22:23:28.157681942 CEST | 49721 | 443 | 192.168.2.16 | 142.250.185.100 |
Aug 29, 2024 22:23:28.157996893 CEST | 49721 | 443 | 192.168.2.16 | 142.250.185.100 |
Aug 29, 2024 22:23:28.158011913 CEST | 443 | 49721 | 142.250.185.100 | 192.168.2.16 |
Aug 29, 2024 22:23:28.793468952 CEST | 443 | 49721 | 142.250.185.100 | 192.168.2.16 |
Aug 29, 2024 22:23:28.793751001 CEST | 49721 | 443 | 192.168.2.16 | 142.250.185.100 |
Aug 29, 2024 22:23:28.793771982 CEST | 443 | 49721 | 142.250.185.100 | 192.168.2.16 |
Aug 29, 2024 22:23:28.794621944 CEST | 443 | 49721 | 142.250.185.100 | 192.168.2.16 |
Aug 29, 2024 22:23:28.794688940 CEST | 49721 | 443 | 192.168.2.16 | 142.250.185.100 |
Aug 29, 2024 22:23:28.795757055 CEST | 49721 | 443 | 192.168.2.16 | 142.250.185.100 |
Aug 29, 2024 22:23:28.795815945 CEST | 443 | 49721 | 142.250.185.100 | 192.168.2.16 |
Aug 29, 2024 22:23:28.848759890 CEST | 49721 | 443 | 192.168.2.16 | 142.250.185.100 |
Aug 29, 2024 22:23:28.848768950 CEST | 443 | 49721 | 142.250.185.100 | 192.168.2.16 |
Aug 29, 2024 22:23:28.896764040 CEST | 49721 | 443 | 192.168.2.16 | 142.250.185.100 |
Aug 29, 2024 22:23:38.708329916 CEST | 443 | 49721 | 142.250.185.100 | 192.168.2.16 |
Aug 29, 2024 22:23:38.708395004 CEST | 443 | 49721 | 142.250.185.100 | 192.168.2.16 |
Aug 29, 2024 22:23:38.708458900 CEST | 49721 | 443 | 192.168.2.16 | 142.250.185.100 |
Aug 29, 2024 22:23:39.657336950 CEST | 49721 | 443 | 192.168.2.16 | 142.250.185.100 |
Aug 29, 2024 22:23:39.657368898 CEST | 443 | 49721 | 142.250.185.100 | 192.168.2.16 |
Aug 29, 2024 22:23:40.296108961 CEST | 49722 | 443 | 192.168.2.16 | 20.12.23.50 |
Aug 29, 2024 22:23:40.296148062 CEST | 443 | 49722 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:40.296242952 CEST | 49722 | 443 | 192.168.2.16 | 20.12.23.50 |
Aug 29, 2024 22:23:40.297166109 CEST | 49722 | 443 | 192.168.2.16 | 20.12.23.50 |
Aug 29, 2024 22:23:40.297180891 CEST | 443 | 49722 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:40.886610031 CEST | 443 | 49722 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:40.886804104 CEST | 49722 | 443 | 192.168.2.16 | 20.12.23.50 |
Aug 29, 2024 22:23:40.888310909 CEST | 49722 | 443 | 192.168.2.16 | 20.12.23.50 |
Aug 29, 2024 22:23:40.888319016 CEST | 443 | 49722 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:40.888554096 CEST | 443 | 49722 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:40.889969110 CEST | 49722 | 443 | 192.168.2.16 | 20.12.23.50 |
Aug 29, 2024 22:23:40.932509899 CEST | 443 | 49722 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:41.092298031 CEST | 443 | 49722 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:41.092339993 CEST | 443 | 49722 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:41.092355967 CEST | 443 | 49722 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:41.092478991 CEST | 49722 | 443 | 192.168.2.16 | 20.12.23.50 |
Aug 29, 2024 22:23:41.092499018 CEST | 443 | 49722 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:41.092581034 CEST | 49722 | 443 | 192.168.2.16 | 20.12.23.50 |
Aug 29, 2024 22:23:41.093156099 CEST | 443 | 49722 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:41.093200922 CEST | 443 | 49722 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:41.093225002 CEST | 443 | 49722 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:41.093228102 CEST | 49722 | 443 | 192.168.2.16 | 20.12.23.50 |
Aug 29, 2024 22:23:41.093278885 CEST | 49722 | 443 | 192.168.2.16 | 20.12.23.50 |
Aug 29, 2024 22:23:41.102135897 CEST | 49722 | 443 | 192.168.2.16 | 20.12.23.50 |
Aug 29, 2024 22:23:41.102150917 CEST | 443 | 49722 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:23:41.102160931 CEST | 49722 | 443 | 192.168.2.16 | 20.12.23.50 |
Aug 29, 2024 22:23:41.102166891 CEST | 443 | 49722 | 20.12.23.50 | 192.168.2.16 |
Aug 29, 2024 22:24:28.221227884 CEST | 49724 | 443 | 192.168.2.16 | 172.217.16.132 |
Aug 29, 2024 22:24:28.221283913 CEST | 443 | 49724 | 172.217.16.132 | 192.168.2.16 |
Aug 29, 2024 22:24:28.221402884 CEST | 49724 | 443 | 192.168.2.16 | 172.217.16.132 |
Aug 29, 2024 22:24:28.221632957 CEST | 49724 | 443 | 192.168.2.16 | 172.217.16.132 |
Aug 29, 2024 22:24:28.221647024 CEST | 443 | 49724 | 172.217.16.132 | 192.168.2.16 |
Aug 29, 2024 22:24:28.850538015 CEST | 443 | 49724 | 172.217.16.132 | 192.168.2.16 |
Aug 29, 2024 22:24:28.850991011 CEST | 49724 | 443 | 192.168.2.16 | 172.217.16.132 |
Aug 29, 2024 22:24:28.851012945 CEST | 443 | 49724 | 172.217.16.132 | 192.168.2.16 |
Aug 29, 2024 22:24:28.851352930 CEST | 443 | 49724 | 172.217.16.132 | 192.168.2.16 |
Aug 29, 2024 22:24:28.851758003 CEST | 49724 | 443 | 192.168.2.16 | 172.217.16.132 |
Aug 29, 2024 22:24:28.851816893 CEST | 443 | 49724 | 172.217.16.132 | 192.168.2.16 |
Aug 29, 2024 22:24:28.897922039 CEST | 49724 | 443 | 192.168.2.16 | 172.217.16.132 |
Aug 29, 2024 22:24:38.944309950 CEST | 443 | 49724 | 172.217.16.132 | 192.168.2.16 |
Aug 29, 2024 22:24:38.944376945 CEST | 443 | 49724 | 172.217.16.132 | 192.168.2.16 |
Aug 29, 2024 22:24:38.944578886 CEST | 49724 | 443 | 192.168.2.16 | 172.217.16.132 |
Aug 29, 2024 22:24:39.663186073 CEST | 49724 | 443 | 192.168.2.16 | 172.217.16.132 |
Aug 29, 2024 22:24:39.663216114 CEST | 443 | 49724 | 172.217.16.132 | 192.168.2.16 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 29, 2024 22:23:23.321640015 CEST | 53 | 50029 | 1.1.1.1 | 192.168.2.16 |
Aug 29, 2024 22:23:23.461574078 CEST | 53 | 64438 | 1.1.1.1 | 192.168.2.16 |
Aug 29, 2024 22:23:24.425908089 CEST | 53 | 59289 | 1.1.1.1 | 192.168.2.16 |
Aug 29, 2024 22:23:28.149847031 CEST | 50736 | 53 | 192.168.2.16 | 1.1.1.1 |
Aug 29, 2024 22:23:28.149990082 CEST | 60595 | 53 | 192.168.2.16 | 1.1.1.1 |
Aug 29, 2024 22:23:28.156593084 CEST | 53 | 50736 | 1.1.1.1 | 192.168.2.16 |
Aug 29, 2024 22:23:28.156743050 CEST | 53 | 60595 | 1.1.1.1 | 192.168.2.16 |
Aug 29, 2024 22:23:41.434932947 CEST | 53 | 56966 | 1.1.1.1 | 192.168.2.16 |
Aug 29, 2024 22:23:58.162542105 CEST | 138 | 138 | 192.168.2.16 | 192.168.2.255 |
Aug 29, 2024 22:24:00.997261047 CEST | 53 | 61723 | 1.1.1.1 | 192.168.2.16 |
Aug 29, 2024 22:24:21.681196928 CEST | 137 | 137 | 192.168.2.16 | 192.168.2.255 |
Aug 29, 2024 22:24:22.438018084 CEST | 137 | 137 | 192.168.2.16 | 192.168.2.255 |
Aug 29, 2024 22:24:23.200004101 CEST | 137 | 137 | 192.168.2.16 | 192.168.2.255 |
Aug 29, 2024 22:24:23.323210955 CEST | 53 | 55883 | 1.1.1.1 | 192.168.2.16 |
Aug 29, 2024 22:24:23.351691961 CEST | 53 | 56515 | 1.1.1.1 | 192.168.2.16 |
Aug 29, 2024 22:24:28.212655067 CEST | 56137 | 53 | 192.168.2.16 | 1.1.1.1 |
Aug 29, 2024 22:24:28.212811947 CEST | 55163 | 53 | 192.168.2.16 | 1.1.1.1 |
Aug 29, 2024 22:24:28.220208883 CEST | 53 | 56137 | 1.1.1.1 | 192.168.2.16 |
Aug 29, 2024 22:24:28.220227003 CEST | 53 | 55163 | 1.1.1.1 | 192.168.2.16 |
Aug 29, 2024 22:24:51.310882092 CEST | 53 | 56970 | 1.1.1.1 | 192.168.2.16 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Aug 29, 2024 22:23:28.149847031 CEST | 192.168.2.16 | 1.1.1.1 | 0x4c60 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Aug 29, 2024 22:23:28.149990082 CEST | 192.168.2.16 | 1.1.1.1 | 0x789f | Standard query (0) | 65 | IN (0x0001) | false | |
Aug 29, 2024 22:24:28.212655067 CEST | 192.168.2.16 | 1.1.1.1 | 0xe961 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Aug 29, 2024 22:24:28.212811947 CEST | 192.168.2.16 | 1.1.1.1 | 0x8fa | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Aug 29, 2024 22:23:28.156593084 CEST | 1.1.1.1 | 192.168.2.16 | 0x4c60 | No error (0) | 142.250.185.100 | A (IP address) | IN (0x0001) | false | ||
Aug 29, 2024 22:23:28.156743050 CEST | 1.1.1.1 | 192.168.2.16 | 0x789f | No error (0) | 65 | IN (0x0001) | false | |||
Aug 29, 2024 22:24:28.220208883 CEST | 1.1.1.1 | 192.168.2.16 | 0xe961 | No error (0) | 172.217.16.132 | A (IP address) | IN (0x0001) | false | ||
Aug 29, 2024 22:24:28.220227003 CEST | 1.1.1.1 | 192.168.2.16 | 0x8fa | No error (0) | 65 | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.16 | 49699 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 20:23:00 UTC | 161 | OUT | |
2024-08-29 20:23:00 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.16 | 49700 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 20:23:01 UTC | 239 | OUT | |
2024-08-29 20:23:01 UTC | 515 | IN | |
2024-08-29 20:23:01 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.16 | 49702 | 20.12.23.50 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 20:23:03 UTC | 306 | OUT | |
2024-08-29 20:23:03 UTC | 560 | IN | |
2024-08-29 20:23:03 UTC | 15824 | IN | |
2024-08-29 20:23:03 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.16 | 49703 | 20.190.160.20 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 20:23:04 UTC | 422 | OUT | |
2024-08-29 20:23:04 UTC | 3592 | OUT | |
2024-08-29 20:23:05 UTC | 569 | IN | |
2024-08-29 20:23:05 UTC | 11389 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.16 | 49704 | 20.190.160.20 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 20:23:06 UTC | 422 | OUT | |
2024-08-29 20:23:06 UTC | 4710 | OUT | |
2024-08-29 20:23:06 UTC | 569 | IN | |
2024-08-29 20:23:06 UTC | 10173 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.16 | 49705 | 20.190.160.20 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 20:23:06 UTC | 422 | OUT | |
2024-08-29 20:23:06 UTC | 4775 | OUT | |
2024-08-29 20:23:06 UTC | 569 | IN | |
2024-08-29 20:23:06 UTC | 11409 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.16 | 49713 | 20.190.160.20 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 20:23:18 UTC | 422 | OUT | |
2024-08-29 20:23:18 UTC | 4762 | OUT | |
2024-08-29 20:23:18 UTC | 569 | IN | |
2024-08-29 20:23:18 UTC | 10197 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.16 | 49722 | 20.12.23.50 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 20:23:40 UTC | 306 | OUT | |
2024-08-29 20:23:41 UTC | 560 | IN | |
2024-08-29 20:23:41 UTC | 15824 | IN | |
2024-08-29 20:23:41 UTC | 14181 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 16:22:52 |
Start date: | 29/08/2024 |
Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x860000 |
File size: | 34'446'744 bytes |
MD5 hash: | 91A5292942864110ED734005B7E005C0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 14 |
Start time: | 16:23:16 |
Start date: | 29/08/2024 |
Path: | C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff606100000 |
File size: | 710'048 bytes |
MD5 hash: | EC652BEDD90E089D9406AFED89A8A8BD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 16 |
Start time: | 16:23:21 |
Start date: | 29/08/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 17 |
Start time: | 16:23:22 |
Start date: | 29/08/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 21 |
Start time: | 16:24:09 |
Start date: | 29/08/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 22 |
Start time: | 16:24:09 |
Start date: | 29/08/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 24 |
Start time: | 16:24:29 |
Start date: | 29/08/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6789c0000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |