Windows
Analysis Report
phish_alert_sp2_2.0.0.0 (1).eml
Overview
General Information
Detection
Score: | 3 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
- OUTLOOK.EXE (PID: 7040 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\OUTLO OK.EXE" /e ml "C:\Use rs\user\De sktop\phis h_alert_sp 2_2.0.0.0 (1).eml" MD5: 91A5292942864110ED734005B7E005C0) - ai.exe (PID: 6272 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\vfs\ ProgramFil esCommonX6 4\Microsof t Shared\O ffice16\ai .exe" "A69 262BD-972A -439F-8F24 -67447AB18 661" "C3AB 50F0-727C- 4A88-A596- 606E518DBB B6" "7040" "C:\Progr am Files ( x86)\Micro soft Offic e\Root\Off ice16\OUTL OOK.EXE" " WordCombin edFloatieL reOnline.o nnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD) - chrome.exe (PID: 5084 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// urldefense .com/v3/__ https:/CSI .ehr.com/E SS/Home/lo gin.aspx__ ;!!I_DbfM1 H!FxDBk8DM cpw5OXYCqK kISH0uaoP0 65SN2SYB_X xiNepI0qFx -WQxUIjEsr V18ztByJsf ZvMsFl7b7p uipavwPEvN sLo$ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 3728 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2064 --fi eld-trial- handle=198 0,i,919710 3636515015 310,580832 9998760959 994,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Memory has grown: |
Source: | HTTP traffic: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window found: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 12 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 1 Extra Window Memory Injection | 1 Extra Window Memory Injection | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
urldefense.com | 52.204.90.22 | true | false | unknown | |
s-part-0017.t-0009.fb-t-msedge.net | 13.107.253.45 | true | false | unknown | |
s-part-0017.t-0009.t-msedge.net | 13.107.246.45 | true | false | unknown | |
www.google.com | 216.58.212.164 | true | false | unknown | |
csi.ehr.com | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
false | unknown | ||
false | unknown | ||
false | unknown | ||
false | unknown | ||
false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
13.107.246.45 | s-part-0017.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
13.107.253.45 | s-part-0017.t-0009.fb-t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
52.204.90.22 | urldefense.com | United States | 14618 | AMAZON-AESUS | false |
IP |
---|
192.168.2.16 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1524423 |
Start date and time: | 2024-10-02 18:59:02 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 44s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 12 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | phish_alert_sp2_2.0.0.0 (1).eml |
Detection: | CLEAN |
Classification: | clean3.winEML@18/34@8/5 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 199.232.214.172, 93.184.221.240, 52.113.194.132, 52.109.68.129, 2.19.126.160, 2.19.126.151, 20.189.173.11, 172.217.16.195, 172.217.16.142, 142.250.185.142, 173.194.76.84, 142.251.168.84, 34.104.35.123, 172.217.23.106, 216.58.206.67
- Excluded domains from analysis (whitelisted): omex.cdn.office.net, azurefd-t-fb-prod.trafficmanager.net, slscr.update.microsoft.com, clientservices.googleapis.com, eur.roaming1.live.com.akadns.net, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, clients2.google.com, onedscolprdwus10.westus.cloudapp.azure.com, login.live.com, star-azurefd-prod.trafficmanager.net, frc-azsc-000.roaming.officeapps.live.com, a1864.dscd.akamai.net, ecs.office.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, fonts.gstatic.com, osiprod-frc-buff-azsc-000.francecentral.cloudapp.azure.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, s-0005.s-msedge.net, ecs.office.trafficmanager.net, clients.l.google.com, omex.cdn.office.net.akamaized.net, mobile.events.data.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: phish_alert_sp2_2.0.0.0 (1).eml
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
239.255.255.250 | Get hash | malicious | Credential Flusher | Browse | ||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
13.107.246.45 | Get hash | malicious | HTMLPhisher | Browse |
| |
13.107.253.45 | Get hash | malicious | EvilProxy | Browse | ||
Get hash | malicious | EvilProxy | Browse | |||
Get hash | malicious | EvilProxy, HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
52.204.90.22 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Tycoon2FA | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
www.google.com | Get hash | malicious | Credential Flusher | Browse |
| |
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
s-part-0017.t-0009.t-msedge.net | Get hash | malicious | XRed | Browse |
| |
Get hash | malicious | Babadeda | Browse |
| ||
Get hash | malicious | HtmlDropper | Browse |
| ||
Get hash | malicious | EvilProxy | Browse |
| ||
Get hash | malicious | EvilProxy | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | EvilProxy, HTMLPhisher | Browse |
| ||
urldefense.com | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
s-part-0017.t-0009.fb-t-msedge.net | Get hash | malicious | EvilProxy | Browse |
| |
Get hash | malicious | EvilProxy | Browse |
| ||
Get hash | malicious | EvilProxy, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
AMAZON-AESUS | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Rhysida | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
|
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 231348 |
Entropy (8bit): | 4.396080317052499 |
Encrypted: | false |
SSDEEP: | 1536:UHVYLq7gsU+dSSaUx7gs+fNcAz79ysQqt2uXi0qoQDDrcm0FvIYUyww4tNbQgAkQ:XGgb7mgPmiGu2cqoQnrt0FvXAboy/nU |
MD5: | AB1466AEB4E551B58FDBDC10BB9B4DA2 |
SHA1: | 830A236817C7BFEB6A5417E1E96DC3A0A66CAC69 |
SHA-256: | 3265490832CE8601B11A2C87B302B66BBB504A2503D5CD948AA8193C90BCA5CE |
SHA-512: | 8C1666B8B7C50E6A9008D6D4164DAC78A989F087FE8EA6DE46EFAC34F86FCA55AF4DC7AE295C09CDBBD1ED3D1D8BA4C7F03C5D5E5361585608EBE58B47DE9172 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 322260 |
Entropy (8bit): | 4.000299760592446 |
Encrypted: | false |
SSDEEP: | 6144:dztCFLNyoAHq5Rv2SCtUTnRe4N2+A/3oKBL37GZbTSB+pMZIrh:HMLgvKz9CtgRemO3oUHi3SBSMZIl |
MD5: | CC90D669144261B198DEAD45AA266572 |
SHA1: | EF164048A8BC8BD3A015CF63E78BDAC720071305 |
SHA-256: | 89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899 |
SHA-512: | 16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 10 |
Entropy (8bit): | 2.1219280948873624 |
Encrypted: | false |
SSDEEP: | 3:LCfdWdWn:uUUn |
MD5: | ABB6DFD8479B95B2BE0A3A7C59AFBD77 |
SHA1: | C8E1E2AF6908BBDA9B61105465FBC0FE4F3EF6B3 |
SHA-256: | E77118D67B02F024D12C9005FA50592875E35F94A20159CFDF4A3E311EAF0DC9 |
SHA-512: | 2BF0180E3BC29BDDE8B609BB5E396AB300B04A130E767AF75EEEF2D5F81FC8765590F21EB1CD95F0CAE110EBA6DE8FEC4B3051A5931D16035158817D9945BFD5 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4096 |
Entropy (8bit): | 0.09304735440217722 |
Encrypted: | false |
SSDEEP: | 3:lSWFN3l/klslpEl9Xll:l9F8E+9 |
MD5: | D0DE7DB24F7B0C0FE636B34E253F1562 |
SHA1: | 6EF2957FDEDDC3EB84974F136C22E39553287B80 |
SHA-256: | B6DC74E4A39FFA38ED8C93D58AADEB7E7A0674DAC1152AF413E9DA7313ADE6ED |
SHA-512: | 42D00510CD9771CE63D44991EA10C10C8FBCF69DF08819D60B7F8E7B0F9B1D385AE26912C847A024D1D127EC098904784147218869AE8D2050BCE9B306DB2DDE |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4616 |
Entropy (8bit): | 0.1384465837476566 |
Encrypted: | false |
SSDEEP: | 3:7FEG2l+C7/El/FllkpMRgSWbNFl/sl+ltlslN04l9XllC5:7+/lLzSg9bNFlEs1E39K5 |
MD5: | 340A8363B5707D29C19B240633E2D8FC |
SHA1: | FB5CD4560C22D893A46A0F378D82837A0CA8DE64 |
SHA-256: | 0598E43B3D7767A994B2080B6AA2A11293340CAA762DA80A31B26953928E9502 |
SHA-512: | 0AFF02DA15DCECE0A99526FC4A8C78D5745F17EB97D5B87BC73756491BB1D2D0FDE09A7DB2F137FF99F326F4BF365DEBC6DA0B567361057033C3B6AC82FA9B15 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.04482848510499482 |
Encrypted: | false |
SSDEEP: | 3:G4l2Ls5hcQfLA/tl2Ls5hcQfLAntl8lL9//Xlvlll1lllwlvlllglbXdbllAlldc:G4l2aBA1l2aBAEL9XXPH4l942U |
MD5: | C8AC62C2E631389EEEF2ED87764AB1F4 |
SHA1: | B4B62E5F07130A1AA500E78BDEF7EA6FDF05C2A1 |
SHA-256: | BFBC61CC18ED4530153E61E9BD4D6A3119F11605D8307705FD1DABFEBBF6D1A3 |
SHA-512: | 88A9DE0AA92229F5F158FE68394A771BCBDCE6A60F771F107AE5F05E937314BE6FCD17C1AE5BFEF16CD447793E3C06F187DC430CD9284007B7981C07629AE62C |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 45352 |
Entropy (8bit): | 0.39473882468486904 |
Encrypted: | false |
SSDEEP: | 24:Kol67Q4fQMIzRD6Eill7DBtDi4kZERD6YBxqt8VtbDBtDi4kZERDIAo0:H67PQjtill7DYM1xO8VFDYM |
MD5: | 6A80222C184BAB51F73ADC20EC4984E6 |
SHA1: | A1381785C1C1D5A7EF16C46410CDE72DEC63FE10 |
SHA-256: | 05C7F416D9FF6FEE23AD7E86F4E489F8BAE7430F5AE80DDCB5FCD824D6B415A2 |
SHA-512: | 46BC52D24C9CB28F3F86BD087AAA2FA0E73520BAE01AC2EAACDCAD321E69A8A63D5A0EC0193694BAF20E3000BDC5F04F27C6A3666F9F80DE54D1BCD2F81A4605 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 135461 |
Entropy (8bit): | 7.992837219626457 |
Encrypted: | true |
SSDEEP: | 3072:x/3znaMpEeq23doB8uz9ShrtkfyPCX8VAr1Rs9V:xPZCcoB8uxSh2KjerrsX |
MD5: | 217033C0DD70C6101385FB3B4B4BBAC3 |
SHA1: | 2D8EF06960F405F000C7E09C8EAF1E669EE91D2F |
SHA-256: | 7432B1F925D22A87AF6DAFAF6C7900E79A73E8299AA2D755A0944E9F39D41299 |
SHA-512: | 84D2DA70A742D0CB26591D7A3B77CF9A34F32F3828EB21E80B5B86AE0D78B765F2234F1A728AF032F03FF1EF2F2706A18817EE430DDFE0FBAA0B60C7FEB22C9E |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 7122 |
Entropy (8bit): | 7.938577738210982 |
Encrypted: | false |
SSDEEP: | 192:tajUi26T5R062bozihx83F/HKrO6jDKa+g:MjUi2N62boekxKi6nKTg |
MD5: | E2DFE5AD536EBD6FAF5977A3ACFFB8D4 |
SHA1: | 34BB385477E015EF393572E76AE264ADCDA00429 |
SHA-256: | 8FC6D5A8AB9AD2445B5123F4851F8E5F4B08683C72086DA4D23688000896ACBE |
SHA-512: | 0211DEC822BE40E68887D752B07D6316E388028BDE927DFCB01549533947FE19FF78D9664146BAD2D6BE3B433A7DF0CFD2657C84D8F78F72A1816C5209683988 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{F0385F14-37D8-4E90-B012-F70CEA88627B}.tmp
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 7424 |
Entropy (8bit): | 3.4869756012482642 |
Encrypted: | false |
SSDEEP: | 96:Jt/q9Xr8o4wGIPggggbrX2wKcQ5DxDMknD2PI7WwKIYFmJOhw5LxYYYYL0hfUwK:LA8oVYx5ivxN+OMJx |
MD5: | 93C622CB3784143A5B3ECA5B16063D41 |
SHA1: | 7CD3024B362B1B636204BC1C6A4A994211CEEEC1 |
SHA-256: | 757D878F62FEC72CCF0A8321314FED2E8931398A3BD9BF288FB4F0491A8F6491 |
SHA-512: | 408510B8CA2C8F6C8603FA886CE90A33980E91DDA7A08AFEAC6161DFC9DD470DE37A67DDB3C22675424B14C5E603E21E550A0FFE597AE3726170AD9F8A73EE4D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1727888379313153900_76DC01A7-67D3-4217-A241-867320A5E178.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.16150776164137026 |
Encrypted: | false |
SSDEEP: | 3072:JcSBnY/OrCcCglSFOAffKJBBN3s83kIM3x4B0SZWqz8+:pY/iR |
MD5: | 56407F7DD6809374892069965452A567 |
SHA1: | 25A4FFCE8D7F3F23492EC6878EB2C0C02C1A90D5 |
SHA-256: | 8361E68CD08581C3329B6DDD8C676939DE8C19222D9EC204550040DB94AC6A42 |
SHA-512: | 98B8231BC14943181601011B37BE825EDCEE4007B575F6D85D3A2F1FA03964853D0E9003A221723EC9CBAD9C5CD01B21603E6EDCB18C55F910610D805AE5CDAB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1727888379313840300_76DC01A7-67D3-4217-A241-867320A5E178.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | 8F4E33F3DC3E414FF94E5FB6905CBA8C |
SHA1: | 9674344C90C2F0646F0B78026E127C9B86E3AD77 |
SHA-256: | CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC |
SHA-512: | 7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241002T1259380898-7040.etl
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 94208 |
Entropy (8bit): | 4.466382174096268 |
Encrypted: | false |
SSDEEP: | 768:2EAwzoqt4NUqCiSyo+Fz4Q5L9PO3+WpvyXgQo:bh04Q5L9PO3+2aXJo |
MD5: | 23FB224BD9869024C6CAAB08F9C7168C |
SHA1: | 312652E820F09B88F100FDC67F018CDB9FA4FE79 |
SHA-256: | CBF34B9D06822F611ABD2CE15161824A0898D19832BC898381341BDB8780992C |
SHA-512: | 70AC2D406C978CCE8EA8D5D0AC98BDBE763EF99421AFBF80A04BF84654806B84ED08DA5F9CFA9EDD627318CEC8198575523F0BD7FE615F7C80EF5C3310C660D1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4389 |
Entropy (8bit): | 7.929348014766379 |
Encrypted: | false |
SSDEEP: | 96:ExpWgcijyDYbUdaau3i5iHxGk54xdAzRRABiyjYugOmd:MlRb/ayHHXmdAFSZ78 |
MD5: | BAD6E29A274D1DF6BE0DB22A8A5AC0C1 |
SHA1: | 7C3AB8B5224B1EB987CAC8EE7D32E62F7DB02A97 |
SHA-256: | 06AE0C4CCC6CCA82388FAAE8D560D3849DCB1D498150CA248FEC2210A1BB9A8D |
SHA-512: | BDA32B1F8A404D6360209C493C439368DEB36B5CC2708B03F347625DE17669D13CE421B94CA5F2CB59916FCA1C30E2CDF6602E61CBF92BED1CA46C8D3C11A47F |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 1.2389205950315936 |
Encrypted: | false |
SSDEEP: | 3:NBl7tt:17t |
MD5: | 46ED398A6B327D2420345D2BA60F05CF |
SHA1: | 923BB2CCD4AE6144AB171C56E704645242DD7557 |
SHA-256: | EE4B8F5EB8F9F1F8ED12A895045F8C8146140A25B9305DDC1AF50882C37E19F9 |
SHA-512: | 1952B2D34E3E7B63BF1CA5F1A50E775AE632C770F5EC598F40AD3B9395A8778033563917EA19A6139160D23C59FB0D0D0E74823700D6D2E6B0CBD7DEE167AC33 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 16384 |
Entropy (8bit): | 0.6696506080367315 |
Encrypted: | false |
SSDEEP: | 12:rl3baFqKEqLKeTy2MyheC8T23BMyhe+S7wzQP9zNMyhe+S7xMyheCXzStp:ryXmnq1Py961XzS |
MD5: | E999CCF7880FE3DBFF3A188C6FE3AC96 |
SHA1: | 17C0A099D5811EFC7E1DBAE5D28B15267F755C54 |
SHA-256: | 8DD07B004963C9E0A7DEC4509CDFFD51F08D4D4D48B0556EAAE618D4B6C84229 |
SHA-512: | A189D8905755EA6756E3EF2299BF2C101C40889E96056CADD1C41292EB6FF788014C778ED5CDACA1D3A16D1D32B885B45FEA1A521C1DE69BF6D5250A868BF306 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.99320421198241 |
Encrypted: | false |
SSDEEP: | 48:8hOdaCT6uFlHxDOidAKZdA1FehwiZUklqehVy+3:8y7fo2y |
MD5: | 70790127C4DD812FE33EE50272815F10 |
SHA1: | 886BDA203E03840A39FF5DD899D8932FC7408389 |
SHA-256: | EA88CFFAB92EF26863BB511070F098B7AD3CE2F687217360E3A5B0E37015F6A3 |
SHA-512: | 0D6D3873FBE0FF7A579AE986377BE4F43D36B9CB6A02077AE565AAFDA387397B0D3C640754DC58E8E693E7B9C94F477F4461C17CFB94C74387776111B5B905E5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 4.007626590008504 |
Encrypted: | false |
SSDEEP: | 48:8kgOdaCT6uFlHxDOidAKZdA1seh/iZUkAQkqehmy+2:8A7fe9Qry |
MD5: | 8286693AE2D79225AA6420F49CFCD3C8 |
SHA1: | ADEE7378D43153059933CD1D17ACBFAC80DB37E2 |
SHA-256: | 7A46B5718164F1B75851D61791C7B95989B217E31BAAD4F4B78D4EFFDDBF1585 |
SHA-512: | 06316DCDFA6642D81EE695D2086843E7E5F8638AB4A58CC01596A89445166890B5A5FBE1D7B31772EF0BB088AA9CDDEFEF9F6FA2180DA12B57940D1879725F08 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.012768235706682 |
Encrypted: | false |
SSDEEP: | 48:8iOdaCT6uFAHxDOidAKZdA14meh7sFiZUkmgqeh7sMy+BX:8d786nyy |
MD5: | 6F51E5762A59EB0452D34B0BF274AE7D |
SHA1: | 9ED9B6B3A345045398FAFCAB6FC5241E3337B4E1 |
SHA-256: | 2FB01F569B2D07BDC6AC21FCC20C43F05649C3B467CC8CE6B93CDD927CDFD44D |
SHA-512: | 5131245275DE24DF84755E9AD8EA8A39AFBD5D2CBA9550B8314649505436495A680766766E277F41282008435439C36F4F0D60EC888A89B6ECFC6B39D3E6F12C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 4.006499847835467 |
Encrypted: | false |
SSDEEP: | 48:8TOdaCT6uFlHxDOidAKZdA1TehDiZUkwqeh6y+R:847fVUy |
MD5: | D71F03A6EF090555C94E49E0CE94D8F4 |
SHA1: | B533DAEDD150BC7FC1E27F9F220B31C0CA25277C |
SHA-256: | A696EC9943242622263C2C2229414FDF5B2C65434860A30484551ED309EAD95E |
SHA-512: | C70E12D4EE9E10FD3E7FA6CCB6991205FAFA5011A1FDE18BCC2DFEA8C9DFEC36A541F4819A12F847D049325AE290BE5300E4FAF492C359475E7C6E3C07164B52 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.994149235298981 |
Encrypted: | false |
SSDEEP: | 48:8LOdaCT6uFlHxDOidAKZdA1dehBiZUk1W1qeh4y+C:8w7fl9Yy |
MD5: | 5AD60D53482582B70E1484F496182C27 |
SHA1: | 31F84E4EF1190C38179FF9D43178D52BFBAD1567 |
SHA-256: | 0004B504F2B08D2EFED705D1C2EE4B950C1641F7E60CD9CB2BF6D8BE2E6B808D |
SHA-512: | AAB19D658F7B7F84991A970B4C9E3259A0A338781E6DAFD4A2AC077974ABB395BCDAB918BA07B79411E555C2440E0420311A1DCA21FA64A94A701AE184FD172A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 4.002230315989832 |
Encrypted: | false |
SSDEEP: | 48:8yGOdaCT6uFlHxDOidAKZdA1duTeehOuTbbiZUk5OjqehOuTbyy+yT+:827fNTfTbxWOvTbyy7T |
MD5: | F239ED6E455DD0457347BC153166CC38 |
SHA1: | 7F569D0B6D9685F1C28F6CD4F01FAEC9F48E0253 |
SHA-256: | 88E50188F99B2CFE9F9AEAC84F2CB40ABD1E04AB0E56AE25F78706E337214E47 |
SHA-512: | 65FD87760F5C1D8EA121E781DB157E4C30D1F9E979A68BE329D99D9EAF0E727A46466AC9F9B901F1A68ACEC6F40A9B1614D25EBC59FD9CF575422E323A69499A |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2302976 |
Entropy (8bit): | 0.12475287528314132 |
Encrypted: | false |
SSDEEP: | 384:LcWIjc5j5Za4vUUU9gOd7L5hINagF7Y577028aNzYsp/z:gWQcsXNfZ+21Nvpr |
MD5: | 796D69EBAB308EDCE1DD00F8FAD83BD5 |
SHA1: | 8846345737CDE47D6EAECABF4DA4D385CF0050B3 |
SHA-256: | 061A487ECBF678B2EF4CE3D315EF92DF5AD3723955054C20A8331C97B95C9042 |
SHA-512: | 49C1D8DF9A19445744B7D1A4457032668B8FF78511D1F761F54688B38E9C20901284EC94FDEA5A7108BD712AF326CBB07AC7961A0F5B742D54BCF628B2B04329 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.033975545635838565 |
Encrypted: | false |
SSDEEP: | 6:8qnhllQ+a4/kulYO/0J0Jk+FllxlUn6/4t/0:9nq74NlYOzF/xlgM |
MD5: | B6383191E53A289DC5B3CEDFF7658632 |
SHA1: | 818AB618423762942BB05C314A245474CE16CCB7 |
SHA-256: | 41F20479F998660AC818C57B7A7FCC02C9F5F50C9EFE2BE0B3900941D0975155 |
SHA-512: | C87888969E3EE35BC2987BA2959232F4CD440D72A2AE42EC63CAE44B97C74ECF71D597D0998BBBA8CB738F8B3E1DE6C979387B5AE70E088BAB83013AF81BF1C3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 569 |
Entropy (8bit): | 4.896633254731508 |
Encrypted: | false |
SSDEEP: | 12:Uc11FP/sO6ZRoT6pHAciJkSAx/s6ZmOHc9n+5cMK00k14enEPCedG:3F8OYsKuJXYmOOk4TfenEPCD |
MD5: | 71D6A57D21337114032CA39B294F3591 |
SHA1: | ADA1D867672276F16EF4D3B8A46A519FBA8E3D4E |
SHA-256: | 36B2057EB5EEF261A2CBB8C149DCF3A11EDAA15CCD8E3D462EB34999F5FF8F2A |
SHA-512: | BC5F5B55C2741FED993D5D25A36030028C388C8888EA2D1D1F24970AEC4F856CDA366940B99D54FF2D4D9AF16DF8DE39AB847A7BA2BE0B649DE1CE2C9E70A330 |
Malicious: | false |
URL: | https://fonts.googleapis.com/icon?family=Material+Icons |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 2896 |
Entropy (8bit): | 5.273511222409118 |
Encrypted: | false |
SSDEEP: | 48:QuRAhy4ZXXxSqr8yzih3564l0w4wnqiQYn6dHYj7CbDUIaGUzwSJR5bE+Xq04A2M:7RAZXhSy2hJ64p4wnqi/6yCzUzpR5tfh |
MD5: | 90F37A76EB30C7DE122F7D69D5083E0E |
SHA1: | 71FB8CF64D08B2976DD0E882866F621749D8366D |
SHA-256: | 9EC3A698FDAF911FF786CD93073EFAD7D6C0BFC8E2BADB4BC95FA7ACB65BA1F6 |
SHA-512: | 1E4A2E3FB1BACE1E7B1EF657D7956C84C2BBEBEF6393F714834A13B7B14C73F62B05746128CC23ADDB2DDB60E352E138AC56422515C5D63BF97F34C4F2D1AE42 |
Malicious: | false |
URL: | https://csi.ehr.com/assets/index-DyLirHvO.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 28702 |
Entropy (8bit): | 5.522816737647509 |
Encrypted: | false |
SSDEEP: | 384:mp2tkCtkxS32XOMtuHsk2YlJtz8ub27Swt6zwi2SnPtJe/22m7jtVqGytIFzktQ1:n |
MD5: | 46B946DC2B2565A61D3FF830AA08FB79 |
SHA1: | DB0FD03B7ABDCB3A0B00F4A72E5436A33F425406 |
SHA-256: | 0BBA7198FA875AF494AB94C7A79086B9FC2058F21A637665D5179A81C87E4052 |
SHA-512: | 89AEEC8082940C81A5F96F2C24AE874D2D7A336EA7BD0F3CC81E73B7B4165AA69CB6C2DE2C8E3921282E3E1A3360BC0A45A93F78E72139CE31A2E5E76983D62B |
Malicious: | false |
URL: | "https://fonts.googleapis.com/css?family=Source+Sans+Pro:200,200i,300,300i,400,400i,600,600i,700,700i,900,900i" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 631 |
Entropy (8bit): | 5.033155439921193 |
Encrypted: | false |
SSDEEP: | 12:Uc11FPk+5O6Zj66pHAH6ygFg1wcw47gbSAFk+56ZmOHc9n+5cMK00k14enEPCedG:3Fs+5OYj6Ko6yIgCcw40SR+5YmOOk4T8 |
MD5: | AADB88E6BEE5E015D3ACD7DDB8B6B2D3 |
SHA1: | 0194972669FA46CEC23D18AD05FD3B983356D2CE |
SHA-256: | C49A4CC94C23577F257269D8FAD3D4D6F49ED1579C533EF733A7C10342144577 |
SHA-512: | AEB9C664CAD26E4D88DC5C9F715DA7881BDE9BBFD99B4509347144A684F424DC3C42C65651337F1A1C75DBFF8C6BD1F9C18828E9319D869500289E0D7F02359D |
Malicious: | false |
URL: | "https://fonts.googleapis.com/css2?family=Material+Symbols+Outlined:opsz,wght,FILL,GRAD@20..48,100..700,0..1,-50..200" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1373 |
Entropy (8bit): | 5.038093205720792 |
Encrypted: | false |
SSDEEP: | 24:hYOYuOFcF4yQOD6GwGq0A/SGQDGQO8qk+m1xW49CL2vHVhPWyV4N15jd/g:RbtHA6hO8AEW4wL2v7EN1Rlg |
MD5: | 931770AC515E42BD1378A93C4078F540 |
SHA1: | 53A9F02FD9C473FA097318456F9BF47010DBA732 |
SHA-256: | 39DF933ED421B30284F98F9775C0A9292C462059CAEC62B48CFB0F9AE505D135 |
SHA-512: | 98B46DB55E441700DD437BF26E6B94C3186087D995E37013EADC16135D18E17DF2B10BE0D74FF091C367C35D745D28DD5ADE639B2C99EB984128EBD8B8144078 |
Malicious: | false |
URL: | https://csi.ehr.com/ESS/Home/login.aspx |
Preview: |
File type: | |
Entropy (8bit): | 6.115805659254237 |
TrID: |
|
File name: | phish_alert_sp2_2.0.0.0 (1).eml |
File size: | 213'387 bytes |
MD5: | 66b5155055c7cc365141f659989ccd23 |
SHA1: | e893f36561b684879decda0d05a9f41b54a0c830 |
SHA256: | 201fdd96c1151af9f66613def2d889d359d6f9e8c24738d3ad7950e8bb0d247a |
SHA512: | 989aba160b91ec28b06ce076d5e9952915d8d141173d1833572bbbc82ecdb62882374ad84d12bfa5a9fbc8ab2ae1ddaca4d448b52a54a1258367e7d8da67ad38 |
SSDEEP: | 6144:jJkQzik6CLsCI2dzyQcneg3nHf+uKwwWJQ45P:tlAUdmig3nY1WJQ4N |
TLSH: | 1B2402B0B18D11970520B379B3917567F7A102D3276253A83B7C92681FCEC31A7A7E7A |
File Content Preview: | Received: from MN2PR07MB7214.namprd07.prod.outlook.com.. (2603:10b6:208:1d2::16) by BYAPR07MB5958.namprd07.prod.outlook.com with.. HTTPS; Wed, 2 Oct 2024 14:01:21 +0000..Received: from AS9PR05CA0183.eurprd05.prod.outlook.com.. (2603:10a6:20b:495::19) by M |
Subject: | ALERT - ACTION REQUIRED: Make Your Benefit Elections by 11/1/2024 |
From: | "Benefit Connect Service Center for Constellation Software Inc." <CSI.BenefitConnect@ehr.com> |
To: | Deah Paulson <deah.paulson@vontas.com> |
Cc: | |
BCC: | |
Date: | Wed, 02 Oct 2024 09:00:29 -0500 |
Communications: |
|
Attachments: |
|
Key | Value |
---|---|
Received | from n20-ob-0642vm1p (Unknown [10.207.219.27]) by N20-IT-SMTP002P.int.dir.willis.com with ESMTP ; Wed, 2 Oct 2024 14:00:29 +0000 |
Authentication-Results | spf=softfail (sender IP is 67.231.151.23) smtp.mailfrom=ehr.com; dkim=fail (body hash did not verify) header.d=ehr.com;dmarc=fail action=oreject header.from=ehr.com;compauth=none reason=451 |
Received-Spf | SoftFail (protection.outlook.com: domain of transitioning ehr.com discourages use of 67.231.151.23 as permitted sender) |
Authentication-Results-Original | ppops.net; spf=pass smtp.mailfrom=CSI.BenefitConnect@ehr.com; dkim=pass header.s=ser20220201 header.d=ehr.com; dmarc=pass header.from=ehr.com |
Dkim-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=ehr.com; h= content-type:date:from:message-id:mime-version:reply-to:subject :to; s=ser20220201; bh=P2/VgtyZxHfDNepmo92457VrNE55ZiXsyIjrFH9aN I4=; b=kLmcX6p7VRqEROslGX8JWAStb+l1Qrj68x1vsbizGp05GpkFujg3NkVw3 DNifyGs5/KYt7BzCFDjABEyoWBWzdt0yNxVbHJjkJHLnPuUV95Ew3N4PgRlIRa84 vr7nELXjkGwLoTGcHJYsH3Oh8MCubRabKcaGrAIQWMDZXHI8MntduXBROgy2VwSF docm1QQgiXOzTNELizWYK1ugEj3FH4/5i/YGaG6Zs68KBX0bG2r7dJKvEWxPVrEK 1OHaak4b4usiV9H++zBzYk2FbVsrGZzu+L3aM1VB0gUUKynziahUxTQAY/TUaTWg tHzR+VvAdSFMX+sLK19tb6KfWiYYg== |
Message-Id | <C1386920-7C7D-4CAB-A0E9-C1BE93EAB80C@N20-IT-SMTP002P.int.dir.willis.com> |
Reply-To | donotreply@ehr.com |
From | "Benefit Connect Service Center for Constellation Software Inc." <CSI.BenefitConnect@ehr.com> |
To | Deah Paulson <deah.paulson@vontas.com> |
Date | Wed, 02 Oct 2024 09:00:29 -0500 |
Subject | ALERT - ACTION REQUIRED: Make Your Benefit Elections by 11/1/2024 |
Content-Type | multipart/mixed; boundary="----sinikael-?=_1-17278866747540.3384102607974806" |
X-Proofpoint-Virus-Version | vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-02_14,2024-09-30_01,2024-09-30_01 |
X-Clx-Shades | MLX |
X-Proofpoint-Guid | MEPb1vyLtIEHWFu51L68dh_4LJKoQ7X6 |
X-Proofpoint-Orig-Guid | MEPb1vyLtIEHWFu51L68dh_4LJKoQ7X6 |
X-Clx-Response | 1TFkXGx0TEQpMehcfHBEKWUQXZ2EBW3xyH3l/W2YRClhYF3oZHBsbG2l5G2R NEQp4ThdkbFhdf0sSTmtLWhEKeEsXehkcGxsbaXkbZE0RCnlMF2tFQx5vSGtwaWgBEQpDSBcHGx gfEQpDWRcHHxkTEQpDSRcaBBoaGhEKWU0XZ2ZyEQpZSRcacRoQGncGGx8TcRkSEBp3BhgaBhoRC lleF2xseREKSUYXXEVGS1hDWXVCRVleT04RCklHF3hPTREKQ04XZ296SBtcU2ZeY29ifWxfHxtm HBJOQnUeZmBhRXsdchwRClhcFx8EGgQZHRwFGxoEGxoaBBsZHgQZHxAbHhofGhEKXlkXT2dcSGs RCk1cFxkZGxEKTFoXaXhpXU1NEQpFWRdoa2sRCkxfF3oFBQUFBQUFBQUdEQpMRhdva2tja2sRCk JPF25zUBNrYHgeHBhuEQpDWhcbHhkEHx8EGx4eBBgZHxEKQl4XGxEKQlwXGxEKXk4XGxEKQksXZ GxYXX9LEk5rS1oRCkJJF2RsWF1/SxJOa0taEQpCRRdnaRtgUl5SfQVZXhEKQk4XZGxYXX9LEk5r S1oRCkJMF2B/bFp6Xn5fS35cEQpCbBdiYWBvbEZ6a0MSaxEKQkAXZU1ST2lfYh8YHE0RCkJYF2B yaUtfXk1dWhp/EQpaWBcYEQp5QxdjZUBkRE0cQ3kBHxEKWUsXGxoeGxoRClpLFxsaHhsaEQpwZx dheWVmH0Fle0dachAbEh8RCnBoF2huSUlZH2JHSxtiEBsYGREKcGgXY0BoemtgaWx/Rm8QGRoRC nBoF2ddE115WFNgXgVAEBkaEQpwaBdkf1JPa2NGGRxoRBAZGhEKcGgXbVlQHm9eWmB4Gn4QEx8R CnBoF2tkHXBGblJ7ZVpZEBoRCnBoF218eUZ8WXl+HmNGEBwaEQpwaBdobXNOegVeR3B8YxAaEQp wfRdve0taYmBoG0kSZhAZGhEKcGMXbHBmZk1aaUhsfXMQGRoRCnBjF2AcSWBaQG8cUmFcEBsbGx EKcH8Xeh8eTBNjT04cRFIQGxkbEQpwXxdiZEZGTlxEHUkcThAZGhEKcGwXYGd+HXBhW2xuGwEQG RoRCnBDF3pmSF9ue1pvH01uEBsfHxEKbX4XGhEKWE0XSxEg |
MIME-Version | 1.0 |
X-Proofpointheader | Yes |
X-Proofpoint-Spam-Details | rule=inbound_notspam policy=inbound score=0 impostorscore=0 bulkscore=0 mlxlogscore=732 spamscore=0 adultscore=0 suspectscore=0 phishscore=0 lowpriorityscore=0 mlxscore=0 malwarescore=0 clxscore=179 priorityscore=56 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.21.0-2408220000 definitions=main-2410020102 domainage_hfrom=10410 domainage_replyto=10410 |
Return-Path | CSI.BenefitConnect@ehr.com |
X-Ms-Exchange-Organization-Expirationstarttime | 02 Oct 2024 14:01:13.6347 (UTC) |
X-Ms-Exchange-Organization-Expirationstarttimereason | OriginalSubmit |
X-Ms-Exchange-Organization-Expirationinterval | 1:00:00:00.0000000 |
X-Ms-Exchange-Organization-Expirationintervalreason | OriginalSubmit |
X-Ms-Exchange-Organization-Network-Message-Id | ad363c5c-bb0a-4116-76ff-08dce2eaad3b |
X-Eopattributedmessage | 0 |
X-Eoptenantattributedmessage | 75c696ec-5bfb-4892-9a0c-9187a9061cd6:0 |
X-Ms-Exchange-Organization-Messagedirectionality | Incoming |
X-Ms-Publictraffictype | |
X-Ms-Traffictypediagnostic | DB5PEPF00014B9D:EE_|AM7P191MB0817:EE_|MN2PR07MB7214:EE_|BYAPR07MB5958:EE_ |
X-Ms-Office365-Filtering-Correlation-Id | ad363c5c-bb0a-4116-76ff-08dce2eaad3b |
X-Ms-Exchange-Atpmessageproperties | SA|SL |
X-Ms-Exchange-Organization-Scl | -1 |
X-Microsoft-Antispam | BCL:0;ARA:13230040|82310400026|5073199012|4073199012; |
X-Forefront-Antispam-Report | CIP:67.231.151.23;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:NSPM;H:mx0d-001a4c01.pphosted.com;PTR:mx0d-001a4c01.pphosted.com;CAT:NONE;SFS:(13230040)(82310400026)(5073199012)(4073199012);DIR:INB; |
X-Ms-Exchange-Crosstenant-Originalarrivaltime | 02 Oct 2024 14:01:13.2754 (UTC) |
X-Ms-Exchange-Crosstenant-Network-Message-Id | ad363c5c-bb0a-4116-76ff-08dce2eaad3b |
X-Ms-Exchange-Crosstenant-Id | 75c696ec-5bfb-4892-9a0c-9187a9061cd6 |
X-Ms-Exchange-Crosstenant-Authsource | DB5PEPF00014B9D.eurprd02.prod.outlook.com |
X-Ms-Exchange-Crosstenant-Authas | Anonymous |
X-Ms-Exchange-Crosstenant-Fromentityheader | Internet |
X-Ms-Exchange-Transport-Crosstenantheadersstamped | AM7P191MB0817 |
X-Ms-Exchange-Organization-Authsource | DB5PEPF00014B9D.eurprd02.prod.outlook.com |
X-Ms-Exchange-Organization-Authas | Anonymous |
X-Ms-Exchange-Transport-Endtoendlatency | 00:00:08.2053729 |
X-Ms-Exchange-Processed-By-Bccfoldering | 15.20.8026.016 |
X-Microsoft-Antispam-Mailbox-Delivery | ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003); |
X-Microsoft-Antispam-Message-Info | m1gmiRuJ+elTkI3JR0CiT5hUD713+z+OJoHKgvwZtMMBjGOiEwJGHI98JWTGw6b4FM7rEre9hhdRFPZUwi7eTdVBxFrx3P6KYTTGtDPcrMgdzs/Fut9xortiE4/rb7A8h6xYy78+YvcTWlB9628YPHCzMdTAflPwHMOjdNhZMXlTWy2q/nuGBLAVBYNt5cNUlQ3Kf9iwbmBhrhu4CgO4oLL5sn3fxtYh1TPzOJRWpupojiv956JtqD+fGIV0DrYbhTHPdcHkcJUOmQgOKXAjS5NO6obB3sert8ajle16IucXYo1aoZBzVgfeMR9CbXx6QT/qdTJHDFaYgv1U9fQ8veKyB7rbfIU2rp2YDp8b9WJnSQLA2csChppMBlFo25756uFS7Dp8JhjlUWiKrFAgScRQlkMKj6hM2EsLPHXOgUi+QoN+jxsXNaWWALhx9SxCeBwrUW+w/6N24Ia81EwMVQNN1A8RuANPu+gv/zTmXiNi8fBVGrFD+Bw52GTW18w8iJCScdYBnlXoKVNmmAUgDDRKfj83mgcBRTyRqCnID12trdcVXDrg4iTe2gYLukHkjcW5rgHtfilXpfthIDxylV5wa6Snci+3yXMaN82i2D+Z69X2gHVR12cvLxVL/1J59n18xZZjqOvPrr15P1eGvjweUJ/WMFj1lThKH8ohe7hbgjSAI1lWVGiHx8hsysjm9oV7849HOSRGtjQ5O2c1SJvPo+7NlmlVvfZIoWz2eKmR2qO8jjjob2FUu3pizDiCFXPjAc/ICCOelBd+KfQz/+KJUvefd7srNbR31/v7+A882EX2uCbicvVL/Et2ECGedwxXdD3+vTKvee1POfCOjidZqU3anak3dPTY59Z5JlM/pecNWtzyWt+fguee6BrIDM+XAIcUhSH+j3ns29bugZDBsczSc2N2k/7T1YcPGPP8tRxv9Mc9XSxgo8oXUQMyAngg0n/8j1JBgJtil5Dv35Jj2ulo82Ouy8TkzQlZOmK5t1sjDObGgU/JTef0Ye9sqgchWRGcX9qWvD4+XtCCBuJn44Gj2e+PXwuayNUifzzbUkmd3KvBO+Q0ZhJkS3p4PcqM4zCeLzDqTmND8k8geU1USYB9nIZ+2XQjoJ2HxtHDIyqY5YbPBEiBNLQAvZ48yKvd+dKLgA6sIUA8OKAoJLP2dpj4fVeFoITFG9PQzM6uSZLHIpuOfhIagbWNCWqfkMx0Z0GK1kfVKDsCUmu5MRNHuXcJK8ze4+mKpWXWd6Mcfx9PEEMa2Fwl38g2hJ7H9810BWtYlNa7PWKdxGC6BKQ6Yp8mEYfvWMeJFX9HEUkTzsUXnXFaqMT1RtQxFeotK26zDIg7Dw2LxhR61LYHxqkQz4cuOuHa8aQSSGyGXVF6cNEMNTt1H8syeEWRB/NbGsk/BCwUWUOyDDVrM62UpbtVazh1mjHltX6KxiMOiO0MFks/0aRXO1ntG8C+mzmyHXzzJWjewc6h0gDTayn8Ph6YgyIWYuEPSnkroi7XBcH1v68+V8PWb6o88X/QJp4JYB/TPo6r8zwXAT/2bkFhF36aAkEu4v1jibswL1FvDh9bE5DCU2q166oyeo0JmB4so39sWbjz21C+5NzJUZfP/VJWuu4ttweCW9So+kEOTcDDmI5TNsaE7eu8erl6rLedY7tGgGEbNaf2kOCYj3DtS81WW/70bem73SbFe9F6OunUSkheQR4NkcOJW6a8+lBMibjkjpjW3JjX8Z1+L3L+P8JLwaN5h04sDQ5Y9UHBnJezask0UBxFUZuZ4WToTa4jKuZF0IKmdQ0zHDxWrJY2WKSc6OMSxYcXdKBYX81+IvO35afaW+aeAx5t/R66I5quhLsbHSmcBmECdCeZWxEKhTmoPfioXIZG6dFiVe6OQAgBggmZYpWxujdXJ50qxgcrpYNT4Xr2OMoxL9m6tyv1Kfwnc7Yw6vmOU2U+JOSdVSb6Oa3BZeJo2Delh5flAn4J3S3fOSsApx23Tw2rH8P7i+av05RXf+JDLQXn3bgLOSDEBnSFJturRnJvF/+RwvKu37txBB0vNre5bAJtM6RULlOp+Ac/FR5SQLPIDesi0Akkx828XSE4xRPeoKrzNIa0vDttBtCRy5UA5neX2MPbD91/WgUQnwTVsPTRXtDxiMsSRhFLUY2X8EKn2EKUdKqDeD40gttTqhOGY6cbqJ79M8IPGuJPNjKm6XE1qyRqrxw= |
Content-Transfer-Encoding | 7bit |
Icon Hash: | 46070c0a8e0c67d6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 2, 2024 18:59:34.621572018 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Oct 2, 2024 18:59:34.933693886 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Oct 2, 2024 18:59:35.543200970 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Oct 2, 2024 18:59:36.754532099 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Oct 2, 2024 18:59:37.158144951 CEST | 49689 | 80 | 192.168.2.16 | 192.229.211.108 |
Oct 2, 2024 18:59:39.165544987 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Oct 2, 2024 18:59:40.711287975 CEST | 49703 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 2, 2024 18:59:40.711337090 CEST | 443 | 49703 | 184.28.90.27 | 192.168.2.16 |
Oct 2, 2024 18:59:40.711409092 CEST | 49703 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 2, 2024 18:59:40.712398052 CEST | 49703 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 2, 2024 18:59:40.712416887 CEST | 443 | 49703 | 184.28.90.27 | 192.168.2.16 |
Oct 2, 2024 18:59:41.373152018 CEST | 443 | 49703 | 184.28.90.27 | 192.168.2.16 |
Oct 2, 2024 18:59:41.373244047 CEST | 49703 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 2, 2024 18:59:41.375825882 CEST | 49703 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 2, 2024 18:59:41.375837088 CEST | 443 | 49703 | 184.28.90.27 | 192.168.2.16 |
Oct 2, 2024 18:59:41.376128912 CEST | 443 | 49703 | 184.28.90.27 | 192.168.2.16 |
Oct 2, 2024 18:59:41.410038948 CEST | 49703 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 2, 2024 18:59:41.455418110 CEST | 443 | 49703 | 184.28.90.27 | 192.168.2.16 |
Oct 2, 2024 18:59:41.646290064 CEST | 443 | 49703 | 184.28.90.27 | 192.168.2.16 |
Oct 2, 2024 18:59:41.646363974 CEST | 443 | 49703 | 184.28.90.27 | 192.168.2.16 |
Oct 2, 2024 18:59:41.646420956 CEST | 49703 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 2, 2024 18:59:41.646486044 CEST | 49703 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 2, 2024 18:59:41.646511078 CEST | 443 | 49703 | 184.28.90.27 | 192.168.2.16 |
Oct 2, 2024 18:59:41.646523952 CEST | 49703 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 2, 2024 18:59:41.646528959 CEST | 443 | 49703 | 184.28.90.27 | 192.168.2.16 |
Oct 2, 2024 18:59:41.677917004 CEST | 49704 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 2, 2024 18:59:41.677975893 CEST | 443 | 49704 | 184.28.90.27 | 192.168.2.16 |
Oct 2, 2024 18:59:41.678245068 CEST | 49704 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 2, 2024 18:59:41.678514957 CEST | 49704 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 2, 2024 18:59:41.678527117 CEST | 443 | 49704 | 184.28.90.27 | 192.168.2.16 |
Oct 2, 2024 18:59:42.340591908 CEST | 443 | 49704 | 184.28.90.27 | 192.168.2.16 |
Oct 2, 2024 18:59:42.340751886 CEST | 49704 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 2, 2024 18:59:42.342106104 CEST | 49704 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 2, 2024 18:59:42.342116117 CEST | 443 | 49704 | 184.28.90.27 | 192.168.2.16 |
Oct 2, 2024 18:59:42.342344046 CEST | 443 | 49704 | 184.28.90.27 | 192.168.2.16 |
Oct 2, 2024 18:59:42.343329906 CEST | 49704 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 2, 2024 18:59:42.383394957 CEST | 443 | 49704 | 184.28.90.27 | 192.168.2.16 |
Oct 2, 2024 18:59:42.622958899 CEST | 443 | 49704 | 184.28.90.27 | 192.168.2.16 |
Oct 2, 2024 18:59:42.623034000 CEST | 443 | 49704 | 184.28.90.27 | 192.168.2.16 |
Oct 2, 2024 18:59:42.623092890 CEST | 49704 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 2, 2024 18:59:42.623517036 CEST | 49704 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 2, 2024 18:59:42.623538017 CEST | 443 | 49704 | 184.28.90.27 | 192.168.2.16 |
Oct 2, 2024 18:59:42.623550892 CEST | 49704 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 2, 2024 18:59:42.623557091 CEST | 443 | 49704 | 184.28.90.27 | 192.168.2.16 |
Oct 2, 2024 18:59:42.819909096 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Oct 2, 2024 18:59:43.122550011 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Oct 2, 2024 18:59:43.725332022 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Oct 2, 2024 18:59:43.977539062 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Oct 2, 2024 18:59:44.931786060 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Oct 2, 2024 18:59:45.122503996 CEST | 49707 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:45.122550011 CEST | 443 | 49707 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:45.122617006 CEST | 49707 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:45.145294905 CEST | 49707 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:45.145309925 CEST | 443 | 49707 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:46.163371086 CEST | 443 | 49707 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:46.163496971 CEST | 49707 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:46.194454908 CEST | 49707 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:46.194474936 CEST | 443 | 49707 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:46.194905996 CEST | 443 | 49707 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:46.196348906 CEST | 49707 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:46.196348906 CEST | 49707 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:46.196458101 CEST | 443 | 49707 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:46.509119034 CEST | 443 | 49707 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:46.509151936 CEST | 443 | 49707 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:46.509187937 CEST | 443 | 49707 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:46.509203911 CEST | 49707 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:46.509215117 CEST | 443 | 49707 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:46.509275913 CEST | 49707 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:46.509795904 CEST | 49707 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:46.509830952 CEST | 49707 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:46.509861946 CEST | 443 | 49707 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:46.509926081 CEST | 443 | 49707 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:46.625086069 CEST | 49708 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:46.625128984 CEST | 443 | 49708 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:46.625209093 CEST | 49708 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:46.625587940 CEST | 49708 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:46.625602961 CEST | 443 | 49708 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:46.835434914 CEST | 49709 | 443 | 192.168.2.16 | 4.245.163.56 |
Oct 2, 2024 18:59:46.835484982 CEST | 443 | 49709 | 4.245.163.56 | 192.168.2.16 |
Oct 2, 2024 18:59:46.835552931 CEST | 49709 | 443 | 192.168.2.16 | 4.245.163.56 |
Oct 2, 2024 18:59:46.836752892 CEST | 49709 | 443 | 192.168.2.16 | 4.245.163.56 |
Oct 2, 2024 18:59:46.836767912 CEST | 443 | 49709 | 4.245.163.56 | 192.168.2.16 |
Oct 2, 2024 18:59:47.261790991 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Oct 2, 2024 18:59:47.341559887 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Oct 2, 2024 18:59:47.521842003 CEST | 443 | 49708 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:47.521977901 CEST | 49708 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:47.524182081 CEST | 49708 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:47.524209023 CEST | 443 | 49708 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:47.524472952 CEST | 443 | 49708 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:47.525058031 CEST | 49708 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:47.525058031 CEST | 49708 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:47.525105000 CEST | 443 | 49708 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:47.565934896 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Oct 2, 2024 18:59:47.708246946 CEST | 443 | 49709 | 4.245.163.56 | 192.168.2.16 |
Oct 2, 2024 18:59:47.709909916 CEST | 49709 | 443 | 192.168.2.16 | 4.245.163.56 |
Oct 2, 2024 18:59:47.709909916 CEST | 49709 | 443 | 192.168.2.16 | 4.245.163.56 |
Oct 2, 2024 18:59:47.709938049 CEST | 443 | 49709 | 4.245.163.56 | 192.168.2.16 |
Oct 2, 2024 18:59:47.710369110 CEST | 443 | 49709 | 4.245.163.56 | 192.168.2.16 |
Oct 2, 2024 18:59:47.757548094 CEST | 49709 | 443 | 192.168.2.16 | 4.245.163.56 |
Oct 2, 2024 18:59:47.776369095 CEST | 49709 | 443 | 192.168.2.16 | 4.245.163.56 |
Oct 2, 2024 18:59:47.784378052 CEST | 443 | 49708 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:47.784398079 CEST | 443 | 49708 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:47.784440041 CEST | 443 | 49708 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:47.784518003 CEST | 443 | 49708 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:47.784552097 CEST | 49708 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:47.784552097 CEST | 49708 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:47.784631014 CEST | 49708 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:47.784876108 CEST | 49708 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:47.784876108 CEST | 49708 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:47.784897089 CEST | 443 | 49708 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:47.784900904 CEST | 443 | 49708 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:47.823409081 CEST | 443 | 49709 | 4.245.163.56 | 192.168.2.16 |
Oct 2, 2024 18:59:47.892508984 CEST | 49710 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:47.892570972 CEST | 443 | 49710 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:47.893224955 CEST | 49710 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:47.893285990 CEST | 49710 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:47.893296003 CEST | 443 | 49710 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:48.033677101 CEST | 443 | 49709 | 4.245.163.56 | 192.168.2.16 |
Oct 2, 2024 18:59:48.033701897 CEST | 443 | 49709 | 4.245.163.56 | 192.168.2.16 |
Oct 2, 2024 18:59:48.033710957 CEST | 443 | 49709 | 4.245.163.56 | 192.168.2.16 |
Oct 2, 2024 18:59:48.033720970 CEST | 443 | 49709 | 4.245.163.56 | 192.168.2.16 |
Oct 2, 2024 18:59:48.033751965 CEST | 443 | 49709 | 4.245.163.56 | 192.168.2.16 |
Oct 2, 2024 18:59:48.033802032 CEST | 49709 | 443 | 192.168.2.16 | 4.245.163.56 |
Oct 2, 2024 18:59:48.033838034 CEST | 443 | 49709 | 4.245.163.56 | 192.168.2.16 |
Oct 2, 2024 18:59:48.033869028 CEST | 49709 | 443 | 192.168.2.16 | 4.245.163.56 |
Oct 2, 2024 18:59:48.034121037 CEST | 49709 | 443 | 192.168.2.16 | 4.245.163.56 |
Oct 2, 2024 18:59:48.034193039 CEST | 443 | 49709 | 4.245.163.56 | 192.168.2.16 |
Oct 2, 2024 18:59:48.034415960 CEST | 443 | 49709 | 4.245.163.56 | 192.168.2.16 |
Oct 2, 2024 18:59:48.034441948 CEST | 49709 | 443 | 192.168.2.16 | 4.245.163.56 |
Oct 2, 2024 18:59:48.034565926 CEST | 49709 | 443 | 192.168.2.16 | 4.245.163.56 |
Oct 2, 2024 18:59:48.045752048 CEST | 49709 | 443 | 192.168.2.16 | 4.245.163.56 |
Oct 2, 2024 18:59:48.045789003 CEST | 443 | 49709 | 4.245.163.56 | 192.168.2.16 |
Oct 2, 2024 18:59:48.045866013 CEST | 49709 | 443 | 192.168.2.16 | 4.245.163.56 |
Oct 2, 2024 18:59:48.045874119 CEST | 443 | 49709 | 4.245.163.56 | 192.168.2.16 |
Oct 2, 2024 18:59:48.170620918 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Oct 2, 2024 18:59:48.658554077 CEST | 443 | 49710 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:48.659158945 CEST | 49710 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:48.659166098 CEST | 443 | 49710 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:48.660078049 CEST | 49710 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:48.660078049 CEST | 49710 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:48.660096884 CEST | 443 | 49710 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:48.660104990 CEST | 443 | 49710 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:49.014308929 CEST | 443 | 49710 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:49.014336109 CEST | 443 | 49710 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:49.014380932 CEST | 443 | 49710 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:49.014451027 CEST | 443 | 49710 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:49.014465094 CEST | 49710 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:49.014465094 CEST | 49710 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:49.014735937 CEST | 49710 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:49.014939070 CEST | 49710 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:49.014939070 CEST | 49710 | 443 | 192.168.2.16 | 40.126.31.69 |
Oct 2, 2024 18:59:49.014954090 CEST | 443 | 49710 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:49.014957905 CEST | 443 | 49710 | 40.126.31.69 | 192.168.2.16 |
Oct 2, 2024 18:59:49.384521961 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Oct 2, 2024 18:59:51.795568943 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Oct 2, 2024 18:59:52.146564960 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Oct 2, 2024 18:59:52.372976065 CEST | 49713 | 443 | 192.168.2.16 | 52.204.90.22 |
Oct 2, 2024 18:59:52.373009920 CEST | 443 | 49713 | 52.204.90.22 | 192.168.2.16 |
Oct 2, 2024 18:59:52.373073101 CEST | 49713 | 443 | 192.168.2.16 | 52.204.90.22 |
Oct 2, 2024 18:59:52.373349905 CEST | 49713 | 443 | 192.168.2.16 | 52.204.90.22 |
Oct 2, 2024 18:59:52.373366117 CEST | 443 | 49713 | 52.204.90.22 | 192.168.2.16 |
Oct 2, 2024 18:59:53.549715042 CEST | 443 | 49713 | 52.204.90.22 | 192.168.2.16 |
Oct 2, 2024 18:59:53.553663015 CEST | 49713 | 443 | 192.168.2.16 | 52.204.90.22 |
Oct 2, 2024 18:59:53.553673983 CEST | 443 | 49713 | 52.204.90.22 | 192.168.2.16 |
Oct 2, 2024 18:59:53.554855108 CEST | 443 | 49713 | 52.204.90.22 | 192.168.2.16 |
Oct 2, 2024 18:59:53.554929018 CEST | 49713 | 443 | 192.168.2.16 | 52.204.90.22 |
Oct 2, 2024 18:59:53.559911013 CEST | 49713 | 443 | 192.168.2.16 | 52.204.90.22 |
Oct 2, 2024 18:59:53.560019970 CEST | 443 | 49713 | 52.204.90.22 | 192.168.2.16 |
Oct 2, 2024 18:59:53.560185909 CEST | 49713 | 443 | 192.168.2.16 | 52.204.90.22 |
Oct 2, 2024 18:59:53.560204029 CEST | 443 | 49713 | 52.204.90.22 | 192.168.2.16 |
Oct 2, 2024 18:59:53.582592964 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Oct 2, 2024 18:59:53.614562988 CEST | 49713 | 443 | 192.168.2.16 | 52.204.90.22 |
Oct 2, 2024 18:59:53.671360970 CEST | 443 | 49713 | 52.204.90.22 | 192.168.2.16 |
Oct 2, 2024 18:59:53.671444893 CEST | 443 | 49713 | 52.204.90.22 | 192.168.2.16 |
Oct 2, 2024 18:59:53.671562910 CEST | 49713 | 443 | 192.168.2.16 | 52.204.90.22 |
Oct 2, 2024 18:59:53.672030926 CEST | 49713 | 443 | 192.168.2.16 | 52.204.90.22 |
Oct 2, 2024 18:59:53.672048092 CEST | 443 | 49713 | 52.204.90.22 | 192.168.2.16 |
Oct 2, 2024 18:59:53.734319925 CEST | 49716 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:53.734365940 CEST | 443 | 49716 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:53.734436989 CEST | 49716 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:53.734791994 CEST | 49716 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:53.734805107 CEST | 443 | 49716 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:54.398159027 CEST | 443 | 49716 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:54.398432970 CEST | 49716 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:54.398461103 CEST | 443 | 49716 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:54.399635077 CEST | 443 | 49716 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:54.399734020 CEST | 49716 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:54.400579929 CEST | 49716 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:54.400655031 CEST | 443 | 49716 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:54.400801897 CEST | 49716 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:54.400814056 CEST | 443 | 49716 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:54.443563938 CEST | 49716 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:54.734853983 CEST | 443 | 49716 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:54.734931946 CEST | 443 | 49716 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:54.734977961 CEST | 49716 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:54.734977961 CEST | 49716 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:54.736109972 CEST | 49716 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:54.736128092 CEST | 443 | 49716 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:54.763700962 CEST | 49718 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:54.763736963 CEST | 443 | 49718 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:54.763920069 CEST | 49718 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:54.764183044 CEST | 49718 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:54.764195919 CEST | 443 | 49718 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:55.440035105 CEST | 443 | 49718 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:55.440264940 CEST | 49718 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:55.440284014 CEST | 443 | 49718 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:55.440593004 CEST | 443 | 49718 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:55.440846920 CEST | 49718 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:55.440912008 CEST | 443 | 49718 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:55.440948009 CEST | 49718 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:55.483436108 CEST | 443 | 49718 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:55.494594097 CEST | 49718 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:55.601429939 CEST | 443 | 49718 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:55.601463079 CEST | 443 | 49718 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:55.601512909 CEST | 49718 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:55.601526976 CEST | 443 | 49718 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:55.601732969 CEST | 49718 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:55.602466106 CEST | 49718 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:55.602514029 CEST | 443 | 49718 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:55.602634907 CEST | 49718 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:55.682903051 CEST | 49722 | 443 | 192.168.2.16 | 13.107.246.45 |
Oct 2, 2024 18:59:55.682940960 CEST | 443 | 49722 | 13.107.246.45 | 192.168.2.16 |
Oct 2, 2024 18:59:55.683099985 CEST | 49722 | 443 | 192.168.2.16 | 13.107.246.45 |
Oct 2, 2024 18:59:55.683315039 CEST | 49722 | 443 | 192.168.2.16 | 13.107.246.45 |
Oct 2, 2024 18:59:55.683322906 CEST | 443 | 49722 | 13.107.246.45 | 192.168.2.16 |
Oct 2, 2024 18:59:55.793626070 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:55.793661118 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:55.793734074 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:55.793950081 CEST | 49725 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:55.793989897 CEST | 443 | 49725 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:55.794239998 CEST | 49725 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:55.794241905 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:55.794251919 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:55.794435024 CEST | 49725 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:55.794449091 CEST | 443 | 49725 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.352489948 CEST | 443 | 49722 | 13.107.246.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.352694035 CEST | 49722 | 443 | 192.168.2.16 | 13.107.246.45 |
Oct 2, 2024 18:59:56.352706909 CEST | 443 | 49722 | 13.107.246.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.354002953 CEST | 443 | 49722 | 13.107.246.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.354070902 CEST | 49722 | 443 | 192.168.2.16 | 13.107.246.45 |
Oct 2, 2024 18:59:56.354465008 CEST | 49722 | 443 | 192.168.2.16 | 13.107.246.45 |
Oct 2, 2024 18:59:56.354527950 CEST | 443 | 49722 | 13.107.246.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.354696035 CEST | 49722 | 443 | 192.168.2.16 | 13.107.246.45 |
Oct 2, 2024 18:59:56.354705095 CEST | 443 | 49722 | 13.107.246.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.401732922 CEST | 49722 | 443 | 192.168.2.16 | 13.107.246.45 |
Oct 2, 2024 18:59:56.450395107 CEST | 443 | 49725 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.450681925 CEST | 49725 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.450699091 CEST | 443 | 49725 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.451237917 CEST | 443 | 49725 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.451668978 CEST | 49725 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.451668978 CEST | 49725 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.451745033 CEST | 443 | 49725 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.464179993 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.464384079 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.464412928 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.465473890 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.465543032 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.465914011 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.465984106 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.466052055 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.497617006 CEST | 49725 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.511406898 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.512722015 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.512749910 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.538634062 CEST | 443 | 49722 | 13.107.246.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.538677931 CEST | 443 | 49722 | 13.107.246.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.538750887 CEST | 49722 | 443 | 192.168.2.16 | 13.107.246.45 |
Oct 2, 2024 18:59:56.538770914 CEST | 443 | 49722 | 13.107.246.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.538830996 CEST | 49722 | 443 | 192.168.2.16 | 13.107.246.45 |
Oct 2, 2024 18:59:56.539652109 CEST | 49722 | 443 | 192.168.2.16 | 13.107.246.45 |
Oct 2, 2024 18:59:56.539680004 CEST | 443 | 49722 | 13.107.246.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.560628891 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.602819920 CEST | 443 | 49725 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.602955103 CEST | 49725 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.602974892 CEST | 443 | 49725 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.604744911 CEST | 443 | 49725 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.604827881 CEST | 49725 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.604827881 CEST | 49725 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.604837894 CEST | 443 | 49725 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.606456995 CEST | 49725 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.608273029 CEST | 49727 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.608339071 CEST | 443 | 49727 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.608443975 CEST | 49727 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.608674049 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Oct 2, 2024 18:59:56.608748913 CEST | 49727 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.608762980 CEST | 443 | 49727 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.642035007 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.642061949 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.642070055 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.642151117 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.642199993 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.642211914 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.642224073 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.642256021 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.642261982 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.642277956 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.642283916 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.642318964 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.687592983 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.722873926 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.722887993 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.723007917 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.723025084 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.723042965 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.723051071 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.723074913 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.723088026 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.723102093 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.723130941 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.725924969 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.726003885 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.726006985 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.726021051 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.726057053 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.808631897 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.808660030 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.808742046 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.808773041 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.808840990 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.808913946 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.808970928 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.808976889 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.810838938 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.810858011 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.810914040 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.810933113 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.810955048 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.819236040 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.819314957 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.819422960 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.819422960 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.819454908 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.819514036 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.820174932 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.820198059 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.820261955 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.820266962 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.820441008 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.897531033 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.897556067 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.897664070 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.897692919 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.897753000 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.898669958 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.898689032 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.898766994 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.898793936 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.899158001 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.899758101 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.899779081 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.899828911 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.899837971 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.899864912 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.899889946 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.907593012 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.907622099 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.907711983 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.907718897 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.908062935 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.908081055 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.908129930 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.908135891 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.908165932 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.908843040 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.908857107 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.908930063 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.908936977 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.957592010 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.985471010 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.985496044 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.985598087 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.985625029 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.985676050 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.985847950 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.985865116 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.985937119 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.985941887 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.986471891 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.986493111 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.986561060 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.986566067 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.987274885 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.987289906 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.987354040 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.987360954 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.987667084 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.987715960 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.987720966 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.987778902 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.987818003 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.987823009 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.987843037 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.996072054 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.996109962 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.996229887 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.996229887 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.996239901 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.996319056 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.996763945 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.996784925 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.996855974 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.996855974 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:56.996860981 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:56.997860909 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:57.073915958 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:57.073951006 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:57.074022055 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:57.074050903 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:57.074069977 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:57.074100018 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:57.074492931 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:57.074513912 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:57.074592113 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:57.074601889 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:57.074918985 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:57.074986935 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:57.074995995 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:57.075153112 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:57.075170994 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:57.075211048 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:57.075217962 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:57.075231075 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:57.075716972 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:57.075786114 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:57.075836897 CEST | 49724 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:57.075854063 CEST | 443 | 49724 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:57.128956079 CEST | 49728 | 443 | 192.168.2.16 | 216.58.212.164 |
Oct 2, 2024 18:59:57.129009008 CEST | 443 | 49728 | 216.58.212.164 | 192.168.2.16 |
Oct 2, 2024 18:59:57.129296064 CEST | 49728 | 443 | 192.168.2.16 | 216.58.212.164 |
Oct 2, 2024 18:59:57.129297018 CEST | 49728 | 443 | 192.168.2.16 | 216.58.212.164 |
Oct 2, 2024 18:59:57.129336119 CEST | 443 | 49728 | 216.58.212.164 | 192.168.2.16 |
Oct 2, 2024 18:59:57.269135952 CEST | 443 | 49727 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:57.269609928 CEST | 49727 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:57.269643068 CEST | 443 | 49727 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:57.270020008 CEST | 443 | 49727 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:57.270313025 CEST | 49727 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:57.270384073 CEST | 443 | 49727 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:57.270430088 CEST | 49727 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:57.311413050 CEST | 443 | 49727 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:57.321619034 CEST | 49727 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:57.426851988 CEST | 443 | 49727 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:57.426939964 CEST | 49727 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:57.426995993 CEST | 443 | 49727 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:57.427020073 CEST | 443 | 49727 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:57.427076101 CEST | 49727 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:57.427792072 CEST | 49727 | 443 | 192.168.2.16 | 13.107.253.45 |
Oct 2, 2024 18:59:57.427809954 CEST | 443 | 49727 | 13.107.253.45 | 192.168.2.16 |
Oct 2, 2024 18:59:57.429900885 CEST | 49729 | 443 | 192.168.2.16 | 13.107.246.45 |
Oct 2, 2024 18:59:57.429939985 CEST | 443 | 49729 | 13.107.246.45 | 192.168.2.16 |
Oct 2, 2024 18:59:57.430041075 CEST | 49729 | 443 | 192.168.2.16 | 13.107.246.45 |
Oct 2, 2024 18:59:57.430345058 CEST | 49729 | 443 | 192.168.2.16 | 13.107.246.45 |
Oct 2, 2024 18:59:57.430361032 CEST | 443 | 49729 | 13.107.246.45 | 192.168.2.16 |
Oct 2, 2024 18:59:57.784110069 CEST | 443 | 49728 | 216.58.212.164 | 192.168.2.16 |
Oct 2, 2024 18:59:57.784549952 CEST | 49728 | 443 | 192.168.2.16 | 216.58.212.164 |
Oct 2, 2024 18:59:57.784590006 CEST | 443 | 49728 | 216.58.212.164 | 192.168.2.16 |
Oct 2, 2024 18:59:57.785672903 CEST | 443 | 49728 | 216.58.212.164 | 192.168.2.16 |
Oct 2, 2024 18:59:57.786722898 CEST | 49728 | 443 | 192.168.2.16 | 216.58.212.164 |
Oct 2, 2024 18:59:57.786958933 CEST | 49728 | 443 | 192.168.2.16 | 216.58.212.164 |
Oct 2, 2024 18:59:57.787029982 CEST | 443 | 49728 | 216.58.212.164 | 192.168.2.16 |
Oct 2, 2024 18:59:57.832669020 CEST | 49728 | 443 | 192.168.2.16 | 216.58.212.164 |
Oct 2, 2024 18:59:57.832686901 CEST | 443 | 49728 | 216.58.212.164 | 192.168.2.16 |
Oct 2, 2024 18:59:57.880922079 CEST | 49728 | 443 | 192.168.2.16 | 216.58.212.164 |
Oct 2, 2024 18:59:58.082952976 CEST | 443 | 49729 | 13.107.246.45 | 192.168.2.16 |
Oct 2, 2024 18:59:58.083261967 CEST | 49729 | 443 | 192.168.2.16 | 13.107.246.45 |
Oct 2, 2024 18:59:58.083281040 CEST | 443 | 49729 | 13.107.246.45 | 192.168.2.16 |
Oct 2, 2024 18:59:58.083657026 CEST | 443 | 49729 | 13.107.246.45 | 192.168.2.16 |
Oct 2, 2024 18:59:58.083978891 CEST | 49729 | 443 | 192.168.2.16 | 13.107.246.45 |
Oct 2, 2024 18:59:58.084048033 CEST | 443 | 49729 | 13.107.246.45 | 192.168.2.16 |
Oct 2, 2024 18:59:58.084089994 CEST | 49729 | 443 | 192.168.2.16 | 13.107.246.45 |
Oct 2, 2024 18:59:58.127443075 CEST | 443 | 49729 | 13.107.246.45 | 192.168.2.16 |
Oct 2, 2024 18:59:58.137619019 CEST | 49729 | 443 | 192.168.2.16 | 13.107.246.45 |
Oct 2, 2024 18:59:58.252518892 CEST | 443 | 49729 | 13.107.246.45 | 192.168.2.16 |
Oct 2, 2024 18:59:58.252623081 CEST | 49729 | 443 | 192.168.2.16 | 13.107.246.45 |
Oct 2, 2024 18:59:58.252660036 CEST | 443 | 49729 | 13.107.246.45 | 192.168.2.16 |
Oct 2, 2024 18:59:58.253072023 CEST | 443 | 49729 | 13.107.246.45 | 192.168.2.16 |
Oct 2, 2024 18:59:58.253140926 CEST | 49729 | 443 | 192.168.2.16 | 13.107.246.45 |
Oct 2, 2024 18:59:58.253529072 CEST | 49729 | 443 | 192.168.2.16 | 13.107.246.45 |
Oct 2, 2024 18:59:58.253551006 CEST | 443 | 49729 | 13.107.246.45 | 192.168.2.16 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 2, 2024 18:59:52.336235046 CEST | 53 | 49714 | 1.1.1.1 | 192.168.2.16 |
Oct 2, 2024 18:59:52.361619949 CEST | 57918 | 53 | 192.168.2.16 | 1.1.1.1 |
Oct 2, 2024 18:59:52.361824989 CEST | 65007 | 53 | 192.168.2.16 | 1.1.1.1 |
Oct 2, 2024 18:59:52.369070053 CEST | 53 | 57918 | 1.1.1.1 | 192.168.2.16 |
Oct 2, 2024 18:59:52.371104002 CEST | 53 | 65007 | 1.1.1.1 | 192.168.2.16 |
Oct 2, 2024 18:59:53.439954996 CEST | 53 | 49228 | 1.1.1.1 | 192.168.2.16 |
Oct 2, 2024 18:59:53.440009117 CEST | 53 | 56983 | 1.1.1.1 | 192.168.2.16 |
Oct 2, 2024 18:59:53.674371958 CEST | 55827 | 53 | 192.168.2.16 | 1.1.1.1 |
Oct 2, 2024 18:59:53.674674988 CEST | 64437 | 53 | 192.168.2.16 | 1.1.1.1 |
Oct 2, 2024 18:59:54.417081118 CEST | 53 | 64995 | 1.1.1.1 | 192.168.2.16 |
Oct 2, 2024 18:59:54.770272970 CEST | 53 | 62173 | 1.1.1.1 | 192.168.2.16 |
Oct 2, 2024 18:59:55.608417988 CEST | 61811 | 53 | 192.168.2.16 | 1.1.1.1 |
Oct 2, 2024 18:59:55.608566046 CEST | 51172 | 53 | 192.168.2.16 | 1.1.1.1 |
Oct 2, 2024 18:59:57.120269060 CEST | 49862 | 53 | 192.168.2.16 | 1.1.1.1 |
Oct 2, 2024 18:59:57.120364904 CEST | 53465 | 53 | 192.168.2.16 | 1.1.1.1 |
Oct 2, 2024 18:59:57.127598047 CEST | 53 | 53465 | 1.1.1.1 | 192.168.2.16 |
Oct 2, 2024 18:59:57.127957106 CEST | 53 | 49862 | 1.1.1.1 | 192.168.2.16 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 2, 2024 18:59:52.361619949 CEST | 192.168.2.16 | 1.1.1.1 | 0xd226 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:59:52.361824989 CEST | 192.168.2.16 | 1.1.1.1 | 0x9a44 | Standard query (0) | 65 | IN (0x0001) | false | |
Oct 2, 2024 18:59:53.674371958 CEST | 192.168.2.16 | 1.1.1.1 | 0x3b49 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:59:53.674674988 CEST | 192.168.2.16 | 1.1.1.1 | 0x3859 | Standard query (0) | 65 | IN (0x0001) | false | |
Oct 2, 2024 18:59:55.608417988 CEST | 192.168.2.16 | 1.1.1.1 | 0xc7cc | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:59:55.608566046 CEST | 192.168.2.16 | 1.1.1.1 | 0x4965 | Standard query (0) | 65 | IN (0x0001) | false | |
Oct 2, 2024 18:59:57.120269060 CEST | 192.168.2.16 | 1.1.1.1 | 0x4f6d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 18:59:57.120364904 CEST | 192.168.2.16 | 1.1.1.1 | 0x2e7c | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 2, 2024 18:59:52.369070053 CEST | 1.1.1.1 | 192.168.2.16 | 0xd226 | No error (0) | 52.204.90.22 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 18:59:52.369070053 CEST | 1.1.1.1 | 192.168.2.16 | 0xd226 | No error (0) | 52.6.56.188 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 18:59:52.369070053 CEST | 1.1.1.1 | 192.168.2.16 | 0xd226 | No error (0) | 52.71.28.102 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 18:59:53.719014883 CEST | 1.1.1.1 | 192.168.2.16 | 0x3859 | No error (0) | bdaout-ess-p-fd-hqh6dugmcuhxafg3.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 2, 2024 18:59:53.719014883 CEST | 1.1.1.1 | 192.168.2.16 | 0x3859 | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 2, 2024 18:59:53.733745098 CEST | 1.1.1.1 | 192.168.2.16 | 0x3b49 | No error (0) | bdaout-ess-p-fd-hqh6dugmcuhxafg3.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 2, 2024 18:59:53.733745098 CEST | 1.1.1.1 | 192.168.2.16 | 0x3b49 | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 2, 2024 18:59:53.733745098 CEST | 1.1.1.1 | 192.168.2.16 | 0x3b49 | No error (0) | azurefd-t-fb-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 2, 2024 18:59:53.733745098 CEST | 1.1.1.1 | 192.168.2.16 | 0x3b49 | No error (0) | s-part-0017.t-0009.fb-t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 2, 2024 18:59:53.733745098 CEST | 1.1.1.1 | 192.168.2.16 | 0x3b49 | No error (0) | 13.107.253.45 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 18:59:55.647362947 CEST | 1.1.1.1 | 192.168.2.16 | 0x4965 | No error (0) | bdaout-ess-p-fd-hqh6dugmcuhxafg3.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 2, 2024 18:59:55.647362947 CEST | 1.1.1.1 | 192.168.2.16 | 0x4965 | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 2, 2024 18:59:55.682224035 CEST | 1.1.1.1 | 192.168.2.16 | 0xc7cc | No error (0) | bdaout-ess-p-fd-hqh6dugmcuhxafg3.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 2, 2024 18:59:55.682224035 CEST | 1.1.1.1 | 192.168.2.16 | 0xc7cc | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 2, 2024 18:59:55.682224035 CEST | 1.1.1.1 | 192.168.2.16 | 0xc7cc | No error (0) | s-part-0017.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 2, 2024 18:59:55.682224035 CEST | 1.1.1.1 | 192.168.2.16 | 0xc7cc | No error (0) | 13.107.246.45 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 18:59:57.127598047 CEST | 1.1.1.1 | 192.168.2.16 | 0x2e7c | No error (0) | 65 | IN (0x0001) | false | |||
Oct 2, 2024 18:59:57.127957106 CEST | 1.1.1.1 | 192.168.2.16 | 0x4f6d | No error (0) | 216.58.212.164 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
0 | 192.168.2.16 | 49703 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-02 16:59:41 UTC | 161 | OUT | |
2024-10-02 16:59:41 UTC | 466 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
1 | 192.168.2.16 | 49704 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-02 16:59:42 UTC | 239 | OUT | |
2024-10-02 16:59:42 UTC | 514 | IN | |
2024-10-02 16:59:42 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.16 | 49707 | 40.126.31.69 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-02 16:59:46 UTC | 422 | OUT | |
2024-10-02 16:59:46 UTC | 3592 | OUT | |
2024-10-02 16:59:46 UTC | 569 | IN | |
2024-10-02 16:59:46 UTC | 11389 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.16 | 49708 | 40.126.31.69 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-02 16:59:47 UTC | 422 | OUT | |
2024-10-02 16:59:47 UTC | 4775 | OUT | |
2024-10-02 16:59:47 UTC | 569 | IN | |
2024-10-02 16:59:47 UTC | 11409 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.16 | 49709 | 4.245.163.56 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-02 16:59:47 UTC | 306 | OUT | |
2024-10-02 16:59:48 UTC | 560 | IN | |
2024-10-02 16:59:48 UTC | 15824 | IN | |
2024-10-02 16:59:48 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.16 | 49710 | 40.126.31.69 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-02 16:59:48 UTC | 422 | OUT | |
2024-10-02 16:59:48 UTC | 4762 | OUT | |
2024-10-02 16:59:49 UTC | 569 | IN | |
2024-10-02 16:59:49 UTC | 10197 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.16 | 49713 | 52.204.90.22 | 443 | 3728 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-02 16:59:53 UTC | 806 | OUT | |
2024-10-02 16:59:53 UTC | 367 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.16 | 49716 | 13.107.253.45 | 443 | 3728 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-02 16:59:54 UTC | 673 | OUT | |
2024-10-02 16:59:54 UTC | 1691 | IN | |
2024-10-02 16:59:54 UTC | 1373 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.16 | 49718 | 13.107.253.45 | 443 | 3728 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-02 16:59:55 UTC | 576 | OUT | |
2024-10-02 16:59:55 UTC | 1683 | IN | |
2024-10-02 16:59:55 UTC | 2896 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.16 | 49722 | 13.107.246.45 | 443 | 3728 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-02 16:59:56 UTC | 359 | OUT | |
2024-10-02 16:59:56 UTC | 1683 | IN | |
2024-10-02 16:59:56 UTC | 2896 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.16 | 49725 | 13.107.253.45 | 443 | 3728 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-02 16:59:56 UTC | 567 | OUT | |
2024-10-02 16:59:56 UTC | 1675 | IN | |
2024-10-02 16:59:56 UTC | 393 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.16 | 49724 | 13.107.253.45 | 443 | 3728 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-02 16:59:56 UTC | 528 | OUT | |
2024-10-02 16:59:56 UTC | 1685 | IN | |
2024-10-02 16:59:56 UTC | 14699 | IN | |
2024-10-02 16:59:56 UTC | 135 | IN | |
2024-10-02 16:59:56 UTC | 16384 | IN | |
2024-10-02 16:59:56 UTC | 12288 | IN | |
2024-10-02 16:59:56 UTC | 16384 | IN | |
2024-10-02 16:59:56 UTC | 8192 | IN | |
2024-10-02 16:59:56 UTC | 16384 | IN | |
2024-10-02 16:59:56 UTC | 12288 | IN | |
2024-10-02 16:59:56 UTC | 16384 | IN | |
2024-10-02 16:59:56 UTC | 16384 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
12 | 192.168.2.16 | 49727 | 13.107.253.45 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-02 16:59:57 UTC | 597 | OUT | |
2024-10-02 16:59:57 UTC | 1691 | IN | |
2024-10-02 16:59:57 UTC | 1373 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
13 | 192.168.2.16 | 49729 | 13.107.246.45 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-02 16:59:58 UTC | 346 | OUT | |
2024-10-02 16:59:58 UTC | 1691 | IN | |
2024-10-02 16:59:58 UTC | 1373 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 12:59:38 |
Start date: | 02/10/2024 |
Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x650000 |
File size: | 34'446'744 bytes |
MD5 hash: | 91A5292942864110ED734005B7E005C0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 2 |
Start time: | 12:59:40 |
Start date: | 02/10/2024 |
Path: | C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ba030000 |
File size: | 710'048 bytes |
MD5 hash: | EC652BEDD90E089D9406AFED89A8A8BD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 10 |
Start time: | 12:59:51 |
Start date: | 02/10/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 11 |
Start time: | 12:59:51 |
Start date: | 02/10/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |