Windows
Analysis Report
Your Document-7617432882-8AhEHNmrLR Ready.msg
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64_ra
- OUTLOOK.EXE (PID: 3976 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\OUTLO OK.EXE" /f "C:\Users \user\Desk top\Your D ocument-76 17432882-8 AhEHNmrLR Ready.msg" MD5: 91A5292942864110ED734005B7E005C0) - ai.exe (PID: 7124 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\vfs\ ProgramFil esCommonX6 4\Microsof t Shared\O ffice16\ai .exe" "D76 3B21E-F905 -4389-8DDF -48B451C19 AF8" "A05E 4E38-F0B6- 4C24-9C2B- 298096491B CF" "3976" "C:\Progr am Files ( x86)\Micro soft Offic e\Root\Off ice16\OUTL OOK.EXE" " WordCombin edFloatieL reOnline.o nnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD) - chrome.exe (PID: 1840 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t C:\Users \user\AppD ata\Local\ Microsoft\ Windows\IN etCache\Co ntent.Outl ook\9G4C05 MQ\Reff_Vi ridium-gru ppe_191007 17156_NO6V dXQYzd.htm l MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 3688 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2152 --fi eld-trial- handle=176 4,i,602643 9444708380 704,725397 2043974281 439,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_BlockedWebSite | Yara detected BlockedWebSite | Joe Security |
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Source: | Author: frack113: |
Click to jump to signature section
Phishing |
---|
Source: | File source: |
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window found: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | File Volume queried: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 2 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 13 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 172.217.16.196 | true | false | unknown | |
qiczox0.ascenseurm8.com | 172.67.185.52 | true | false | unknown | |
lxnk1f.cheapestselfstorageunits.com | 72.167.142.137 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
false | unknown | ||
false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
172.217.16.196 | www.google.com | United States | 15169 | GOOGLEUS | false | |
72.167.142.137 | lxnk1f.cheapestselfstorageunits.com | United States | 26496 | AS-26496-GO-DADDY-COM-LLCUS | false | |
172.67.185.52 | qiczox0.ascenseurm8.com | United States | 13335 | CLOUDFLARENETUS | false |
IP |
---|
192.168.2.16 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1525480 |
Start date and time: | 2024-10-04 09:55:32 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 35s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 16 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Your Document-7617432882-8AhEHNmrLR Ready.msg |
Detection: | MAL |
Classification: | mal48.phis.winMSG@19/29@6/5 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, prevhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.113.194.132, 2.20.245.139, 2.20.245.140, 52.109.68.130, 20.42.72.131, 172.217.18.3, 172.217.18.14, 74.125.133.84, 34.104.35.123, 20.189.173.11, 13.89.179.9, 104.208.16.88, 142.250.185.131, 20.189.173.24, 142.250.186.46, 20.189.173.8
- Excluded domains from analysis (whitelisted): omex.cdn.office.net, odc.officeapps.live.com, slscr.update.microsoft.com, europe.odcsm1.live.com.akadns.net, clientservices.googleapis.com, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, onedscolprdcus09.centralus.cloudapp.azure.com, onedscolprdwus07.westus.cloudapp.azure.com, clients2.google.com, onedscolprdwus10.westus.cloudapp.azure.com, update.googleapis.com, a1864.dscd.akamai.net, clients1.google.com, ecs.office.com, fs.microsoft.com, accounts.google.com, frc-azsc-000.odc.officeapps.live.com, s-0005-office.config.skype.com, onedscolprdcus08.centralus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, s-0005.s-msedge.net, osiprod-frc-bronze-azsc-000.francecentral.cloudapp.azure.com, onedscolprdeus00.eastus.cloudapp.azure.com, onedscolprdwus23.westus.cloudapp.azure.com, ecs.office.trafficmanager.net, clients.l.google.com, omex.cdn.office.net.akamaized.net, prod.odcsm1.live.com.akadns.net, mobile.events.data.trafficmanage
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtCreateFile calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadFile calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
- Report size getting too big, too many NtSetValueKey calls found.
Input | Output |
---|---|
URL: Email Model: jbxai | { "brand":[], "contains_trigger_text":true, "trigger_text":"You don't often get email from shane@christoff.ie. Learn why this is important", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false} |
URL: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/9G4C05MQ/Reff_Viridium-gruppe_19100717156_NO6VdXQYzd.html Model: jbxai | { "brand":["Adobe"], "contains_trigger_text":true, "trigger_text":"YOUR DOCUMENT READY", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false} |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
239.255.255.250 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
72.167.142.137 | Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AS-26496-GO-DADDY-COM-LLCUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Phisher | Browse |
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 118 |
Entropy (8bit): | 3.5700810731231707 |
Encrypted: | false |
SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
MD5: | 573220372DA4ED487441611079B623CD |
SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 245980 |
Entropy (8bit): | 4.200267561141193 |
Encrypted: | false |
SSDEEP: | 1536:eUxyeYLcgsa53S/+gsjNcAz79ysQqt24qoQSrcm0FvWyEccmLtPYtuiuW:3UcgbSmgEmiGu24qoQSrt0FvtEBmLxM |
MD5: | 6296C86B1BF57E63526A764A41F36222 |
SHA1: | 4AB86FE1E327C733F5A99EC085D30ED2FD9397B4 |
SHA-256: | 2290FB9D50D10104E1D58960CBCDACDF408D7151E82B6B0DC3BB5C69FFEAEE60 |
SHA-512: | 708DD4D65049F6D5CB4EE7FB2E0806256B83D5846F7FE392BB6F2E116E31C4D4C5B18F06CCC7EC12BC4AF7D465ADA634C42038F265CF2361FCD67480ECE46C22 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.04477097850213721 |
Encrypted: | false |
SSDEEP: | 3:GtlxtjlJkjhzlxtjlJkjhOR9//8l1lvlll1lllwlvlllglbelDbllAlldl+l:GtKj5Kjm9X01PH4l942wU |
MD5: | CC88C06F9AF74857FEB9A79E4E65C3A6 |
SHA1: | 6BAA2707701BF8E27EC798C36F1D8E80651B3CB3 |
SHA-256: | 515524AE62B341366D31DAF2E7F16FFA5782E0418C70686BCF9E3853F20AB128 |
SHA-512: | DEE5F67317B9C26F110796FEDAE2157D1BCB4C89240B7482BD8049983B6E1811D2499BC91B20E9A5B35FAD18D06F15E04BBD53403D952DAE4985A62DB0B6042F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 49472 |
Entropy (8bit): | 0.4833303452914863 |
Encrypted: | false |
SSDEEP: | 48:g2cyQ1GUyUll7DYMrzO8VFDYMyD7yBO8VFDYML:g/MUtll48jVGD7YjVGC |
MD5: | 242774D324EE6765EF5A4A266B9F9534 |
SHA1: | F7076A40FCA11869067C4823144723D54AF81750 |
SHA-256: | 9E22C254C54DFF8B2E481581029E9427908396F27279F66A1EB053DA914FF061 |
SHA-512: | 24B80D666D203B41E315462361B261B7C814A49CDAF95C1B00DC438C150A47B9E4943DBAF1F6FC666408E55F456454ED7A2EE4721C6434B9B857BAF85708C29E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\9G4C05MQ\Reff_Viridium-gruppe_19100717156_NO6VdXQYzd (002).html
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 628554 |
Entropy (8bit): | 6.003536905446963 |
Encrypted: | false |
SSDEEP: | 12288:tMdJYJ8+mu+ItYC4ur4mGC9BV/iztJSQ8D366x8GKnUhtrpEw/a:tCzfu8mGCbV6pJShD366on+a |
MD5: | CFDF85A8C918B7BDC550C5F14E052BFA |
SHA1: | 2C9891C2623DA2A77F9DD8E8147B330811F7297B |
SHA-256: | 2A587477DFD177C34D246F3B7B86B5DB25DDD9CEFA796AC87E308F515F5E08B3 |
SHA-512: | 014721EBEB5C726F04F906F36DE31919B6468166D190502193C7C24C08C7B85E600221FD4F6B6E761CC7CB0965208A53E9B1D3D86CA0C52B088DE2B4D4B20F40 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\9G4C05MQ\Reff_Viridium-gruppe_19100717156_NO6VdXQYzd (002).html:Zone.Identifier
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:gAWY3n:qY3n |
MD5: | FBCCF14D504B7B2DBCB5A5BDA75BD93B |
SHA1: | D59FC84CDD5217C6CF74785703655F78DA6B582B |
SHA-256: | EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913 |
SHA-512: | AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\9G4C05MQ\Reff_Viridium-gruppe_19100717156_NO6VdXQYzd.html
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 628554 |
Entropy (8bit): | 6.003536905446963 |
Encrypted: | false |
SSDEEP: | 12288:tMdJYJ8+mu+ItYC4ur4mGC9BV/iztJSQ8D366x8GKnUhtrpEw/a:tCzfu8mGCbV6pJShD366on+a |
MD5: | CFDF85A8C918B7BDC550C5F14E052BFA |
SHA1: | 2C9891C2623DA2A77F9DD8E8147B330811F7297B |
SHA-256: | 2A587477DFD177C34D246F3B7B86B5DB25DDD9CEFA796AC87E308F515F5E08B3 |
SHA-512: | 014721EBEB5C726F04F906F36DE31919B6468166D190502193C7C24C08C7B85E600221FD4F6B6E761CC7CB0965208A53E9B1D3D86CA0C52B088DE2B4D4B20F40 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\9G4C05MQ\Reff_Viridium-gruppe_19100717156_NO6VdXQYzd.html:Zone.Identifier
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:gAWY3n:qY3n |
MD5: | FBCCF14D504B7B2DBCB5A5BDA75BD93B |
SHA1: | D59FC84CDD5217C6CF74785703655F78DA6B582B |
SHA-256: | EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913 |
SHA-512: | AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{D4CAC70D-CE29-4491-8290-18AE3B736896}.tmp
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1604 |
Entropy (8bit): | 1.1599728868007908 |
Encrypted: | false |
SSDEEP: | 6:t+RCNl8a+5MVkEDA011Uxs9AKY2EAhkly/n8irwl27D1lXMvOwWlqH4/rH:tXz+5uk+j11ML2Vkl5iklm1lXUIH |
MD5: | 5890A7112C1FE6A73A3C026ECDBD4877 |
SHA1: | DA93FA6376E76BF24B05A23628C7CB11A9FBBEF2 |
SHA-256: | F130A227CE57F1018700DEF8DA6175A4FE4CA952F558E2329758B3427E6A8D53 |
SHA-512: | 3A5E0FF1C06FF281904DD8FF121B81D377A6C0551FFBA1D32D8AFDF23B972FF87DDC56CEBBC6D153E842476A9C60829BB036A49B88864E64446A84D39B0BEE27 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728028569099865600_50C28BED-DEBA-4E65-9242-951D7A758EEA.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.1762081785244253 |
Encrypted: | false |
SSDEEP: | 1536:6IjpvqvKT6NSDqrWS0LqYy7Hxb98Mvvj0tRTh5VN+wklBV5P8:jqCASD9d6tmU |
MD5: | E86CDF7B129696D4A46C90B9488A3003 |
SHA1: | 670319DDBBFADD052B20D0A12796AEB8DEA29F07 |
SHA-256: | 30824DC3A398B99AD4483E87FDCAD022ADCB6135DED70F0B5A931B24B7AA952E |
SHA-512: | 7F8A0C4596CD1F8DC5614B1DAFA26356682E22BD9695668C7DF0F94948D8D51B0A54177ABADE28EF7FA6FD9F10062975322479362C9113B95DAE51979E736F3C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728028569100526500_50C28BED-DEBA-4E65-9242-951D7A758EEA.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | 8F4E33F3DC3E414FF94E5FB6905CBA8C |
SHA1: | 9674344C90C2F0646F0B78026E127C9B86E3AD77 |
SHA-256: | CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC |
SHA-512: | 7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241004T0356030769-3976.etl
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 94208 |
Entropy (8bit): | 4.495602934967732 |
Encrypted: | false |
SSDEEP: | 1536:hqsB+CYb2K2lXdOxc8x2AJiapEZs4E09K7TBDXes9GafXjyPJ8czVW+Xlz1UL1rV:hqsB+CYb2K2lXdOxc8x2AJiapEZs4E0w |
MD5: | 6924ACABC3B19EDC396B2A8776F16A44 |
SHA1: | 655C222CFCF280799D46735F89F8934ED4F2A129 |
SHA-256: | A6E0483744109A171868217B1F5A4926401A355895ACE21149C17A12C371243F |
SHA-512: | EA2992BBBE6BE72F169BE985C6D47DC70FA3CC9042266D1B95D1205041935CCCB2632C190A0CBE32E3B00CB9A876BB1ADE6407DA5421942C3EFFC488F9F38678 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 16384 |
Entropy (8bit): | 0.3613836054883338 |
Encrypted: | false |
SSDEEP: | 3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X |
MD5: | 679672A5004E0AF50529F33DB5469699 |
SHA1: | 427A4EC3281C9C4FAEB47A22FFBE7CA3E928AFB0 |
SHA-256: | 205D000AA762F3A96AC3AD4B25D791B5F7FC8EFB9056B78F299F671A02B9FD21 |
SHA-512: | F8615C5E5CF768A94E06961C7C8BEF99BEB43E004A882A4E384F5DD56E047CA59B963A59971F78DCF4C35D1BB92D3A9BC7055BFA3A0D597635DE1A9CE06A3476 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 163840 |
Entropy (8bit): | 0.4315442876741041 |
Encrypted: | false |
SSDEEP: | 192:nh8VgIkC3/POesfHJlc+zkUp11A9sSB1qAbAWWvn2Ngz0XHWQOoWNh/:hE3ka/PzkHJlUUpWsSBEManZz0XHOo |
MD5: | BA99E01206B40786FFDD1BD2024768CB |
SHA1: | 846107401F3D99DD7BC033509728ED9FEA9B32F0 |
SHA-256: | 69E171255C9543B348804D18C659ACCDC9AD09C0D4D6DDE963A21982E3C515AE |
SHA-512: | 34042C26E419170858235B4D972EF9EA810D8EC518D764005796BF6E08822011C331FB36DDC037729CD696ACD230304C358E1C9623CD65D6D2B473967647BBE6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 1.2389205950315936 |
Encrypted: | false |
SSDEEP: | 3:QG1:Q |
MD5: | 4AEC40D7634FA7FADD5874CC353F47FD |
SHA1: | 797AC7C3264FC10CE83DCBC5033128FCCF893FF2 |
SHA-256: | C2ABAB62073DAF608A4B62E60D59ED2876F21AB700411211DE98915FBD873862 |
SHA-512: | D1F085BA8724A01903FDD14670F2F0AFA9883A4B445BBB6E4A693484CCC3666F0F3E304A78451A87BB4AB6564FBB1D69837B7E2EA087CB564E862461C2564D59 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 16384 |
Entropy (8bit): | 0.6699531924659474 |
Encrypted: | false |
SSDEEP: | 12:rl3baFYqLKeTy2MyheC8T23BMyhe+S7wzQe9zNMyhe+S7xMyheCgOGm:rmmnq1Pj961g3m |
MD5: | 2914100119A60720FC888A030BA73820 |
SHA1: | 1E0B28C969F51B3C33D6220864F57604D1ED0315 |
SHA-256: | E96BA373B861EEBE85D543B587F89553811C2A5FCFF8BE243DADC9770D2D9471 |
SHA-512: | D0995D048D1DE6F91D2C86487152BABA5C7722880925B15F4890BFBBFCCB6F1B057759F27608DE9260AD586C6C0AF72C9F67CABF34C8BF31D0FDDC6B2AB8EE27 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.989193800691251 |
Encrypted: | false |
SSDEEP: | 48:8EdEcTkAPJwHCidAKZdA1FehwiZUklqeh1y+3:8DcQUJFyy |
MD5: | DD1B975813D64262359DCF25F443FF05 |
SHA1: | DDE9D055111057CDD3ACF56510E76017E38D3E38 |
SHA-256: | 3A9A738A5FEEAB9FB6DB2E053564D78CB1FE945E795360952079795FE4411464 |
SHA-512: | 0E040E576AD35FD0495FC23B84BDDF26242AD9920B6D9093C70CCBA95F8E807DE882C5D370CA67EEBD24D1BAD3BCD5BE9557FF1AFDCC39A4A97FE116492A66F0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 4.006104065849977 |
Encrypted: | false |
SSDEEP: | 48:8HdEcTkAPJwHCidAKZdA1seh/iZUkAQkqehiy+2:8+cQUJb9Qvy |
MD5: | 017D21944A217F5A5B2D52BC61B98185 |
SHA1: | 5457A2219651D613B5F0F97CB68F75BA21FA9E9F |
SHA-256: | 036841B47F60179FB07AD413A3BB4784A06A8EA0B0149A932BFFF3F1AFDF3B10 |
SHA-512: | E42B685C4AE8B464E2B312C6C76C4AF4F84FC4EF6372728DD87AA9C15F1E24D1B43F3F804060FB8F66E90FACA1FE7B4DFB9CC252EDFD01C4451FBF2AFDDA030D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.012278419053715 |
Encrypted: | false |
SSDEEP: | 48:8DdEcTkAPAHCidAKZdA14meh7sFiZUkmgqeh7s8y+BX:8icQUfney |
MD5: | 131914C125E4995F2F272CDD7F8DA224 |
SHA1: | 051CCFECE260C7F8C14B95932A412137564699D3 |
SHA-256: | CF21A1D5D8B5861A2ED0173F46D592987667BC480AADEA6A00B8A8A14BCA2BC4 |
SHA-512: | 72E36241228BF7A3D7F122312B004E0FD53A91F38E34C669D50B97C63D0669E7FDDA6F6F62060F88A6BBDD316943AC5B3E80EAF8513BD63B0A429029E9A44912 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 4.002632762429405 |
Encrypted: | false |
SSDEEP: | 48:8pdEcTkAPJwHCidAKZdA1TehDiZUkwqehWy+R:8ocQUJIUy |
MD5: | 371BAC39316D46B70A39EAEA13B8EB45 |
SHA1: | 82C3F63CA1C4367B8ACE1233D164E1B15AD49CC0 |
SHA-256: | 9DD6D7454BDF7957243E221F7BBBE13978685E5079D21F16CD9C6F5BF33800BB |
SHA-512: | 2D5CE2021A8C756D8888C4E74FBA9D9F56475C4AB723F24B6C6C465C0B9202E1AFA28905124400C98409F379DF3F6C10CAEA5931CD095E3E9973816211EC130B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9936653329007368 |
Encrypted: | false |
SSDEEP: | 48:8UdEcTkAPJwHCidAKZdA1dehBiZUk1W1qehYy+C:8TcQUJ494y |
MD5: | DADCE09F9A0E44816504330F6CA9497D |
SHA1: | 39787B2E3109DCF8BA744FB50912CC360A53770B |
SHA-256: | 37D977DA0C5322E85113F3501EA90A7109DCD52D3EFF23783A6B20C099E3A71B |
SHA-512: | 765C5306F25188C304C7D9529B634DBD36CCD8EDE7BA978F352D94A612A98BF4EEFF1B6B7B58752290D94F27FD90E45EC2558CE80E4E81D4EFA76AC5D75A1912 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 4.001452236210071 |
Encrypted: | false |
SSDEEP: | 48:8+rdEcTkAPJwHCidAKZdA1duTeehOuTbbiZUk5OjqehOuTbey+yT+:8hcQUJKTfTbxWOvTbey7T |
MD5: | CBDF71794AF1573E9E38B8514BE38698 |
SHA1: | 7564DFE2DC1516B00A26626910ADCFB7F6C19FB9 |
SHA-256: | DB3F3EB919083429E0C2E34AAF25B9AE82D3BE625B13146583E9F0E893DE4132 |
SHA-512: | CF9B1FACABE9769BC02DB672D3A2DE7866071249FC2E61B0C84F000D6BFB22806B93D359FD58E68A6ECB1BF43818B39E5D987E8B9C9BCCF30CEC7284017BF691 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 271360 |
Entropy (8bit): | 1.3255160254027247 |
Encrypted: | false |
SSDEEP: | 768:wkQc3hzll6Dddp1gTr70rJ86eJGJvFnmBfZ8BUTIZ:xll6pJe6F8fZeNZ |
MD5: | 65FE737EE111B05C7E96EC4F2C9ABE2C |
SHA1: | 60053DB2AC611A410A28D21CEF6205F7E6F6F387 |
SHA-256: | BA560225A75D2EEA29C24EC546750A8F1A83FB66BFF8D582C497CF6174720839 |
SHA-512: | DA842AA1234F54E97DC5BAB5E65375F5D5CCAB46932D69C1913DD5AFBF845AC1A03FD7AF54C672A6573A73D66D0AC6340E2EC03E26FCB8D09E149A3985AF1F15 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 1.2946888130796141 |
Encrypted: | false |
SSDEEP: | 384:lW2HnbYnwfTrix6mpS4MRW7t4Th/GN1FQTr4WjZG0yO4r8WIJWSJ7H1Rmu:XnbYQijClGD2WBf2Jj1 |
MD5: | 9327AABF5E4E4489B500479D23EB87BB |
SHA1: | F0DFC886B5DB1E58FBB1F28C2BB082216CDE8C7B |
SHA-256: | 7A9141709A4CCC57832F6BB53E07F7BC144E4F4845DBA78BF7711242A709083D |
SHA-512: | F00218D2F3F87EF5269071F109B13CCEA90E22E2B7B3BBC5DF5D8AC20246F731F3FCA04C73469387F2F62D6411451B536C0555F1DB1FD9908FF9D88640DA47B2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 4402 |
Entropy (8bit): | 5.087807965783127 |
Encrypted: | false |
SSDEEP: | 96:1j9jwIjYjUDK/D5DMF+BOisaA2ZLimirR49PaQxJbGD:1j9jhjYjIK/Vo+ts+ZOmirO9ieJGD |
MD5: | BD30BC93F0821BB449487A0F81CDC5D1 |
SHA1: | B4AAD02E05DC8CF4B3474C473BC422213EB20542 |
SHA-256: | 6AEA1A75F50567E2AAC642D83B6F52D30AF8F61F157876421073A5FB5A507180 |
SHA-512: | F14BBA743D3E413F35ED9D1B3B1F5D667BCE57D41E399808A69A4EBFDCDC1E577F07A802BFCCE4FA5472A9F0E60856C3548538F6B2177240701D90888C81363F |
Malicious: | false |
URL: | https://qiczox0.ascenseurm8.com/76ikbi1/ |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 344 |
Entropy (8bit): | 5.238996255364972 |
Encrypted: | false |
SSDEEP: | 6:7SKYUe+xfyACXOJxU8sA6WeUNZdL7wonsO2+RM6mm8iXrQKSTTHVb:7S9xqfyAp6V2dLPpRNx8iuTDVb |
MD5: | CB76E73516CC25B826632CBCBCE10581 |
SHA1: | EFD4CAFAC7DF6EA29821120A4C7977DF95D5E66E |
SHA-256: | 20A9328EDD0833F1117462DA2AE54F01F262CA2357B8793D9960A8B3CC346551 |
SHA-512: | 21353F0FB96282EC4654AF677EBE7B4AC40C56C55D94FD6F7FDD578B5D11C161A8055C3B7C89C8E7228998EF5C0FCE899AD97F02D7C41AB9A6C5686CE96C5388 |
Malicious: | false |
URL: | https://lxnk1f.cheapestselfstorageunits.com/?am9oYW5uZXMuYmVya21hbm5AdmlyaWRpdW0tZ3J1cHBlLmNvbQ== |
Preview: |
File type: | |
Entropy (8bit): | 6.072975062818048 |
TrID: |
|
File name: | Your Document-7617432882-8AhEHNmrLR Ready.msg |
File size: | 733'184 bytes |
MD5: | 3e35d43b14c9134c16c4430c7bfb9e9f |
SHA1: | dbfd0b32826f97aa41072f9c6fc9f1cfdc8b0094 |
SHA256: | 7aabd9f19bfcc9b4121ba18351e7ab84a6cb93569a455a50be680da2996c84fe |
SHA512: | 3010af0a768f36775f43bb0051ad2f3320f1845d5da6afb19dad49fd811ecf31d3563466106b2aab4e59c6b2491c613544a2dd5e7b671eb691378bec4b6fc0bc |
SSDEEP: | 12288:PvdGXMdJYJ8+mu+ItYC4ur4mGC9BV/iztJSQ8D366x8GKnUhtrpEw/:NECzfu8mGCbV6pJShD366on+ |
TLSH: | 20F4E13439E61A16F2B7AF3685E780A35D3AFD839D159A5F3085330E0572A11D863B3E |
File Content Preview: | ........................>......................................................._.............................................................................................................................................................................. |
Subject: | Your Document-7617432882-8AhEHNmrLR Ready |
From: | Viridium-gruppe 29525710021-OMAOpYLGQj<shane@christoff.ie> |
To: | johannes.berkmann@viridium-gruppe.com |
Cc: | |
BCC: | |
Date: | Wed, 02 Oct 2024 18:49:31 +0200 |
Communications: |
|
Attachments: |
|
Key | Value |
---|---|
Received | from masopa.internal.cloudapp.net ([52.235.1.214]) |
FRYP281MB2057.DEUP281.PROD.OUTLOOK.COM with HTTPS; Wed, 2 Oct 2024 16 | 52:06 |
by BEZP281MB2833.DEUP281.PROD.OUTLOOK.COM (2603 | 10a6:b10:70::14) with |
2024 16 | 49:31 +0000 |
(2603 | 10a6:d10:95::19) with Microsoft SMTP Server (version=TLS1_2, |
Transport; Wed, 2 Oct 2024 16 | 49:31 +0000 |
Authentication-Results | spf=softfail (sender IP is 51.138.105.201) |
Received-SPF | Pass (protection.outlook.com: domain of christoff.ie designates |
via Frontend Transport; Wed, 2 Oct 2024 16 | 49:31 +0000 |
for <johannes.berkmann@viridium-gruppe.com>; Wed, 2 Oct 2024 18 | 52:00 +0200 (CEST) |
ARC-Authentication-Results | i=1; seg-azure-cl01-node02.de.cancom-mase.com; |
ARC-Message-Signature | i=1; a=rsa-sha256; c=relaxed/relaxed; d= |
viridium-gruppe.com; h=content-transfer-encoding | subject:from:to |
content-language:user-agent:mime-version:date:message-id; s=vg; | |
ARC-Seal | i=1; a=rsa-sha256; cv=none; d=viridium-gruppe.com; s=vg; t= |
Authentication-Results-Original | spf=pass (sender IP is 185.129.138.163) |
by BE1P281MB2983.DEUP281.PROD.OUTLOOK.COM (2603 | 10a6:b10:60::11) with |
id w2XXs8ZA4eqGtw2XYscaZW; Wed, 02 Oct 2024 18 | 49:30 +0200 |
Content-Type | multipart/related; boundary="===============5122796029428905569==" |
MIME-Version | 1.0 |
Subject | Your Document-7617432882-8AhEHNmrLR Ready |
From | Viridium-gruppe 29525710021-OMAOpYLGQj<shane@christoff.ie> |
Sender | shane@christoff.ie |
To | johannes.berkmann@viridium-gruppe.com |
X-Priority | 1 |
X-CMAE-Envelope | MS4xfNQs2lF+lLhRJ4tPbNH+DrHLeSpnHhHu4RjdWwsSfgK8Go33YbqK2wcQt3LwxsnU2HIJ4gAnWWdjxtMjfo3Bla/SZdD00Pcz7mWnwDlDryp1JWbXHp0E |
Message-ID | <23b94bc8-3bfb-481a-8da8-ff6faec9845f@FR3PEPF00000487.DEUP281.PROD.OUTLOOK.COM> |
Date | Wed, 2 Oct 2024 16:49:31 +0000 |
X-EOPAttributedMessage | 1 |
X-MS-TrafficTypeDiagnostic | FR3PEPF00000487:EE_|BE1P281MB2983:EE_|BE1PEPF0000056C:EE_|BEZP281MB2833:EE_|FRYP281MB2057:EE_ |
X-MS-Office365-Filtering-Correlation-Id | 352dd995-a05b-4f06-c4cf-08dce3028a41 |
X-MS-Exchange-AtpMessageProperties | SA|SL |
X-Microsoft-Antispam-Untrusted | BCL:0;ARA:13230040|2613699012|38000299018|43540500003; |
X-Microsoft-Antispam-Message-Info-Original | =?us-ascii?Q?4/czSHEiWiasKdqQSOp/mCKWjkVkB8wA0X4F/Br+/E4sAqsqRD88nk3FyS+s?= |
X-Forefront-Antispam-Report-Untrusted | CIP:185.129.138.163;CTRY:CZ;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:h4.cmg1.smtp.forpsi.com;PTR:h4.cmg1.smtp.forpsi.com;CAT:NONE;SFTY:9.25;SFS:(13230040)(2613699012)(38000299018)(43540500003);DIR:INB;SFTY:9.25; |
X-MS-Exchange-Transport-CrossTenantHeadersStamped | BEZP281MB2833 |
X-OrganizationHeadersPreserved | BE1P281MB2983.DEUP281.PROD.OUTLOOK.COM |
X-SM-incoming | yes |
Return-Path | shane@christoff.ie |
X-MS-Exchange-Organization-ExpirationStartTime | 02 Oct 2024 16:52:02.8773 |
X-MS-Exchange-Organization-ExpirationStartTimeReason | OriginalSubmit |
X-MS-Exchange-Organization-ExpirationInterval | 1:00:00:00.0000000 |
X-MS-Exchange-Organization-ExpirationIntervalReason | OriginalSubmit |
X-MS-Exchange-Organization-Network-Message-Id | 352dd995-a05b-4f06-c4cf-08dce3028a41 |
X-MS-Exchange-Organization-MessageDirectionality | Originating |
X-MS-Exchange-Organization-SCL | 1 |
X-CrossPremisesHeadersPromoted | BE1PEPF0000056C.DEUP281.PROD.OUTLOOK.COM |
X-CrossPremisesHeadersFiltered | BE1PEPF0000056C.DEUP281.PROD.OUTLOOK.COM |
X-MS-Exchange-Transport-CrossTenantHeadersStripped | BE1PEPF0000056C.DEUP281.PROD.OUTLOOK.COM |
X-MS-PublicTrafficType | |
X-MS-Exchange-Organization-AuthSource | FR3PEPF00000487.DEUP281.PROD.OUTLOOK.COM |
X-MS-Exchange-Organization-AuthAs | Anonymous |
X-OriginatorOrg | viridium-gruppe.com |
X-MS-Office365-Filtering-Correlation-Id-Prvs | 1b4c61e3-47c8-44f5-95d4-08dce3022fd2 |
X-Microsoft-Antispam | BCL:0;ARA:13230040|35042699022|82310400026|2613699012|43540500003; |
X-Forefront-Antispam-Report | CIP:51.138.105.201;CTRY:NL;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:seg-azure-cl01-node02.de.cancom-mase.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(35042699022)(82310400026)(2613699012)(43540500003);DIR:INB; |
X-MS-Exchange-CrossTenant-OriginalArrivalTime | 02 Oct 2024 16:52:02.6586 |
X-MS-Exchange-CrossTenant-Network-Message-Id | 352dd995-a05b-4f06-c4cf-08dce3028a41 |
X-MS-Exchange-CrossTenant-Id | 7262225e-f96d-41a8-b3c6-739c32b1a9c9 |
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp | TenantId=7262225e-f96d-41a8-b3c6-739c32b1a9c9;Ip=[51.138.105.201];Helo=[seg-azure-cl01-node02.de.cancom-mase.com] |
X-MS-Exchange-CrossTenant-AuthSource | FR3PEPF00000487.DEUP281.PROD.OUTLOOK.COM |
X-MS-Exchange-CrossTenant-AuthAs | Anonymous |
X-MS-Exchange-CrossTenant-FromEntityHeader | HybridOnPrem |
X-MS-Exchange-Transport-EndToEndLatency | 00:00:03.7519371 |
X-MS-Exchange-Processed-By-BccFoldering | 15.20.8026.016 |
X-Microsoft-Antispam-Mailbox-Delivery | ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198); |
X-Microsoft-Antispam-Message-Info | =?us-ascii?Q?2eXLz1HqWy/dWxoKUSzvdJ0PtXdQhqxf2YdWmzi7ZsOh+hVC5pYTnlxIjdBy?= |
date | Wed, 02 Oct 2024 18:49:31 +0200 |
Icon Hash: | c4e1928eacb280a2 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 4, 2024 09:56:03.125693083 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Oct 4, 2024 09:56:03.429296017 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Oct 4, 2024 09:56:04.036269903 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Oct 4, 2024 09:56:05.245284081 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Oct 4, 2024 09:56:06.761801004 CEST | 49689 | 80 | 192.168.2.16 | 192.229.211.108 |
Oct 4, 2024 09:56:07.650372982 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Oct 4, 2024 09:56:09.563865900 CEST | 49705 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 09:56:09.563919067 CEST | 443 | 49705 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 09:56:09.564001083 CEST | 49705 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 09:56:09.565773010 CEST | 49705 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 09:56:09.565783978 CEST | 443 | 49705 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 09:56:10.228245974 CEST | 443 | 49705 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 09:56:10.228395939 CEST | 49705 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 09:56:10.230752945 CEST | 49705 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 09:56:10.230772972 CEST | 443 | 49705 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 09:56:10.231539965 CEST | 443 | 49705 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 09:56:10.272628069 CEST | 49705 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 09:56:10.315407038 CEST | 443 | 49705 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 09:56:10.495898008 CEST | 443 | 49705 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 09:56:10.496051073 CEST | 443 | 49705 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 09:56:10.496114969 CEST | 49705 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 09:56:10.498141050 CEST | 49705 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 09:56:10.498168945 CEST | 443 | 49705 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 09:56:10.498183012 CEST | 49705 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 09:56:10.498188972 CEST | 443 | 49705 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 09:56:10.543791056 CEST | 49707 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 09:56:10.543838978 CEST | 443 | 49707 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 09:56:10.543910980 CEST | 49707 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 09:56:10.544318914 CEST | 49707 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 09:56:10.544332981 CEST | 443 | 49707 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 09:56:11.194803953 CEST | 443 | 49707 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 09:56:11.194880009 CEST | 49707 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 09:56:11.196490049 CEST | 49707 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 09:56:11.196510077 CEST | 443 | 49707 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 09:56:11.197468996 CEST | 443 | 49707 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 09:56:11.198714018 CEST | 49707 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 09:56:11.243407011 CEST | 443 | 49707 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 09:56:11.292083025 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Oct 4, 2024 09:56:11.475910902 CEST | 443 | 49707 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 09:56:11.475991011 CEST | 443 | 49707 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 09:56:11.476037979 CEST | 49707 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 09:56:11.476861000 CEST | 49707 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 09:56:11.476861000 CEST | 49707 | 443 | 192.168.2.16 | 184.28.90.27 |
Oct 4, 2024 09:56:11.476890087 CEST | 443 | 49707 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 09:56:11.476900101 CEST | 443 | 49707 | 184.28.90.27 | 192.168.2.16 |
Oct 4, 2024 09:56:11.592314005 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Oct 4, 2024 09:56:12.206360102 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Oct 4, 2024 09:56:12.457257032 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Oct 4, 2024 09:56:13.129328012 CEST | 49709 | 443 | 192.168.2.16 | 4.175.87.197 |
Oct 4, 2024 09:56:13.129415035 CEST | 443 | 49709 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:13.129590034 CEST | 49709 | 443 | 192.168.2.16 | 4.175.87.197 |
Oct 4, 2024 09:56:13.133207083 CEST | 49709 | 443 | 192.168.2.16 | 4.175.87.197 |
Oct 4, 2024 09:56:13.133235931 CEST | 443 | 49709 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:13.407284021 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Oct 4, 2024 09:56:13.948357105 CEST | 443 | 49709 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:13.948445082 CEST | 49709 | 443 | 192.168.2.16 | 4.175.87.197 |
Oct 4, 2024 09:56:13.954046011 CEST | 49709 | 443 | 192.168.2.16 | 4.175.87.197 |
Oct 4, 2024 09:56:13.954077959 CEST | 443 | 49709 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:13.954452038 CEST | 443 | 49709 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:13.995351076 CEST | 49709 | 443 | 192.168.2.16 | 4.175.87.197 |
Oct 4, 2024 09:56:14.031996965 CEST | 49709 | 443 | 192.168.2.16 | 4.175.87.197 |
Oct 4, 2024 09:56:14.079401970 CEST | 443 | 49709 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:14.297741890 CEST | 443 | 49709 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:14.297766924 CEST | 443 | 49709 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:14.297775984 CEST | 443 | 49709 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:14.297785044 CEST | 443 | 49709 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:14.297823906 CEST | 443 | 49709 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:14.297941923 CEST | 49709 | 443 | 192.168.2.16 | 4.175.87.197 |
Oct 4, 2024 09:56:14.297941923 CEST | 49709 | 443 | 192.168.2.16 | 4.175.87.197 |
Oct 4, 2024 09:56:14.297981977 CEST | 443 | 49709 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:14.298044920 CEST | 49709 | 443 | 192.168.2.16 | 4.175.87.197 |
Oct 4, 2024 09:56:14.299091101 CEST | 443 | 49709 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:14.299160004 CEST | 49709 | 443 | 192.168.2.16 | 4.175.87.197 |
Oct 4, 2024 09:56:14.299175978 CEST | 443 | 49709 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:14.299271107 CEST | 443 | 49709 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:14.299320936 CEST | 49709 | 443 | 192.168.2.16 | 4.175.87.197 |
Oct 4, 2024 09:56:14.309490919 CEST | 49709 | 443 | 192.168.2.16 | 4.175.87.197 |
Oct 4, 2024 09:56:14.309531927 CEST | 443 | 49709 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:14.309557915 CEST | 49709 | 443 | 192.168.2.16 | 4.175.87.197 |
Oct 4, 2024 09:56:14.309571981 CEST | 443 | 49709 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:14.503241062 CEST | 49710 | 443 | 192.168.2.16 | 20.190.160.22 |
Oct 4, 2024 09:56:14.503273010 CEST | 443 | 49710 | 20.190.160.22 | 192.168.2.16 |
Oct 4, 2024 09:56:14.503350019 CEST | 49710 | 443 | 192.168.2.16 | 20.190.160.22 |
Oct 4, 2024 09:56:14.503561020 CEST | 49710 | 443 | 192.168.2.16 | 20.190.160.22 |
Oct 4, 2024 09:56:14.503573895 CEST | 443 | 49710 | 20.190.160.22 | 192.168.2.16 |
Oct 4, 2024 09:56:15.429335117 CEST | 443 | 49710 | 20.190.160.22 | 192.168.2.16 |
Oct 4, 2024 09:56:15.430335999 CEST | 49710 | 443 | 192.168.2.16 | 20.190.160.22 |
Oct 4, 2024 09:56:15.472733974 CEST | 49710 | 443 | 192.168.2.16 | 20.190.160.22 |
Oct 4, 2024 09:56:15.472747087 CEST | 443 | 49710 | 20.190.160.22 | 192.168.2.16 |
Oct 4, 2024 09:56:15.472975969 CEST | 443 | 49710 | 20.190.160.22 | 192.168.2.16 |
Oct 4, 2024 09:56:15.473601103 CEST | 49710 | 443 | 192.168.2.16 | 20.190.160.22 |
Oct 4, 2024 09:56:15.473624945 CEST | 49710 | 443 | 192.168.2.16 | 20.190.160.22 |
Oct 4, 2024 09:56:15.473661900 CEST | 443 | 49710 | 20.190.160.22 | 192.168.2.16 |
Oct 4, 2024 09:56:15.761535883 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Oct 4, 2024 09:56:15.808290005 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Oct 4, 2024 09:56:15.865825891 CEST | 443 | 49710 | 20.190.160.22 | 192.168.2.16 |
Oct 4, 2024 09:56:15.865850925 CEST | 443 | 49710 | 20.190.160.22 | 192.168.2.16 |
Oct 4, 2024 09:56:15.865894079 CEST | 443 | 49710 | 20.190.160.22 | 192.168.2.16 |
Oct 4, 2024 09:56:15.865907907 CEST | 443 | 49710 | 20.190.160.22 | 192.168.2.16 |
Oct 4, 2024 09:56:15.865921974 CEST | 49710 | 443 | 192.168.2.16 | 20.190.160.22 |
Oct 4, 2024 09:56:15.865962029 CEST | 49710 | 443 | 192.168.2.16 | 20.190.160.22 |
Oct 4, 2024 09:56:15.865962029 CEST | 49710 | 443 | 192.168.2.16 | 20.190.160.22 |
Oct 4, 2024 09:56:15.866153955 CEST | 49710 | 443 | 192.168.2.16 | 20.190.160.22 |
Oct 4, 2024 09:56:15.866153955 CEST | 49710 | 443 | 192.168.2.16 | 20.190.160.22 |
Oct 4, 2024 09:56:15.866167068 CEST | 443 | 49710 | 20.190.160.22 | 192.168.2.16 |
Oct 4, 2024 09:56:15.866174936 CEST | 443 | 49710 | 20.190.160.22 | 192.168.2.16 |
Oct 4, 2024 09:56:16.063273907 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Oct 4, 2024 09:56:16.667279959 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Oct 4, 2024 09:56:17.878829956 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Oct 4, 2024 09:56:20.292692900 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Oct 4, 2024 09:56:20.611267090 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Oct 4, 2024 09:56:22.064289093 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Oct 4, 2024 09:56:25.093332052 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Oct 4, 2024 09:56:30.226286888 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Oct 4, 2024 09:56:31.575299025 CEST | 49718 | 443 | 192.168.2.16 | 72.167.142.137 |
Oct 4, 2024 09:56:31.575355053 CEST | 443 | 49718 | 72.167.142.137 | 192.168.2.16 |
Oct 4, 2024 09:56:31.575433969 CEST | 49718 | 443 | 192.168.2.16 | 72.167.142.137 |
Oct 4, 2024 09:56:31.575618982 CEST | 49718 | 443 | 192.168.2.16 | 72.167.142.137 |
Oct 4, 2024 09:56:31.575644970 CEST | 443 | 49718 | 72.167.142.137 | 192.168.2.16 |
Oct 4, 2024 09:56:32.176650047 CEST | 443 | 49718 | 72.167.142.137 | 192.168.2.16 |
Oct 4, 2024 09:56:32.176979065 CEST | 49718 | 443 | 192.168.2.16 | 72.167.142.137 |
Oct 4, 2024 09:56:32.177010059 CEST | 443 | 49718 | 72.167.142.137 | 192.168.2.16 |
Oct 4, 2024 09:56:32.178445101 CEST | 443 | 49718 | 72.167.142.137 | 192.168.2.16 |
Oct 4, 2024 09:56:32.178528070 CEST | 49718 | 443 | 192.168.2.16 | 72.167.142.137 |
Oct 4, 2024 09:56:32.179672956 CEST | 49718 | 443 | 192.168.2.16 | 72.167.142.137 |
Oct 4, 2024 09:56:32.179783106 CEST | 443 | 49718 | 72.167.142.137 | 192.168.2.16 |
Oct 4, 2024 09:56:32.179852009 CEST | 49718 | 443 | 192.168.2.16 | 72.167.142.137 |
Oct 4, 2024 09:56:32.179866076 CEST | 443 | 49718 | 72.167.142.137 | 192.168.2.16 |
Oct 4, 2024 09:56:32.221268892 CEST | 49718 | 443 | 192.168.2.16 | 72.167.142.137 |
Oct 4, 2024 09:56:32.384973049 CEST | 443 | 49718 | 72.167.142.137 | 192.168.2.16 |
Oct 4, 2024 09:56:32.385154009 CEST | 443 | 49718 | 72.167.142.137 | 192.168.2.16 |
Oct 4, 2024 09:56:32.385210991 CEST | 49718 | 443 | 192.168.2.16 | 72.167.142.137 |
Oct 4, 2024 09:56:32.388874054 CEST | 49718 | 443 | 192.168.2.16 | 72.167.142.137 |
Oct 4, 2024 09:56:32.388902903 CEST | 443 | 49718 | 72.167.142.137 | 192.168.2.16 |
Oct 4, 2024 09:56:32.706212997 CEST | 49719 | 443 | 192.168.2.16 | 172.67.185.52 |
Oct 4, 2024 09:56:32.706264019 CEST | 443 | 49719 | 172.67.185.52 | 192.168.2.16 |
Oct 4, 2024 09:56:32.706335068 CEST | 49719 | 443 | 192.168.2.16 | 172.67.185.52 |
Oct 4, 2024 09:56:32.706634045 CEST | 49719 | 443 | 192.168.2.16 | 172.67.185.52 |
Oct 4, 2024 09:56:32.706650019 CEST | 443 | 49719 | 172.67.185.52 | 192.168.2.16 |
Oct 4, 2024 09:56:32.868319988 CEST | 49720 | 443 | 192.168.2.16 | 172.217.16.196 |
Oct 4, 2024 09:56:32.868366957 CEST | 443 | 49720 | 172.217.16.196 | 192.168.2.16 |
Oct 4, 2024 09:56:32.868453979 CEST | 49720 | 443 | 192.168.2.16 | 172.217.16.196 |
Oct 4, 2024 09:56:32.868664026 CEST | 49720 | 443 | 192.168.2.16 | 172.217.16.196 |
Oct 4, 2024 09:56:32.868670940 CEST | 443 | 49720 | 172.217.16.196 | 192.168.2.16 |
Oct 4, 2024 09:56:33.195888996 CEST | 443 | 49719 | 172.67.185.52 | 192.168.2.16 |
Oct 4, 2024 09:56:33.196182966 CEST | 49719 | 443 | 192.168.2.16 | 172.67.185.52 |
Oct 4, 2024 09:56:33.196212053 CEST | 443 | 49719 | 172.67.185.52 | 192.168.2.16 |
Oct 4, 2024 09:56:33.197834969 CEST | 443 | 49719 | 172.67.185.52 | 192.168.2.16 |
Oct 4, 2024 09:56:33.197926998 CEST | 49719 | 443 | 192.168.2.16 | 172.67.185.52 |
Oct 4, 2024 09:56:33.199063063 CEST | 49719 | 443 | 192.168.2.16 | 172.67.185.52 |
Oct 4, 2024 09:56:33.199091911 CEST | 49719 | 443 | 192.168.2.16 | 172.67.185.52 |
Oct 4, 2024 09:56:33.199166059 CEST | 49719 | 443 | 192.168.2.16 | 172.67.185.52 |
Oct 4, 2024 09:56:33.199300051 CEST | 443 | 49719 | 172.67.185.52 | 192.168.2.16 |
Oct 4, 2024 09:56:33.199373007 CEST | 49719 | 443 | 192.168.2.16 | 172.67.185.52 |
Oct 4, 2024 09:56:33.199480057 CEST | 49721 | 443 | 192.168.2.16 | 172.67.185.52 |
Oct 4, 2024 09:56:33.199520111 CEST | 443 | 49721 | 172.67.185.52 | 192.168.2.16 |
Oct 4, 2024 09:56:33.199594975 CEST | 49721 | 443 | 192.168.2.16 | 172.67.185.52 |
Oct 4, 2024 09:56:33.199788094 CEST | 49721 | 443 | 192.168.2.16 | 172.67.185.52 |
Oct 4, 2024 09:56:33.199803114 CEST | 443 | 49721 | 172.67.185.52 | 192.168.2.16 |
Oct 4, 2024 09:56:33.515786886 CEST | 443 | 49720 | 172.217.16.196 | 192.168.2.16 |
Oct 4, 2024 09:56:33.516087055 CEST | 49720 | 443 | 192.168.2.16 | 172.217.16.196 |
Oct 4, 2024 09:56:33.516148090 CEST | 443 | 49720 | 172.217.16.196 | 192.168.2.16 |
Oct 4, 2024 09:56:33.517173052 CEST | 443 | 49720 | 172.217.16.196 | 192.168.2.16 |
Oct 4, 2024 09:56:33.517283916 CEST | 49720 | 443 | 192.168.2.16 | 172.217.16.196 |
Oct 4, 2024 09:56:33.518170118 CEST | 49720 | 443 | 192.168.2.16 | 172.217.16.196 |
Oct 4, 2024 09:56:33.518240929 CEST | 443 | 49720 | 172.217.16.196 | 192.168.2.16 |
Oct 4, 2024 09:56:33.571297884 CEST | 49720 | 443 | 192.168.2.16 | 172.217.16.196 |
Oct 4, 2024 09:56:33.571325064 CEST | 443 | 49720 | 172.217.16.196 | 192.168.2.16 |
Oct 4, 2024 09:56:33.618292093 CEST | 49720 | 443 | 192.168.2.16 | 172.217.16.196 |
Oct 4, 2024 09:56:33.663577080 CEST | 443 | 49721 | 172.67.185.52 | 192.168.2.16 |
Oct 4, 2024 09:56:33.663860083 CEST | 49721 | 443 | 192.168.2.16 | 172.67.185.52 |
Oct 4, 2024 09:56:33.663877964 CEST | 443 | 49721 | 172.67.185.52 | 192.168.2.16 |
Oct 4, 2024 09:56:33.665302992 CEST | 443 | 49721 | 172.67.185.52 | 192.168.2.16 |
Oct 4, 2024 09:56:33.665366888 CEST | 49721 | 443 | 192.168.2.16 | 172.67.185.52 |
Oct 4, 2024 09:56:33.666488886 CEST | 49721 | 443 | 192.168.2.16 | 172.67.185.52 |
Oct 4, 2024 09:56:33.666580915 CEST | 443 | 49721 | 172.67.185.52 | 192.168.2.16 |
Oct 4, 2024 09:56:33.666699886 CEST | 49721 | 443 | 192.168.2.16 | 172.67.185.52 |
Oct 4, 2024 09:56:33.666709900 CEST | 443 | 49721 | 172.67.185.52 | 192.168.2.16 |
Oct 4, 2024 09:56:33.713298082 CEST | 49721 | 443 | 192.168.2.16 | 172.67.185.52 |
Oct 4, 2024 09:56:33.802611113 CEST | 443 | 49721 | 172.67.185.52 | 192.168.2.16 |
Oct 4, 2024 09:56:33.802679062 CEST | 443 | 49721 | 172.67.185.52 | 192.168.2.16 |
Oct 4, 2024 09:56:33.802721024 CEST | 443 | 49721 | 172.67.185.52 | 192.168.2.16 |
Oct 4, 2024 09:56:33.802728891 CEST | 49721 | 443 | 192.168.2.16 | 172.67.185.52 |
Oct 4, 2024 09:56:33.802740097 CEST | 443 | 49721 | 172.67.185.52 | 192.168.2.16 |
Oct 4, 2024 09:56:33.802788973 CEST | 49721 | 443 | 192.168.2.16 | 172.67.185.52 |
Oct 4, 2024 09:56:33.802795887 CEST | 443 | 49721 | 172.67.185.52 | 192.168.2.16 |
Oct 4, 2024 09:56:33.802861929 CEST | 443 | 49721 | 172.67.185.52 | 192.168.2.16 |
Oct 4, 2024 09:56:33.802911997 CEST | 49721 | 443 | 192.168.2.16 | 172.67.185.52 |
Oct 4, 2024 09:56:33.804049969 CEST | 49721 | 443 | 192.168.2.16 | 172.67.185.52 |
Oct 4, 2024 09:56:33.804066896 CEST | 443 | 49721 | 172.67.185.52 | 192.168.2.16 |
Oct 4, 2024 09:56:34.696254015 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Oct 4, 2024 09:56:43.446832895 CEST | 443 | 49720 | 172.217.16.196 | 192.168.2.16 |
Oct 4, 2024 09:56:43.446912050 CEST | 443 | 49720 | 172.217.16.196 | 192.168.2.16 |
Oct 4, 2024 09:56:43.447016001 CEST | 49720 | 443 | 192.168.2.16 | 172.217.16.196 |
Oct 4, 2024 09:56:44.322712898 CEST | 49720 | 443 | 192.168.2.16 | 172.217.16.196 |
Oct 4, 2024 09:56:44.322788000 CEST | 443 | 49720 | 172.217.16.196 | 192.168.2.16 |
Oct 4, 2024 09:56:50.775476933 CEST | 49722 | 443 | 192.168.2.16 | 4.175.87.197 |
Oct 4, 2024 09:56:50.775532961 CEST | 443 | 49722 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:50.775657892 CEST | 49722 | 443 | 192.168.2.16 | 4.175.87.197 |
Oct 4, 2024 09:56:50.776047945 CEST | 49722 | 443 | 192.168.2.16 | 4.175.87.197 |
Oct 4, 2024 09:56:50.776062012 CEST | 443 | 49722 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:51.433418036 CEST | 49696 | 80 | 192.168.2.16 | 93.184.221.240 |
Oct 4, 2024 09:56:51.433459997 CEST | 49697 | 80 | 192.168.2.16 | 93.184.221.240 |
Oct 4, 2024 09:56:51.439310074 CEST | 80 | 49696 | 93.184.221.240 | 192.168.2.16 |
Oct 4, 2024 09:56:51.439426899 CEST | 49696 | 80 | 192.168.2.16 | 93.184.221.240 |
Oct 4, 2024 09:56:51.439466953 CEST | 80 | 49697 | 93.184.221.240 | 192.168.2.16 |
Oct 4, 2024 09:56:51.439521074 CEST | 49697 | 80 | 192.168.2.16 | 93.184.221.240 |
Oct 4, 2024 09:56:51.592643023 CEST | 443 | 49722 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:51.592741966 CEST | 49722 | 443 | 192.168.2.16 | 4.175.87.197 |
Oct 4, 2024 09:56:51.594124079 CEST | 49722 | 443 | 192.168.2.16 | 4.175.87.197 |
Oct 4, 2024 09:56:51.594152927 CEST | 443 | 49722 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:51.594655991 CEST | 443 | 49722 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:51.595969915 CEST | 49722 | 443 | 192.168.2.16 | 4.175.87.197 |
Oct 4, 2024 09:56:51.643404007 CEST | 443 | 49722 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:51.926549911 CEST | 443 | 49722 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:51.926610947 CEST | 443 | 49722 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:51.926662922 CEST | 443 | 49722 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:51.926687002 CEST | 49722 | 443 | 192.168.2.16 | 4.175.87.197 |
Oct 4, 2024 09:56:51.926737070 CEST | 443 | 49722 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:51.926768064 CEST | 49722 | 443 | 192.168.2.16 | 4.175.87.197 |
Oct 4, 2024 09:56:51.926789999 CEST | 49722 | 443 | 192.168.2.16 | 4.175.87.197 |
Oct 4, 2024 09:56:51.927470922 CEST | 443 | 49722 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:51.927535057 CEST | 443 | 49722 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:51.927560091 CEST | 49722 | 443 | 192.168.2.16 | 4.175.87.197 |
Oct 4, 2024 09:56:51.927576065 CEST | 443 | 49722 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:51.927602053 CEST | 49722 | 443 | 192.168.2.16 | 4.175.87.197 |
Oct 4, 2024 09:56:51.927691936 CEST | 443 | 49722 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:51.927750111 CEST | 49722 | 443 | 192.168.2.16 | 4.175.87.197 |
Oct 4, 2024 09:56:51.929472923 CEST | 49722 | 443 | 192.168.2.16 | 4.175.87.197 |
Oct 4, 2024 09:56:51.929506063 CEST | 443 | 49722 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:56:51.929529905 CEST | 49722 | 443 | 192.168.2.16 | 4.175.87.197 |
Oct 4, 2024 09:56:51.929543972 CEST | 443 | 49722 | 4.175.87.197 | 192.168.2.16 |
Oct 4, 2024 09:57:32.912455082 CEST | 49724 | 443 | 192.168.2.16 | 172.217.16.196 |
Oct 4, 2024 09:57:32.912507057 CEST | 443 | 49724 | 172.217.16.196 | 192.168.2.16 |
Oct 4, 2024 09:57:32.912606955 CEST | 49724 | 443 | 192.168.2.16 | 172.217.16.196 |
Oct 4, 2024 09:57:32.912925005 CEST | 49724 | 443 | 192.168.2.16 | 172.217.16.196 |
Oct 4, 2024 09:57:32.912941933 CEST | 443 | 49724 | 172.217.16.196 | 192.168.2.16 |
Oct 4, 2024 09:57:33.561042070 CEST | 443 | 49724 | 172.217.16.196 | 192.168.2.16 |
Oct 4, 2024 09:57:33.561425924 CEST | 49724 | 443 | 192.168.2.16 | 172.217.16.196 |
Oct 4, 2024 09:57:33.561450958 CEST | 443 | 49724 | 172.217.16.196 | 192.168.2.16 |
Oct 4, 2024 09:57:33.562525988 CEST | 443 | 49724 | 172.217.16.196 | 192.168.2.16 |
Oct 4, 2024 09:57:33.562823057 CEST | 49724 | 443 | 192.168.2.16 | 172.217.16.196 |
Oct 4, 2024 09:57:33.563000917 CEST | 443 | 49724 | 172.217.16.196 | 192.168.2.16 |
Oct 4, 2024 09:57:33.614290953 CEST | 49724 | 443 | 192.168.2.16 | 172.217.16.196 |
Oct 4, 2024 09:57:41.661663055 CEST | 49699 | 80 | 192.168.2.16 | 192.229.221.95 |
Oct 4, 2024 09:57:41.667172909 CEST | 80 | 49699 | 192.229.221.95 | 192.168.2.16 |
Oct 4, 2024 09:57:41.667263031 CEST | 49699 | 80 | 192.168.2.16 | 192.229.221.95 |
Oct 4, 2024 09:57:43.455663919 CEST | 443 | 49724 | 172.217.16.196 | 192.168.2.16 |
Oct 4, 2024 09:57:43.455837011 CEST | 443 | 49724 | 172.217.16.196 | 192.168.2.16 |
Oct 4, 2024 09:57:43.456111908 CEST | 49724 | 443 | 192.168.2.16 | 172.217.16.196 |
Oct 4, 2024 09:57:44.313072920 CEST | 49724 | 443 | 192.168.2.16 | 172.217.16.196 |
Oct 4, 2024 09:57:44.313102961 CEST | 443 | 49724 | 172.217.16.196 | 192.168.2.16 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 4, 2024 09:56:27.995440006 CEST | 53 | 57548 | 1.1.1.1 | 192.168.2.16 |
Oct 4, 2024 09:56:28.041654110 CEST | 53 | 50398 | 1.1.1.1 | 192.168.2.16 |
Oct 4, 2024 09:56:29.030080080 CEST | 53 | 52758 | 1.1.1.1 | 192.168.2.16 |
Oct 4, 2024 09:56:31.402376890 CEST | 58171 | 53 | 192.168.2.16 | 1.1.1.1 |
Oct 4, 2024 09:56:31.402638912 CEST | 61165 | 53 | 192.168.2.16 | 1.1.1.1 |
Oct 4, 2024 09:56:31.574605942 CEST | 53 | 61165 | 1.1.1.1 | 192.168.2.16 |
Oct 4, 2024 09:56:31.574805975 CEST | 53 | 58171 | 1.1.1.1 | 192.168.2.16 |
Oct 4, 2024 09:56:32.521962881 CEST | 49740 | 53 | 192.168.2.16 | 1.1.1.1 |
Oct 4, 2024 09:56:32.523755074 CEST | 60536 | 53 | 192.168.2.16 | 1.1.1.1 |
Oct 4, 2024 09:56:32.540558100 CEST | 53 | 60536 | 1.1.1.1 | 192.168.2.16 |
Oct 4, 2024 09:56:32.705671072 CEST | 53 | 49740 | 1.1.1.1 | 192.168.2.16 |
Oct 4, 2024 09:56:32.855618000 CEST | 52830 | 53 | 192.168.2.16 | 1.1.1.1 |
Oct 4, 2024 09:56:32.855755091 CEST | 57438 | 53 | 192.168.2.16 | 1.1.1.1 |
Oct 4, 2024 09:56:32.867229939 CEST | 53 | 52830 | 1.1.1.1 | 192.168.2.16 |
Oct 4, 2024 09:56:32.867250919 CEST | 53 | 57438 | 1.1.1.1 | 192.168.2.16 |
Oct 4, 2024 09:56:45.968354940 CEST | 53 | 53450 | 1.1.1.1 | 192.168.2.16 |
Oct 4, 2024 09:57:04.878071070 CEST | 53 | 63837 | 1.1.1.1 | 192.168.2.16 |
Oct 4, 2024 09:57:07.457130909 CEST | 138 | 138 | 192.168.2.16 | 192.168.2.255 |
Oct 4, 2024 09:57:27.694781065 CEST | 53 | 60182 | 1.1.1.1 | 192.168.2.16 |
Oct 4, 2024 09:57:28.017959118 CEST | 53 | 61995 | 1.1.1.1 | 192.168.2.16 |
Oct 4, 2024 09:57:56.023503065 CEST | 53 | 59499 | 1.1.1.1 | 192.168.2.16 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 4, 2024 09:56:31.402376890 CEST | 192.168.2.16 | 1.1.1.1 | 0x7fc | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 4, 2024 09:56:31.402638912 CEST | 192.168.2.16 | 1.1.1.1 | 0xf387 | Standard query (0) | 65 | IN (0x0001) | false | |
Oct 4, 2024 09:56:32.521962881 CEST | 192.168.2.16 | 1.1.1.1 | 0x3743 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 4, 2024 09:56:32.523755074 CEST | 192.168.2.16 | 1.1.1.1 | 0xe8a4 | Standard query (0) | 65 | IN (0x0001) | false | |
Oct 4, 2024 09:56:32.855618000 CEST | 192.168.2.16 | 1.1.1.1 | 0x7e59 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 4, 2024 09:56:32.855755091 CEST | 192.168.2.16 | 1.1.1.1 | 0x75b | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 4, 2024 09:56:31.574805975 CEST | 1.1.1.1 | 192.168.2.16 | 0x7fc | No error (0) | 72.167.142.137 | A (IP address) | IN (0x0001) | false | ||
Oct 4, 2024 09:56:32.540558100 CEST | 1.1.1.1 | 192.168.2.16 | 0xe8a4 | No error (0) | 65 | IN (0x0001) | false | |||
Oct 4, 2024 09:56:32.705671072 CEST | 1.1.1.1 | 192.168.2.16 | 0x3743 | No error (0) | 172.67.185.52 | A (IP address) | IN (0x0001) | false | ||
Oct 4, 2024 09:56:32.705671072 CEST | 1.1.1.1 | 192.168.2.16 | 0x3743 | No error (0) | 104.21.19.42 | A (IP address) | IN (0x0001) | false | ||
Oct 4, 2024 09:56:32.867229939 CEST | 1.1.1.1 | 192.168.2.16 | 0x7e59 | No error (0) | 172.217.16.196 | A (IP address) | IN (0x0001) | false | ||
Oct 4, 2024 09:56:32.867250919 CEST | 1.1.1.1 | 192.168.2.16 | 0x75b | No error (0) | 65 | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.16 | 49705 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-04 07:56:10 UTC | 161 | OUT | |
2024-10-04 07:56:10 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.16 | 49707 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-04 07:56:11 UTC | 239 | OUT | |
2024-10-04 07:56:11 UTC | 515 | IN | |
2024-10-04 07:56:11 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.16 | 49709 | 4.175.87.197 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-04 07:56:14 UTC | 306 | OUT | |
2024-10-04 07:56:14 UTC | 560 | IN | |
2024-10-04 07:56:14 UTC | 15824 | IN | |
2024-10-04 07:56:14 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
3 | 192.168.2.16 | 49710 | 20.190.160.22 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-04 07:56:15 UTC | 422 | OUT | |
2024-10-04 07:56:15 UTC | 4762 | OUT | |
2024-10-04 07:56:15 UTC | 569 | IN | |
2024-10-04 07:56:15 UTC | 10197 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.16 | 49718 | 72.167.142.137 | 443 | 3688 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-04 07:56:32 UTC | 715 | OUT | |
2024-10-04 07:56:32 UTC | 208 | IN | |
2024-10-04 07:56:32 UTC | 356 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.16 | 49721 | 172.67.185.52 | 443 | 3688 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-04 07:56:33 UTC | 713 | OUT | |
2024-10-04 07:56:33 UTC | 602 | IN | |
2024-10-04 07:56:33 UTC | 767 | IN | |
2024-10-04 07:56:33 UTC | 1369 | IN | |
2024-10-04 07:56:33 UTC | 1369 | IN | |
2024-10-04 07:56:33 UTC | 905 | IN | |
2024-10-04 07:56:33 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.16 | 49722 | 4.175.87.197 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-04 07:56:51 UTC | 306 | OUT | |
2024-10-04 07:56:51 UTC | 560 | IN | |
2024-10-04 07:56:51 UTC | 15824 | IN | |
2024-10-04 07:56:51 UTC | 14181 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 03:56:03 |
Start date: | 04/10/2024 |
Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb10000 |
File size: | 34'446'744 bytes |
MD5 hash: | 91A5292942864110ED734005B7E005C0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 3 |
Start time: | 03:56:10 |
Start date: | 04/10/2024 |
Path: | C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff663af0000 |
File size: | 710'048 bytes |
MD5 hash: | EC652BEDD90E089D9406AFED89A8A8BD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 11 |
Start time: | 03:56:26 |
Start date: | 04/10/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 12 |
Start time: | 03:56:27 |
Start date: | 04/10/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |