Windows
Analysis Report
Wc 401k Retirement Plan.shtml
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64_ra
- chrome.exe (PID: 4020 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t C:\Users \user\Desk top\Wc 401 k Retireme nt Plan.sh tml MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 5672 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2060 --fi eld-trial- handle=197 2,i,217464 9221793219 881,131157 3521481626 5240,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Source: | Virustotal: | Perma Link |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | HTTP Parser: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing | ||
0% | Avira URL Cloud | safe | ||
9% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
pe-0000ec08.gslb.pphosted.com | 148.163.158.107 | true | false | high | |
www.google.com | 64.233.185.105 | true | false | high | |
secmail.bankofamerica.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
true |
| low |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
64.233.185.105 | www.google.com | United States | 15169 | GOOGLEUS | false | |
148.163.158.107 | pe-0000ec08.gslb.pphosted.com | United States | 22843 | PROOFPOINT-ASN-US-EASTUS | false |
IP |
---|
192.168.2.16 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431747 |
Start date and time: | 2024-04-25 17:54:19 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 47s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 15 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Wc 401k Retirement Plan.shtml |
Detection: | MAL |
Classification: | mal60.phis.winSHTML@14/9@6/4 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 74.125.138.94, 172.253.124.113, 172.253.124.101, 172.253.124.102, 172.253.124.100, 172.253.124.139, 172.253.124.138, 64.233.176.84, 34.104.35.123, 199.232.214.172, 142.250.9.94, 74.125.136.139, 74.125.136.102, 74.125.136.100, 74.125.136.138, 74.125.136.101, 74.125.136.113
- Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
239.255.255.250 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | NetSupport RAT | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
148.163.158.107 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
pe-0000ec08.gslb.pphosted.com | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
PROOFPOINT-ASN-US-EASTUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | MyDoom | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | NetSupport RAT | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.99130960020595 |
Encrypted: | false |
SSDEEP: | 48:8AdDTrHsHy7idAKZdA1FehwiZUklqehSy+3:8UPll1y |
MD5: | 8BC866EDF1364341821B93FA4B5BAB9D |
SHA1: | C12501DA7DA8A6A3D89FEB3C8764533B2DC8D52C |
SHA-256: | EDF0FD26FBDBD97C6410A79240F0D9CEC9F27B3F82C36352A0A3E1C00EBE31B4 |
SHA-512: | 7B792A527204E526C5D3FF3CC98AEDFAAC8328A47E20DA2D650112654CD15473AF3967D1F95B0D24C23E2C05E5FF83BA8C48EB60038FAED0E18AEADE5AF78ABD |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 4.007983530976208 |
Encrypted: | false |
SSDEEP: | 48:8NdDTrHsHy7idAKZdA1seh/iZUkAQkqehly+2:8DPl79Q0y |
MD5: | B3FAC5942354AD1AC20781D646F9197E |
SHA1: | 4C941D1296FE72BB1BB4E3E61225A93AE0755DB5 |
SHA-256: | 1C6F3F825A5FD088E7D614832B52F936F990B7A39E09A4D326EB85323BE93671 |
SHA-512: | 0CAEB011A16743F99256E6DA4D38301433B74EDE35CCBC52372A338551DCD0B9D1302CA3C9A508135E2F7879EC64B95CA8DEDA6DC274E052C185836C62246CC0 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.013411744576434 |
Encrypted: | false |
SSDEEP: | 48:8wdDTrHAHy7idAKZdA14meh7sFiZUkmgqeh7svy+BX:8EPxvnhy |
MD5: | 9C1D4BA9E306330D8970ABF9B9588B2A |
SHA1: | B2A6B376E791AF6EA2A068BDDC86F6185A9D6AC6 |
SHA-256: | B6DC56C4E397B3E74F70D361C009FEA950ECC4728E580FAE3816F0CAB0E6A220 |
SHA-512: | 62167590E9661D20D2D9BBB104C0F2921F9344372D92A376B2F405F7F33B8F41FC9B25FCE71E5824AAFA6CD71538B6559E831E4DE5A230B9F8F5F96829C5C138 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 4.00601107717012 |
Encrypted: | false |
SSDEEP: | 48:8vdDTrHsHy7idAKZdA1TehDiZUkwqehZy+R:8tPlony |
MD5: | E63091BBEBB6BC3AA0D49EE26783F189 |
SHA1: | 93C77557AB0A192C5FCB8E46DA34DFA3B067E5F2 |
SHA-256: | A26D053F58839B795B69B7FCB9A8C4AA660DB942831FBB404FA9470C71F2EF7D |
SHA-512: | 5593874ACF5F0AC3B372C816197AB704984B250FBF7BEFA374BC4A0D209CA9DAB04BE917D1712CC8C48D10261891F13AAF5589C71E7077D2DD90D6A152DE95F1 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9893857135999076 |
Encrypted: | false |
SSDEEP: | 48:8Z4dDTrHsHy7idAKZdA1dehBiZUk1W1qehry+C:8ZsPlY9Ly |
MD5: | 520DE7DFBC81C018309D2F5CFE80CACE |
SHA1: | 54A2042B23AE71912F2460F842EC30D946FB8A99 |
SHA-256: | 421CB32566194AC7D65204364D45650E90DAF346ED4C7BC9239EBAA83BBA18E6 |
SHA-512: | B32C56D1184BFA6FD9FBD98B97F3732226BE723992B882A0B497574B62E702AAC1F294241F7F31A68BE3184B3A035818C3F404632D16C63F204B4F46AE107C94 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 4.005522308574039 |
Encrypted: | false |
SSDEEP: | 48:8SdDTrHsHy7idAKZdA1duTeehOuTbbiZUk5OjqehOuTbhy+yT+:8GPlqTfTbxWOvTbhy7T |
MD5: | 85B6A7CCFBF143AF402845113DBB3DF9 |
SHA1: | DC69E559878033F0CE32EA4970FAD0B6B839D0D2 |
SHA-256: | 1B3685C538B3C9C8B3AC2E652A0200921023FF622A01AFF00B5B47990DA37897 |
SHA-512: | D74727B9E39F172CD286D1DA38C2D5A8477181471FF4B1F7A7EC81C479EB89F0048E3D3BDDCB9D4769C6062C36F574C21EC60C204D6753E4FEC8BB33C4EF4103 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1933 |
Entropy (8bit): | 6.714574381049021 |
Encrypted: | false |
SSDEEP: | 48:0H3X3BNXrhfmR2xq+KhwuWl85pJMDCf6WcVqU08w3:0H3nBN7huR2g+KhCl0kqv8w3 |
MD5: | 11D203DF4573DDEF7A39312650D60916 |
SHA1: | B34B20779C3D853DE36D9A42521CFF9075DE315B |
SHA-256: | 5992D4BCF7F1B705FA08AA8A3B0E4C5C1974C6E76B6BA5A69A7D21D0FD939247 |
SHA-512: | E3DC11AF9737A1B0A2DECE412C95D3C7AC56BC9951BC4A3F273E729ABD9411615B9FD7DF42E86DC2D4D91D0FC08AADB88C2448797D5AC56432B282B8C408E84B |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1933 |
Entropy (8bit): | 6.714574381049021 |
Encrypted: | false |
SSDEEP: | 48:0H3X3BNXrhfmR2xq+KhwuWl85pJMDCf6WcVqU08w3:0H3nBN7huR2g+KhCl0kqv8w3 |
MD5: | 11D203DF4573DDEF7A39312650D60916 |
SHA1: | B34B20779C3D853DE36D9A42521CFF9075DE315B |
SHA-256: | 5992D4BCF7F1B705FA08AA8A3B0E4C5C1974C6E76B6BA5A69A7D21D0FD939247 |
SHA-512: | E3DC11AF9737A1B0A2DECE412C95D3C7AC56BC9951BC4A3F273E729ABD9411615B9FD7DF42E86DC2D4D91D0FC08AADB88C2448797D5AC56432B282B8C408E84B |
Malicious: | false |
Reputation: | moderate, very likely benign file |
URL: | https://secmail.bankofamerica.com/securereader/Image?c=lock&b=1&rnd=7.68316063031076 |
Preview: |
File type: | |
Entropy (8bit): | 5.121243645880949 |
TrID: |
|
File name: | Wc 401k Retirement Plan.shtml |
File size: | 1'719 bytes |
MD5: | 35d4bb0e1760fef0becedfac21b7862a |
SHA1: | 8a1874aa522d11725e09b8d6647d6e828ebff11f |
SHA256: | df530dd714890f9ec9640bd0f9c8e5ffc7bacc912df9a2462d010d8f6d850e66 |
SHA512: | 68a68b0cf97b0eefc97261a2df78fb393842c121627c7c058576da9588a42350530e8a0994233264fcba4cb7cc9089423817aaeb6f05304a7a2420ebc1a8153f |
SSDEEP: | 24:WC9spxKZRqSdNdbiEuJbttts2P+5EYqMktLoWj5ISBLYMsRMsGLK41NVr145:epoZ8StiHtttnPcxqrtH5+M6MTLKP |
TLSH: | F4313CA6BBA0220A218054A4F840FFC3CF0012A7978649E5BD8D51BFEF4C9B091B339C |
File Content Preview: | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">.<html>..<head>. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">. Branding: You'll probably want to set the title. -->. <title>Proofpoint |
Icon Hash: | 173149cccc490307 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 25, 2024 17:54:46.190563917 CEST | 49699 | 443 | 192.168.2.16 | 148.163.158.107 |
Apr 25, 2024 17:54:46.190649986 CEST | 443 | 49699 | 148.163.158.107 | 192.168.2.16 |
Apr 25, 2024 17:54:46.190747023 CEST | 49699 | 443 | 192.168.2.16 | 148.163.158.107 |
Apr 25, 2024 17:54:46.191015005 CEST | 49699 | 443 | 192.168.2.16 | 148.163.158.107 |
Apr 25, 2024 17:54:46.191049099 CEST | 443 | 49699 | 148.163.158.107 | 192.168.2.16 |
Apr 25, 2024 17:54:46.539066076 CEST | 443 | 49699 | 148.163.158.107 | 192.168.2.16 |
Apr 25, 2024 17:54:46.539314032 CEST | 49699 | 443 | 192.168.2.16 | 148.163.158.107 |
Apr 25, 2024 17:54:46.539364100 CEST | 443 | 49699 | 148.163.158.107 | 192.168.2.16 |
Apr 25, 2024 17:54:46.540860891 CEST | 443 | 49699 | 148.163.158.107 | 192.168.2.16 |
Apr 25, 2024 17:54:46.540994883 CEST | 49699 | 443 | 192.168.2.16 | 148.163.158.107 |
Apr 25, 2024 17:54:46.542047977 CEST | 49699 | 443 | 192.168.2.16 | 148.163.158.107 |
Apr 25, 2024 17:54:46.542141914 CEST | 443 | 49699 | 148.163.158.107 | 192.168.2.16 |
Apr 25, 2024 17:54:46.542212009 CEST | 49699 | 443 | 192.168.2.16 | 148.163.158.107 |
Apr 25, 2024 17:54:46.584639072 CEST | 49699 | 443 | 192.168.2.16 | 148.163.158.107 |
Apr 25, 2024 17:54:46.584708929 CEST | 443 | 49699 | 148.163.158.107 | 192.168.2.16 |
Apr 25, 2024 17:54:46.632647991 CEST | 49699 | 443 | 192.168.2.16 | 148.163.158.107 |
Apr 25, 2024 17:54:46.659173012 CEST | 443 | 49699 | 148.163.158.107 | 192.168.2.16 |
Apr 25, 2024 17:54:46.659198046 CEST | 443 | 49699 | 148.163.158.107 | 192.168.2.16 |
Apr 25, 2024 17:54:46.659271955 CEST | 49699 | 443 | 192.168.2.16 | 148.163.158.107 |
Apr 25, 2024 17:54:46.659293890 CEST | 443 | 49699 | 148.163.158.107 | 192.168.2.16 |
Apr 25, 2024 17:54:46.659567118 CEST | 443 | 49699 | 148.163.158.107 | 192.168.2.16 |
Apr 25, 2024 17:54:46.659625053 CEST | 49699 | 443 | 192.168.2.16 | 148.163.158.107 |
Apr 25, 2024 17:54:46.659878969 CEST | 49699 | 443 | 192.168.2.16 | 148.163.158.107 |
Apr 25, 2024 17:54:46.659905910 CEST | 443 | 49699 | 148.163.158.107 | 192.168.2.16 |
Apr 25, 2024 17:54:46.870023012 CEST | 49701 | 443 | 192.168.2.16 | 148.163.158.107 |
Apr 25, 2024 17:54:46.870065928 CEST | 443 | 49701 | 148.163.158.107 | 192.168.2.16 |
Apr 25, 2024 17:54:46.870166063 CEST | 49701 | 443 | 192.168.2.16 | 148.163.158.107 |
Apr 25, 2024 17:54:46.870352983 CEST | 49701 | 443 | 192.168.2.16 | 148.163.158.107 |
Apr 25, 2024 17:54:46.870373011 CEST | 443 | 49701 | 148.163.158.107 | 192.168.2.16 |
Apr 25, 2024 17:54:47.097688913 CEST | 443 | 49701 | 148.163.158.107 | 192.168.2.16 |
Apr 25, 2024 17:54:47.098063946 CEST | 49701 | 443 | 192.168.2.16 | 148.163.158.107 |
Apr 25, 2024 17:54:47.098123074 CEST | 443 | 49701 | 148.163.158.107 | 192.168.2.16 |
Apr 25, 2024 17:54:47.100383997 CEST | 443 | 49701 | 148.163.158.107 | 192.168.2.16 |
Apr 25, 2024 17:54:47.100476027 CEST | 49701 | 443 | 192.168.2.16 | 148.163.158.107 |
Apr 25, 2024 17:54:47.100747108 CEST | 49701 | 443 | 192.168.2.16 | 148.163.158.107 |
Apr 25, 2024 17:54:47.100871086 CEST | 49701 | 443 | 192.168.2.16 | 148.163.158.107 |
Apr 25, 2024 17:54:47.100883961 CEST | 443 | 49701 | 148.163.158.107 | 192.168.2.16 |
Apr 25, 2024 17:54:47.148116112 CEST | 443 | 49701 | 148.163.158.107 | 192.168.2.16 |
Apr 25, 2024 17:54:47.150640011 CEST | 49701 | 443 | 192.168.2.16 | 148.163.158.107 |
Apr 25, 2024 17:54:47.150655985 CEST | 443 | 49701 | 148.163.158.107 | 192.168.2.16 |
Apr 25, 2024 17:54:47.198623896 CEST | 49701 | 443 | 192.168.2.16 | 148.163.158.107 |
Apr 25, 2024 17:54:47.361077070 CEST | 443 | 49701 | 148.163.158.107 | 192.168.2.16 |
Apr 25, 2024 17:54:47.361114025 CEST | 443 | 49701 | 148.163.158.107 | 192.168.2.16 |
Apr 25, 2024 17:54:47.361263990 CEST | 443 | 49701 | 148.163.158.107 | 192.168.2.16 |
Apr 25, 2024 17:54:47.361293077 CEST | 49701 | 443 | 192.168.2.16 | 148.163.158.107 |
Apr 25, 2024 17:54:47.361335039 CEST | 49701 | 443 | 192.168.2.16 | 148.163.158.107 |
Apr 25, 2024 17:54:47.361857891 CEST | 49701 | 443 | 192.168.2.16 | 148.163.158.107 |
Apr 25, 2024 17:54:47.361890078 CEST | 443 | 49701 | 148.163.158.107 | 192.168.2.16 |
Apr 25, 2024 17:54:50.828717947 CEST | 49704 | 443 | 192.168.2.16 | 64.233.185.105 |
Apr 25, 2024 17:54:50.828807116 CEST | 443 | 49704 | 64.233.185.105 | 192.168.2.16 |
Apr 25, 2024 17:54:50.828927040 CEST | 49704 | 443 | 192.168.2.16 | 64.233.185.105 |
Apr 25, 2024 17:54:50.829138041 CEST | 49704 | 443 | 192.168.2.16 | 64.233.185.105 |
Apr 25, 2024 17:54:50.829174995 CEST | 443 | 49704 | 64.233.185.105 | 192.168.2.16 |
Apr 25, 2024 17:54:51.064109087 CEST | 443 | 49704 | 64.233.185.105 | 192.168.2.16 |
Apr 25, 2024 17:54:51.064553022 CEST | 49704 | 443 | 192.168.2.16 | 64.233.185.105 |
Apr 25, 2024 17:54:51.064614058 CEST | 443 | 49704 | 64.233.185.105 | 192.168.2.16 |
Apr 25, 2024 17:54:51.066298962 CEST | 443 | 49704 | 64.233.185.105 | 192.168.2.16 |
Apr 25, 2024 17:54:51.066423893 CEST | 49704 | 443 | 192.168.2.16 | 64.233.185.105 |
Apr 25, 2024 17:54:51.067492962 CEST | 49704 | 443 | 192.168.2.16 | 64.233.185.105 |
Apr 25, 2024 17:54:51.067588091 CEST | 443 | 49704 | 64.233.185.105 | 192.168.2.16 |
Apr 25, 2024 17:54:51.100188017 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 25, 2024 17:54:51.115637064 CEST | 49704 | 443 | 192.168.2.16 | 64.233.185.105 |
Apr 25, 2024 17:54:51.115658045 CEST | 443 | 49704 | 64.233.185.105 | 192.168.2.16 |
Apr 25, 2024 17:54:51.163629055 CEST | 49704 | 443 | 192.168.2.16 | 64.233.185.105 |
Apr 25, 2024 17:54:51.403630018 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 25, 2024 17:54:52.009641886 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 25, 2024 17:54:53.191508055 CEST | 49689 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 25, 2024 17:54:53.218611002 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 25, 2024 17:54:55.629650116 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 25, 2024 17:54:57.488815069 CEST | 49710 | 443 | 192.168.2.16 | 23.44.104.130 |
Apr 25, 2024 17:54:57.488853931 CEST | 443 | 49710 | 23.44.104.130 | 192.168.2.16 |
Apr 25, 2024 17:54:57.488934994 CEST | 49710 | 443 | 192.168.2.16 | 23.44.104.130 |
Apr 25, 2024 17:54:57.491349936 CEST | 49710 | 443 | 192.168.2.16 | 23.44.104.130 |
Apr 25, 2024 17:54:57.491360903 CEST | 443 | 49710 | 23.44.104.130 | 192.168.2.16 |
Apr 25, 2024 17:54:57.718704939 CEST | 443 | 49710 | 23.44.104.130 | 192.168.2.16 |
Apr 25, 2024 17:54:57.718837976 CEST | 49710 | 443 | 192.168.2.16 | 23.44.104.130 |
Apr 25, 2024 17:54:57.723867893 CEST | 49710 | 443 | 192.168.2.16 | 23.44.104.130 |
Apr 25, 2024 17:54:57.723882914 CEST | 443 | 49710 | 23.44.104.130 | 192.168.2.16 |
Apr 25, 2024 17:54:57.724143028 CEST | 443 | 49710 | 23.44.104.130 | 192.168.2.16 |
Apr 25, 2024 17:54:57.762943029 CEST | 49710 | 443 | 192.168.2.16 | 23.44.104.130 |
Apr 25, 2024 17:54:57.808109999 CEST | 443 | 49710 | 23.44.104.130 | 192.168.2.16 |
Apr 25, 2024 17:54:57.932387114 CEST | 443 | 49710 | 23.44.104.130 | 192.168.2.16 |
Apr 25, 2024 17:54:57.932477951 CEST | 443 | 49710 | 23.44.104.130 | 192.168.2.16 |
Apr 25, 2024 17:54:57.932537079 CEST | 49710 | 443 | 192.168.2.16 | 23.44.104.130 |
Apr 25, 2024 17:54:57.932636976 CEST | 49710 | 443 | 192.168.2.16 | 23.44.104.130 |
Apr 25, 2024 17:54:57.932656050 CEST | 443 | 49710 | 23.44.104.130 | 192.168.2.16 |
Apr 25, 2024 17:54:57.932667017 CEST | 49710 | 443 | 192.168.2.16 | 23.44.104.130 |
Apr 25, 2024 17:54:57.932672977 CEST | 443 | 49710 | 23.44.104.130 | 192.168.2.16 |
Apr 25, 2024 17:54:57.967245102 CEST | 49711 | 443 | 192.168.2.16 | 23.44.104.130 |
Apr 25, 2024 17:54:57.967284918 CEST | 443 | 49711 | 23.44.104.130 | 192.168.2.16 |
Apr 25, 2024 17:54:57.967391014 CEST | 49711 | 443 | 192.168.2.16 | 23.44.104.130 |
Apr 25, 2024 17:54:57.967665911 CEST | 49711 | 443 | 192.168.2.16 | 23.44.104.130 |
Apr 25, 2024 17:54:57.967677116 CEST | 443 | 49711 | 23.44.104.130 | 192.168.2.16 |
Apr 25, 2024 17:54:58.193538904 CEST | 443 | 49711 | 23.44.104.130 | 192.168.2.16 |
Apr 25, 2024 17:54:58.193667889 CEST | 49711 | 443 | 192.168.2.16 | 23.44.104.130 |
Apr 25, 2024 17:54:58.194921017 CEST | 49711 | 443 | 192.168.2.16 | 23.44.104.130 |
Apr 25, 2024 17:54:58.194947958 CEST | 443 | 49711 | 23.44.104.130 | 192.168.2.16 |
Apr 25, 2024 17:54:58.195220947 CEST | 443 | 49711 | 23.44.104.130 | 192.168.2.16 |
Apr 25, 2024 17:54:58.196578979 CEST | 49711 | 443 | 192.168.2.16 | 23.44.104.130 |
Apr 25, 2024 17:54:58.240160942 CEST | 443 | 49711 | 23.44.104.130 | 192.168.2.16 |
Apr 25, 2024 17:54:58.413573027 CEST | 443 | 49711 | 23.44.104.130 | 192.168.2.16 |
Apr 25, 2024 17:54:58.413650036 CEST | 443 | 49711 | 23.44.104.130 | 192.168.2.16 |
Apr 25, 2024 17:54:58.413723946 CEST | 49711 | 443 | 192.168.2.16 | 23.44.104.130 |
Apr 25, 2024 17:54:58.414628029 CEST | 49711 | 443 | 192.168.2.16 | 23.44.104.130 |
Apr 25, 2024 17:54:58.414668083 CEST | 443 | 49711 | 23.44.104.130 | 192.168.2.16 |
Apr 25, 2024 17:54:58.414697886 CEST | 49711 | 443 | 192.168.2.16 | 23.44.104.130 |
Apr 25, 2024 17:54:58.414712906 CEST | 443 | 49711 | 23.44.104.130 | 192.168.2.16 |
Apr 25, 2024 17:54:59.272106886 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 25, 2024 17:54:59.573770046 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 25, 2024 17:54:59.896935940 CEST | 49712 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 17:54:59.896982908 CEST | 443 | 49712 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:54:59.898736954 CEST | 49712 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 17:54:59.899893045 CEST | 49712 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 17:54:59.899909019 CEST | 443 | 49712 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:00.179622889 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 25, 2024 17:55:00.422997952 CEST | 443 | 49712 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:00.423098087 CEST | 49712 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 17:55:00.427006006 CEST | 49712 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 17:55:00.427023888 CEST | 443 | 49712 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:00.427283049 CEST | 443 | 49712 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:00.435626030 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 25, 2024 17:55:00.467602015 CEST | 49712 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 17:55:00.485028028 CEST | 49712 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 17:55:00.532114983 CEST | 443 | 49712 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:00.929517031 CEST | 443 | 49712 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:00.929543018 CEST | 443 | 49712 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:00.929553032 CEST | 443 | 49712 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:00.929564953 CEST | 443 | 49712 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:00.929596901 CEST | 443 | 49712 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:00.929640055 CEST | 49712 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 17:55:00.929667950 CEST | 443 | 49712 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:00.929680109 CEST | 443 | 49712 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:00.929688931 CEST | 49712 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 17:55:00.929817915 CEST | 443 | 49712 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:00.929856062 CEST | 49712 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 17:55:00.929871082 CEST | 49712 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 17:55:00.967850924 CEST | 49712 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 17:55:00.967885017 CEST | 443 | 49712 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:00.967905998 CEST | 49712 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 17:55:00.967911959 CEST | 443 | 49712 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:01.051734924 CEST | 443 | 49704 | 64.233.185.105 | 192.168.2.16 |
Apr 25, 2024 17:55:01.051811934 CEST | 443 | 49704 | 64.233.185.105 | 192.168.2.16 |
Apr 25, 2024 17:55:01.051870108 CEST | 49704 | 443 | 192.168.2.16 | 64.233.185.105 |
Apr 25, 2024 17:55:01.394628048 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 25, 2024 17:55:02.131061077 CEST | 49704 | 443 | 192.168.2.16 | 64.233.185.105 |
Apr 25, 2024 17:55:02.131103039 CEST | 443 | 49704 | 64.233.185.105 | 192.168.2.16 |
Apr 25, 2024 17:55:03.727756023 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 25, 2024 17:55:03.807595968 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 25, 2024 17:55:04.031708002 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 25, 2024 17:55:04.638619900 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 25, 2024 17:55:05.847620964 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 25, 2024 17:55:08.260623932 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 25, 2024 17:55:08.611640930 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 25, 2024 17:55:10.035645962 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 25, 2024 17:55:13.074649096 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 25, 2024 17:55:18.220695019 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 25, 2024 17:55:22.677634954 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 25, 2024 17:55:37.432634115 CEST | 49713 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 17:55:37.432663918 CEST | 443 | 49713 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:37.432776928 CEST | 49713 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 17:55:37.433108091 CEST | 49713 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 17:55:37.433141947 CEST | 443 | 49713 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:37.959527969 CEST | 443 | 49713 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:37.959652901 CEST | 49713 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 17:55:37.960963964 CEST | 49713 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 17:55:37.960974932 CEST | 443 | 49713 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:37.961308002 CEST | 443 | 49713 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:37.962918043 CEST | 49713 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 17:55:38.004137993 CEST | 443 | 49713 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:38.468174934 CEST | 443 | 49713 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:38.468202114 CEST | 443 | 49713 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:38.468223095 CEST | 443 | 49713 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:38.468283892 CEST | 49713 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 17:55:38.468310118 CEST | 443 | 49713 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:38.468332052 CEST | 443 | 49713 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:38.468348026 CEST | 49713 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 17:55:38.468357086 CEST | 443 | 49713 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:38.468367100 CEST | 49713 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 17:55:38.468370914 CEST | 443 | 49713 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:38.468386889 CEST | 49713 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 17:55:38.468400002 CEST | 49713 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 17:55:38.468405008 CEST | 443 | 49713 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:38.468431950 CEST | 443 | 49713 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:38.468441010 CEST | 49713 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 17:55:38.468473911 CEST | 49713 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 17:55:38.471679926 CEST | 49713 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 17:55:38.471694946 CEST | 443 | 49713 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:38.471704960 CEST | 49713 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 17:55:38.471709967 CEST | 443 | 49713 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 17:55:50.775715113 CEST | 49715 | 443 | 192.168.2.16 | 64.233.185.105 |
Apr 25, 2024 17:55:50.775783062 CEST | 443 | 49715 | 64.233.185.105 | 192.168.2.16 |
Apr 25, 2024 17:55:50.775899887 CEST | 49715 | 443 | 192.168.2.16 | 64.233.185.105 |
Apr 25, 2024 17:55:50.776151896 CEST | 49715 | 443 | 192.168.2.16 | 64.233.185.105 |
Apr 25, 2024 17:55:50.776176929 CEST | 443 | 49715 | 64.233.185.105 | 192.168.2.16 |
Apr 25, 2024 17:55:51.006633043 CEST | 443 | 49715 | 64.233.185.105 | 192.168.2.16 |
Apr 25, 2024 17:55:51.007005930 CEST | 49715 | 443 | 192.168.2.16 | 64.233.185.105 |
Apr 25, 2024 17:55:51.007040977 CEST | 443 | 49715 | 64.233.185.105 | 192.168.2.16 |
Apr 25, 2024 17:55:51.008162022 CEST | 443 | 49715 | 64.233.185.105 | 192.168.2.16 |
Apr 25, 2024 17:55:51.008491993 CEST | 49715 | 443 | 192.168.2.16 | 64.233.185.105 |
Apr 25, 2024 17:55:51.008661985 CEST | 443 | 49715 | 64.233.185.105 | 192.168.2.16 |
Apr 25, 2024 17:55:51.062614918 CEST | 49715 | 443 | 192.168.2.16 | 64.233.185.105 |
Apr 25, 2024 17:55:53.264822006 CEST | 49688 | 443 | 192.168.2.16 | 13.107.21.200 |
Apr 25, 2024 17:56:01.050481081 CEST | 443 | 49715 | 64.233.185.105 | 192.168.2.16 |
Apr 25, 2024 17:56:01.050611973 CEST | 443 | 49715 | 64.233.185.105 | 192.168.2.16 |
Apr 25, 2024 17:56:01.050684929 CEST | 49715 | 443 | 192.168.2.16 | 64.233.185.105 |
Apr 25, 2024 17:56:02.119277000 CEST | 49715 | 443 | 192.168.2.16 | 64.233.185.105 |
Apr 25, 2024 17:56:02.119317055 CEST | 443 | 49715 | 64.233.185.105 | 192.168.2.16 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 25, 2024 17:54:45.971812010 CEST | 53 | 53901 | 1.1.1.1 | 192.168.2.16 |
Apr 25, 2024 17:54:45.985112906 CEST | 53 | 62973 | 1.1.1.1 | 192.168.2.16 |
Apr 25, 2024 17:54:46.018619061 CEST | 54366 | 53 | 192.168.2.16 | 1.1.1.1 |
Apr 25, 2024 17:54:46.018867970 CEST | 53735 | 53 | 192.168.2.16 | 1.1.1.1 |
Apr 25, 2024 17:54:46.129798889 CEST | 53 | 53735 | 1.1.1.1 | 192.168.2.16 |
Apr 25, 2024 17:54:46.189805984 CEST | 53 | 54366 | 1.1.1.1 | 192.168.2.16 |
Apr 25, 2024 17:54:46.624454021 CEST | 53 | 63920 | 1.1.1.1 | 192.168.2.16 |
Apr 25, 2024 17:54:46.666802883 CEST | 64049 | 53 | 192.168.2.16 | 1.1.1.1 |
Apr 25, 2024 17:54:46.666929960 CEST | 51700 | 53 | 192.168.2.16 | 1.1.1.1 |
Apr 25, 2024 17:54:46.827239990 CEST | 53 | 64049 | 1.1.1.1 | 192.168.2.16 |
Apr 25, 2024 17:54:46.919060946 CEST | 53 | 51700 | 1.1.1.1 | 192.168.2.16 |
Apr 25, 2024 17:54:50.716605902 CEST | 51877 | 53 | 192.168.2.16 | 1.1.1.1 |
Apr 25, 2024 17:54:50.716767073 CEST | 63518 | 53 | 192.168.2.16 | 1.1.1.1 |
Apr 25, 2024 17:54:50.827291965 CEST | 53 | 63518 | 1.1.1.1 | 192.168.2.16 |
Apr 25, 2024 17:54:50.827625990 CEST | 53 | 51877 | 1.1.1.1 | 192.168.2.16 |
Apr 25, 2024 17:55:03.567214966 CEST | 53 | 51197 | 1.1.1.1 | 192.168.2.16 |
Apr 25, 2024 17:55:22.342619896 CEST | 53 | 56672 | 1.1.1.1 | 192.168.2.16 |
Apr 25, 2024 17:55:45.133022070 CEST | 53 | 63916 | 1.1.1.1 | 192.168.2.16 |
Apr 25, 2024 17:55:45.950344086 CEST | 53 | 52642 | 1.1.1.1 | 192.168.2.16 |
Apr 25, 2024 17:55:55.431299925 CEST | 138 | 138 | 192.168.2.16 | 192.168.2.255 |
Apr 25, 2024 17:56:13.173625946 CEST | 53 | 50330 | 1.1.1.1 | 192.168.2.16 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Apr 25, 2024 17:54:46.919260025 CEST | 192.168.2.16 | 1.1.1.1 | c25d | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 25, 2024 17:54:46.018619061 CEST | 192.168.2.16 | 1.1.1.1 | 0xa510 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 17:54:46.018867970 CEST | 192.168.2.16 | 1.1.1.1 | 0x81e2 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 25, 2024 17:54:46.666802883 CEST | 192.168.2.16 | 1.1.1.1 | 0xa740 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 17:54:46.666929960 CEST | 192.168.2.16 | 1.1.1.1 | 0xc848 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 25, 2024 17:54:50.716605902 CEST | 192.168.2.16 | 1.1.1.1 | 0x97d5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 17:54:50.716767073 CEST | 192.168.2.16 | 1.1.1.1 | 0x956c | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 25, 2024 17:54:46.129798889 CEST | 1.1.1.1 | 192.168.2.16 | 0x81e2 | No error (0) | pe-0000ec08.gslb.pphosted.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 25, 2024 17:54:46.189805984 CEST | 1.1.1.1 | 192.168.2.16 | 0xa510 | No error (0) | pe-0000ec08.gslb.pphosted.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 25, 2024 17:54:46.189805984 CEST | 1.1.1.1 | 192.168.2.16 | 0xa510 | No error (0) | 148.163.158.107 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 17:54:46.827239990 CEST | 1.1.1.1 | 192.168.2.16 | 0xa740 | No error (0) | pe-0000ec08.gslb.pphosted.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 25, 2024 17:54:46.827239990 CEST | 1.1.1.1 | 192.168.2.16 | 0xa740 | No error (0) | 148.163.158.107 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 17:54:46.919060946 CEST | 1.1.1.1 | 192.168.2.16 | 0xc848 | No error (0) | pe-0000ec08.gslb.pphosted.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 25, 2024 17:54:50.827291965 CEST | 1.1.1.1 | 192.168.2.16 | 0x956c | No error (0) | 65 | IN (0x0001) | false | |||
Apr 25, 2024 17:54:50.827625990 CEST | 1.1.1.1 | 192.168.2.16 | 0x97d5 | No error (0) | 64.233.185.105 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 17:54:50.827625990 CEST | 1.1.1.1 | 192.168.2.16 | 0x97d5 | No error (0) | 64.233.185.147 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 17:54:50.827625990 CEST | 1.1.1.1 | 192.168.2.16 | 0x97d5 | No error (0) | 64.233.185.103 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 17:54:50.827625990 CEST | 1.1.1.1 | 192.168.2.16 | 0x97d5 | No error (0) | 64.233.185.104 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 17:54:50.827625990 CEST | 1.1.1.1 | 192.168.2.16 | 0x97d5 | No error (0) | 64.233.185.99 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 17:54:50.827625990 CEST | 1.1.1.1 | 192.168.2.16 | 0x97d5 | No error (0) | 64.233.185.106 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.16 | 49699 | 148.163.158.107 | 443 | 5672 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 15:54:46 UTC | 599 | OUT | |
2024-04-25 15:54:46 UTC | 525 | IN | |
2024-04-25 15:54:46 UTC | 1940 | IN | |
2024-04-25 15:54:46 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.16 | 49701 | 148.163.158.107 | 443 | 5672 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 15:54:47 UTC | 399 | OUT | |
2024-04-25 15:54:47 UTC | 525 | IN | |
2024-04-25 15:54:47 UTC | 1940 | IN | |
2024-04-25 15:54:47 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.16 | 49710 | 23.44.104.130 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 15:54:57 UTC | 161 | OUT | |
2024-04-25 15:54:57 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.16 | 49711 | 23.44.104.130 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 15:54:58 UTC | 239 | OUT | |
2024-04-25 15:54:58 UTC | 531 | IN | |
2024-04-25 15:54:58 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.16 | 49712 | 20.114.59.183 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 15:55:00 UTC | 306 | OUT | |
2024-04-25 15:55:00 UTC | 560 | IN | |
2024-04-25 15:55:00 UTC | 15824 | IN | |
2024-04-25 15:55:00 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.16 | 49713 | 20.114.59.183 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 15:55:37 UTC | 306 | OUT | |
2024-04-25 15:55:38 UTC | 560 | IN | |
2024-04-25 15:55:38 UTC | 15824 | IN | |
2024-04-25 15:55:38 UTC | 9633 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 17:54:44 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 2 |
Start time: | 17:54:45 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |