Edit tour
Windows
Analysis Report
Message.eml
Overview
General Information
| Sample name: | Message.eml |
| Analysis ID: | 1631106 |
| MD5: | ab57f01a63d58d11bbd37e6217497e17 |
| SHA1: | a567b842844d9164854049bea717a926be5bedba |
| SHA256: | 8a8ccc89ac5fd4edfeab446c654b9930cb4bd7222b2c436469f29c462ffcf537 |
| Infos: |  |
 | |
Detection
| Score: | 52 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
AI detected landing page (webpage, office document or email)
AI detected suspicious elements in Email content
AI detected suspicious elements in Email header
Creates files inside the system directory
Deletes files inside the Windows folder
IP address seen in connection with other malware
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Classification
- System is w10x64_ra
OUTLOOK.EXE (PID: 4652 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\OUTLO OK.EXE" /e ml "C:\Use rs\user\De sktop\Mess age.eml" MD5: 91A5292942864110ED734005B7E005C0) 
ai.exe (PID: 5940 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \root\vfs\ ProgramFil esCommonX6 4\Microsof t Shared\O ffice16\ai .exe" "FF1 092E9-C705 -422A-B026 -B19261394 388" "94C8 75A3-187C- 497C-B2E3- EB486B1F25 D1" "4652" "C:\Progr am Files ( x86)\Micro soft Offic e\Root\Off ice16\OUTL OOK.EXE" " WordCombin edFloatieL reOnline.o nnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD) 
WINWORD.EXE (PID: 4380 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \root\Offi ce16\WINWO RD.EXE" /n "C:\Users \user\AppD ata\Local\ Microsoft\ Windows\IN etCache\Co ntent.Outl ook\4FXV0O MO\Hyperop tic limite d Referenc e Number(s )_FLD93964 00164 (SOP 00876) No te(s).docx " /o "" MD5: 1A0C2C2E7D9C4BC18E91604E9B0C7678) - WINWORD.EXE (PID: 6604 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\Offi ce16\WINWO RD.EXE" /E mbedding MD5: 1A0C2C2E7D9C4BC18E91604E9B0C7678) 
chrome.exe (PID: 3880 cmdline: "C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// ts-college .com/?t=cH Jlc3NAaHlw ZXJvcHRpYy 5jb20= MD5: E81F54E6C1129887AEA47E7D092680BF) - chrome.exe (PID: 6904 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=1840,i ,123903556 7973553531 0,52383803 5808298174 5,262144 - -disable-f eatures=Op timization GuideModel Downloadin g,Optimiza tionHints, Optimizati onHintsFet ching,Opti mizationTa rgetPredic tion --var iations-se ed-version --mojo-pl atform-cha nnel-handl e=2260 /pr efetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
- cleanup
⊘No configs have been found
⊘No yara matches
| Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): | ||
| Source: | Author: frack113: | ||
| Source: | Author: X__Junior (Nextron Systems): | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-06T16:37:57.822106+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.18 | 49827 | 52.123.130.14 | 443 | TCP |
| 2025-03-06T16:38:18.328030+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.18 | 49847 | 52.123.130.14 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
Phishing |   |
|---|
| Source: | Joe Sandbox AI: | ||
| Source: | Joe Sandbox AI: | ||
| Source: | Joe Sandbox AI: | ||
| Source: | Joe Sandbox AI: | ||
| Source: | Joe Sandbox AI: | ||
| Source: | Joe Sandbox AI: | ||
| Source: | Joe Sandbox AI: | ||
| Source: | Joe Sandbox AI: | ||
| Source: | Joe Sandbox AI: | ||
| Source: | Joe Sandbox AI: | ||
| Source: | Joe Sandbox AI: | ||
| Source: | Joe Sandbox AI: | ||
| Source: | Joe Sandbox AI: | ||
| Source: | Joe Sandbox AI: | ||
| Source: | Joe Sandbox AI: | ||
| Source: | Joe Sandbox AI: | ||
| Source: | Joe Sandbox AI: | ||
| Source: | Joe Sandbox AI: | ||
| Source: | Classification: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | IP Address: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | File created: | ||
| Source: | File deleted: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window found: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | File Volume queried: | Jump to behavior | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 21 Browser Extensions | 1 Process Injection | 11 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 1 File and Directory Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | 14 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 File Deletion | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| ts-college.com | 213.209.150.110 | true | false | unknown | |
| www.google.com | 216.58.212.164 | true | false | high | |
| s-0005.dual-s-dc-msedge.net | 52.123.130.14 | true | false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 52.123.130.14 | s-0005.dual-s-dc-msedge.net | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 216.58.212.164 | www.google.com | United States | 15169 | GOOGLEUS | false | |
| 213.209.150.110 | ts-college.com | Germany | 197706 | KEMINETAL | false |
| IP |
|---|
| 192.168.2.18 |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1631106 |
| Start date and time: | 2025-03-06 16:37:01 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 15s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 13 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Message.eml |
| Detection: | MAL |
| Classification: | mal52.winEML@30/19@4/4 |
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe, MavInject32.exe
- Excluded IPs from analysis (whitelisted): 52.109.28.46, 217.20.57.36, 52.109.76.243, 2.22.242.112, 2.22.242.105, 2.22.242.136, 2.22.242.97, 2.22.242.113, 2.22.242.121, 2.22.242.81, 2.22.242.145, 52.109.76.144, 20.42.73.26, 52.111.243.41, 52.111.243.43, 52.111.243.40, 52.111.243.42, 142.250.185.110, 142.250.186.131, 142.250.186.142, 66.102.1.84, 20.42.65.93, 2.19.120.68, 2.19.120.69, 52.182.143.213, 142.250.185.195, 172.217.18.14, 142.250.185.163, 172.217.16.195
- Excluded domains from analysis (whitelisted): omex.cdn.office.net, neu-azsc-000.odc.officeapps.live.com, odc.officeapps.live.com, onedscolprdeus20.eastus.cloudapp.azure.com, slscr.update.microsoft.com, europe.odcsm1.live.com.akadns.net, templatesmetadata.office.net.edgekey.net, clientservices.googleapis.com, eur.roaming1.live.com.akadns.net, neu-azsc-000.roaming.officeapps.live.com, mobile.events.data.microsoft.com, roaming.officeapps.live.com, dual-s-0005-office.config.skype.com, clients2.google.com, onedscolprdcus16.centralus.cloudapp.azure.com, login.live.com, onedscolprdeus09.eastus.cloudapp.azure.com, update.googleapis.com, officeclient.microsoft.com, templatesmetadata.office.net, c.pki.goog, a1864.dscd.akamai.net, osiprod-neu-bronze-azsc-000.northeurope.cloudapp.azure.com, ecs.office.com, self-events-data.trafficmanager.net, accounts.google.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
⊘No simulations
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 52.123.130.14 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Invisible JS | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | HTMLPhisher, Invisible JS | Browse | |||
| Get hash | malicious | HTMLPhisher, Invisible JS | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| s-0005.dual-s-dc-msedge.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Hidden Macro 4.0 | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| KEMINETAL | Get hash | malicious | Amadey, GCleaner, LummaC Stealer, PureLog Stealer, Stealc, SystemBC, Vidar | Browse |
| |
| Get hash | malicious | SystemBC | Browse |
| ||
| Get hash | malicious | Discord Token Stealer, Strela Stealer | Browse |
| ||
| Get hash | malicious | DBatLoader, Remcos | Browse |
| ||
| Get hash | malicious | SystemBC | Browse |
| ||
| Get hash | malicious | SystemBC | Browse |
| ||
| Get hash | malicious | Amadey, SystemBC | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | GO Miner, Xmrig | Browse |
| ||
| MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AsyncRAT, DBatLoader | Browse |
| ||
| Get hash | malicious | Hidden Macro 4.0 | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Xmrig | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | KnowBe4 | Browse |
|
⊘No context
⊘No context
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_152d\AC\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStore\Word\1380790193167760279.C4
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 32768 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | BB7DF04E1B0A2570657527A7E108AE23 |
| SHA1: | 5188431849B4613152FD7BDBA6A3FF0A4FD6424B |
| SHA-256: | C35020473AED1B4642CD726CAD727B63FFF2824AD68CEDD7FFB73C7CBD890479 |
| SHA-512: | 768007E06B0CD9E62D50F458B9435C6DDA0A6D272F0B15550F97C478394B743331C3A9C9236E09AB5B9CB3B423B2320A5D66EB3C7068DB9EA37891CA40E47012 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_152d\AC\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStore\Word\ASkwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDBfTnVsbAA.S
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 217 |
| Entropy (8bit): | 5.70567201304659 |
| Encrypted: | false |
| SSDEEP: | 6:WLvoOoSc23oH+H1hVcpALqEjOP+0IXFLryCcZHXVWnZvan:0voLSfYeV8pALqEyPI1HyCcJKZi |
| MD5: | 1233ED9632E10656BA7DCC6C31036EA8 |
| SHA1: | 9946BD8688316DDAA2135766CEC96A7DE06CE934 |
| SHA-256: | A7B329919284EF670B8E63BA44EA3159999E26BDEF838C089CF59113A19DCED7 |
| SHA-512: | 0A3BFE47AF2C0221E952DD58D2039CD672DB4AB94F3EBB3EBFF1B22DC3B15D372A5F0B56AE1F1CF7077E9D75A35F54ED634B2161F0CE7D3E05D76AA13BD63600 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_152d\AC\Microsoft\Office\OTele\winword.exe.db
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4096 |
| Entropy (8bit): | 0.09216609452072291 |
| Encrypted: | false |
| SSDEEP: | 3:lSWFN3l/klslpF/4llfll:l9F8E0/ |
| MD5: | F138A66469C10D5761C6CBB36F2163C3 |
| SHA1: | EEA136206474280549586923B7A4A3C6D5DB1E25 |
| SHA-256: | C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6 |
| SHA-512: | 9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_152d\AC\Microsoft\Office\OTele\winword.exe.db-journal
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4616 |
| Entropy (8bit): | 0.13760166725504608 |
| Encrypted: | false |
| SSDEEP: | 3:7FEG2l+iOslll/FllkpMRgSWbNFl/sl+ltlslVlllflli6:7+/lzbvg9bNFlEs1EP/S6 |
| MD5: | C9F5CB36B4A27794B32FFE929E7C7C1F |
| SHA1: | 61F39026216A4C57F34F6B165D8E5D9FC9A91C88 |
| SHA-256: | E3E417E11818EF0968876D80B697482892F5C54F24DCE970DD0684CFCE77AFB4 |
| SHA-512: | 4A3FD835A83647A1048C8FBBB4159074CABA2E4410A62CE59F514EE7DDAC7966955BFB9CE375CB787CFD4EC0032D2B1FFCDDA34BC145819A04FAAE0A571C7C28 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_152d\AC\Microsoft\Office\OTele\winword.exe.db-shm
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 32768 |
| Entropy (8bit): | 0.04495055541749482 |
| Encrypted: | false |
| SSDEEP: | 3:G4l23LA3weClIt4l23LA3weC/llulL9//Xlvlll1lllwlvlllglbXdbllAlldl+l:G4l27PnY4l27PNlML9XXPH4l942U |
| MD5: | 6C0FF3863E37AF6D3E7C8398CE70AE97 |
| SHA1: | 2D1F8EF9628A853B3C39B90910D7C7C6CC8029FA |
| SHA-256: | F619FA0D3EA0DF8B7E68112887DB9260AD761FE7DA706B660DF58587484130FF |
| SHA-512: | 315ABFBE03417480248DC8F8A014460281BAAFF9E045451E5E811CB9C346E785828CF2991241587E5996CC97BD339730FED9B87D9D91B8F32F912100EAA61246 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_152d\AC\Microsoft\Office\OTele\winword.exe.db-wal
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 45352 |
| Entropy (8bit): | 0.39399130584915476 |
| Encrypted: | false |
| SSDEEP: | 24:Kx6Y8sUqQ3zRDB6wbxXUll7DBtDi4kZERDBcqZzqt8VtbDBtDi4kZERDBG1W1:jH6Q10wXUll7DYMNzO8VFDYM01 |
| MD5: | A719FAD99AA40F41A8A3D7FEDA783985 |
| SHA1: | D54703DC4F2A64A3579367CA63934BA2DB7349DE |
| SHA-256: | C1D3E39972BA7617F52DCA93C4F674CF76327D6C62C275F1BFDEF30CA0006FC0 |
| SHA-512: | E005D6D41D61888F6D389DE9110EAFA0E2B4A0BDFC466D65377647B907EEFAA621FEAF00E82E84BF09343AFF5E5C980155C80B25C954695B05038921E2A3FBAC |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_152d\AC\Temp\388B5B21.png
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 445 |
| Entropy (8bit): | 7.318768335834397 |
| Encrypted: | false |
| SSDEEP: | 12:6v/7ci1zjW3R7hXmwyVilrbMGSWBrGPAhQgajgEa8r5o9:6yZhXmXilcGlGPRgaj4b |
| MD5: | E03518ED70845F60E54D995516FC7814 |
| SHA1: | F70C7019C0989B62CC691B6CD34859D8FC506C01 |
| SHA-256: | 6F1AE1C2D727A21E023D4C687EDBD6FB7AA97BE003E3B17E4E6A2505F2B2B82C |
| SHA-512: | D8E73BE08FDC026BF5733C276E165AB9E93F562F99A4AFAAC46C9097CB6CE80FC45BA0FF9733391EC1A51727B1A1715394D03F6F167CFA22D8B4720D053B7E22 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_152d\AC\Temp\56423DA7.docx
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 20217 |
| Entropy (8bit): | 7.903242189049849 |
| Encrypted: | false |
| SSDEEP: | 384:Bw3x9VzRnbsLDWUXbqJVNevLyp+L6g52mRy4/FRqcMin2VPcxwvRfGAClGJr:i3x97QLiRVNIS42mRyUFRqcz+0x+BkY |
| MD5: | 1D2FAE0085C665C6B966507557888DE1 |
| SHA1: | C5E1802EA5B88D1A6362BFB0343D796A8AFB17BB |
| SHA-256: | 5EF71D64553282C8A0A8BC5F0AC82127FEA7AA7D7AF171397C720A81FCE0A262 |
| SHA-512: | 15A5E40B539145F78643D9E009D34FA586FA8A56B11A8F31B0997EBC316B93EAC42BE228EDDE4CE481FCB52EAC0C71E0CB61BC9079D9D34AF578B30954FF2E5C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_152d\AC\Temp\56423DA7.docx:Zone.Identifier
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 26 |
| Entropy (8bit): | 3.95006375643621 |
| Encrypted: | false |
| SSDEEP: | 3:gAWY3n:qY3n |
| MD5: | FBCCF14D504B7B2DBCB5A5BDA75BD93B |
| SHA1: | D59FC84CDD5217C6CF74785703655F78DA6B582B |
| SHA-256: | EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913 |
| SHA-512: | AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_152d\AC\Temp\64E6FD5B.png
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2555 |
| Entropy (8bit): | 7.88910627682238 |
| Encrypted: | false |
| SSDEEP: | 48:7Xjm4Mm5fF6Gk9uLduvH0NuAiRxbE6f6VwgIaKruai8SjFTW8KJjtz:RfF6GkUwAiXbEW6NIaSuainFTqJh |
| MD5: | 6A78B0944A1DA4F3892D0F4A0163DA25 |
| SHA1: | EDBEE8BAECF4D272F1B52BFA4C823DDC50E5486D |
| SHA-256: | C9903CB4027BD617227A5F968C1B48883F9FFC3C140A629C418A413A3C14991C |
| SHA-512: | 1ECB84B1B369B7CF3BFA9184B527B9AB5885B1A8BE20A4AA408619D769379DC96ED56616400149381F14204C193FF359C86D7A7113089C6510A109705BF0C089 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_152d\AC\Temp\797E642.jpeg
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1568 |
| Entropy (8bit): | 7.547462336040531 |
| Encrypted: | false |
| SSDEEP: | 24:3c1sp4Ey2Xtsxkm9Z8MxIkCUXgK0j2ok7WpHsES+6D5uhI9jud1ANfqXq:3iWU2Xt0P8MxIkCjKO2oFpMvu++1iC6 |
| MD5: | 365CFA50237B446D0712ECAEDAD92C95 |
| SHA1: | F52D1594B7744FE05DCA6145CFC434A016763FC8 |
| SHA-256: | 2891638DB4785CDD1AB2EBBA696A2396C82FD8808990AC06F53322A1A795578E |
| SHA-512: | D1AFFCC261A41D605E7CEC97FBBF4A5175A880496FF643F94CA4CCD2A3EB47763EAD5D7773D0F3A42336D09CBA3229692CA7546D0CFA3CA2D68A265C2A4E4ECC |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_152d\AC\Temp\Diagnostics\WINWORD\App1741275473908561200_FDAD1BFA-6609-43CA-AE78-7827D4667DA6.log
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5640 |
| Entropy (8bit): | 5.490611263064035 |
| Encrypted: | false |
| SSDEEP: | 96:voJhIKGQ4Q8duJMmiKGsDQ8dkfP6UI6cKGo0Q8df9mtdBKGX4Q8dslLuKGiP1Q8o:EhljW55v/q9x4eX4HNUh |
| MD5: | 7116C6BCF3F0994F7EB6D660F80796D4 |
| SHA1: | 3C1110A2BD19840F41117C9277CA00626DA11EF9 |
| SHA-256: | B0D6E7CC81694097901B9E16C1503ACF6A869CF2FC179A8121801A2891236FC3 |
| SHA-512: | 7BE35F10D6F8FE9F9F2AD9F9B28744A8BF4A9F8D9A1F2621E56699F6F79B2FAB2137B6905035FE7F3DCB429BBA373CEB277E20D4863BD75189E39742E0396B90 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_152d\AC\Temp\E6901FA0.png
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2684 |
| Entropy (8bit): | 7.901894652512653 |
| Encrypted: | false |
| SSDEEP: | 48:B/6szm5aZYbB04l/HREz9CyaY6/8Rf78BLWlvhOmjtJBvQvxnwO:BSszm8Z4RHRG6uROLWb9RQj |
| MD5: | B4F8F0DCDA279711CB9224C2239323D4 |
| SHA1: | 3C1B1B68CD9D2D25FF5D7FB2C7A61271DFFBF41B |
| SHA-256: | 53D92718DD6001A4EBF49D631AB9DF5B8194E6AF220790B1D8CF57164E38C6B0 |
| SHA-512: | E97F783AF2EECCAFD684BDDE181C1509414997D2970405CC2AD7B9182439EF471EE6BF58253E6661A7B4491DD80523CC23C4544B0F9CF5AA0E9BFF4F20E7CA92 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_152d\AC\Temp\mso2CD9.tmp
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3085 |
| Entropy (8bit): | 4.4007554982421135 |
| Encrypted: | false |
| SSDEEP: | 24:9fHa9QXbq6f22WpwLszBF9uGKama6cV/1OiO5wXQTAebuVcYd/w28C+Qeirccjaw:9i9QW6szX9HmJcx1OiMwiSBdSbSid2 |
| MD5: | 207F6259E406B24EE4275D2C6811EF3D |
| SHA1: | 29E485B8CA50412E79B837AC3243E25802C48194 |
| SHA-256: | 47F9D932B33A9C3D676FEEA452CDE37A36A6103798B556D545398CC88B555377 |
| SHA-512: | 7B6CA575170154542853C743F2A85A204CDDA4B20206190647912C6D76EF0F2596261CBD792AAD26FC9D5E2B68EF394391B872260480537277AB9BE40D67D91B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_152d\AC\Temp\~WRS{BF1E2BF5-2F98-4B73-8484-F384E88EA61B}.tmp
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 15872 |
| Entropy (8bit): | 4.033424691950628 |
| Encrypted: | false |
| SSDEEP: | 192:cDn3l323hpfFg6WQc3WHwcpi8rAYgMh53U9o:cDn3l323hpf7iz2AYgMhJUq |
| MD5: | 94BE420D95F53A518DEA6D66AD110EA7 |
| SHA1: | 2FEEF8E63DA035D813F1EC6732F34418696FACB8 |
| SHA-256: | 0C53D80818811892B89D8D5A2E3AC4B5F9B453B218C4D6642FF53E208E9B3A1F |
| SHA-512: | EB1BD9E093D5985CE3291A1DDE84B34567749950CF2747D91F8A0CEF725BC88A01479D3B3E22B6880F549074D1E6F377214F2E2D48CC8BE308AAF6543A2D1728 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250306T1037310891-4652.etl
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 106496 |
| Entropy (8bit): | 4.542369779667214 |
| Encrypted: | false |
| SSDEEP: | 768:j1zfiYggdKlS2p3mq4OX9MJQtEBWKWJKUXmeumqN:Cp74OX9MJpepXhiN |
| MD5: | 21E75FD95692986ED1EAED3E99F9AFD4 |
| SHA1: | 769C6FE0A1635F42B004C4C517513B356F504D29 |
| SHA-256: | 7FA47AC5C45782BE197373187F2B3B6506CFE64F583AE7214DAC973661B9DF79 |
| SHA-512: | 5C6AE8E1C53AF6B669EB870D36BABB312478C66D8A4BBE1F45ED05C587EC542CCDC105F3B9215A7EA1783ED76BD843921DAB664E443DB376C2F9C1439F587348 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3584 |
| Entropy (8bit): | 2.5359549464249103 |
| Encrypted: | false |
| SSDEEP: | 24:r8fEZYeYlgbGoizZR726TPuQo6leYlgbGoizZR726TPuQogU6I:rmCipoiNR4QonipoiNR4QogU |
| MD5: | A6C2AE3E7708028CF4C07626E92286B1 |
| SHA1: | 37EFF3D14335138BB6A7D9E3D0B99883A070A3E9 |
| SHA-256: | 32C6BA398C332771B1263CB9D98839ABCC4D589CDDF184C83FA1415AE7BF1E1D |
| SHA-512: | 56B27ED4EC950A5DBAE19460F7A0E2E7F2B49DC7CAE61E6C5377E2EAF7A6516825C5173AA1154985FB697836E0E37967CB45C8DD4FD62FD7C156F7639FB62404 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 271360 |
| Entropy (8bit): | 3.723129353905997 |
| Encrypted: | false |
| SSDEEP: | 1536:xEThubEKLQtArqUscrWKw9rYuKr4QCMeyB84YDOnWWsZpLo+Noz2Q10PMBCM4W5v:xwuEK2fnK80nBLco+yLap9kLDQp9 |
| MD5: | B42ED24A7A22E2BACBE0BD8B2C0E5063 |
| SHA1: | 7F9B24700BFDF5BA58FEBD7B8066E43E00BAE9C7 |
| SHA-256: | 075D4F3FF2DFD3297388CC085B2337FA9AA097F279F5C2BB97C04F8FE02A27BA |
| SHA-512: | 6C093F24DF4C0BB9C7C1005C1A91401C7126ACAAEFB3C543F11C1EF1786E3070ED5DD9B42E668AE9E2D85979888BD084EFDAE080FDC48A2678287E75206A38C7 |
| Malicious: | true |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 131072 |
| Entropy (8bit): | 4.361371115028062 |
| Encrypted: | false |
| SSDEEP: | 1536:/W53jEpEHP4qQ10PAwr1+DOwVD9FYqrqUVcrWKw9zhPo+N0D4HhW53jEpEHP4qQq:Bp9kkY0nK8zhPo+1vp9 |
| MD5: | D91A543E5DC524CD98AEE21592ED07B5 |
| SHA1: | 320415062A3E9A433CF5506A7360A34ABE024025 |
| SHA-256: | E53145D73B08F3C194F7A8EC15725A1C2C73ACA23F3B015222DCF883D6702741 |
| SHA-512: | 57E44AC3D2E2378C4D0D7A04010CB1A12409BE3920CE954E8D5E66BFBB1C081848E278787145BD2DEA76A7D3712EE4CCFF4922F737DD482A40594463C6C7432A |
| Malicious: | true |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.142426243472995 |
| TrID: |
|
| File name: | Message.eml |
| File size: | 52'532 bytes |
| MD5: | ab57f01a63d58d11bbd37e6217497e17 |
| SHA1: | a567b842844d9164854049bea717a926be5bedba |
| SHA256: | 8a8ccc89ac5fd4edfeab446c654b9930cb4bd7222b2c436469f29c462ffcf537 |
| SHA512: | cded2a8e1e2e30f33cfa4f99f30fabfce78ac374f5d8f5444710e15f71f9fcd8b5542257cd6853bcce5bbc13f3430f86e84dcae67156e552fcc8759c7eb2c300 |
| SSDEEP: | 1536:wqCLF3w7nrsuIwQei0NPSDlmP/8hdQjn+gwBM2a:wqoF0KJmP/adQjvWMZ |
| TLSH: | 5233B03314D63998F9A078C48E6AFE076E32074B75B3D682176DC541D9588871FB287B |
| File Content Preview: | ..."Received: from PA4PR07MB8839.eurprd07.prod.outlook.com (2603:10a6:102:268::17).. by PR1PR07MB5756.eurprd07.prod.outlook.com with HTTPS; Thu, 6 Mar 2025.. 13:34:12 +0000..ARC-Seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass;.. b=sN |
| Subject: | EFT Pay Advice - Adviser 15(c) Request1.06.25 Hyperoptic limited Final.docx, Data Protection (Ref No: 172089VpaFM3x0mpzDrdhyky1uF6lyRhkm0YdFJdYjctVFWi6Q2G4JV) ... |
| From: | Press <service.comptabilite@altraconsulting.fr> |
| To: | press@hyperoptic.com |
| Cc: | |
| BCC: | |
| Date: | Thu, 06 Mar 2025 13:33:03 +0000 |
| Communications: |
|
| Attachments: |
|
| Key | Value |
|---|---|
| "Received | from PA4PR07MB8839.eurprd07.prod.outlook.com (2603:10a6:102:268::17) by PR1PR07MB5756.eurprd07.prod.outlook.com with HTTPS; Thu, 6 Mar 2025 13:34:12 +0000 |
| ARC-Seal | i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=EgMx8CN57rHkh5KGtD1RZ2h/uFH/AOo8eJ9ZkmgGWZ8FFeVCb6Rhh8LvQFfApqQMr0dqs6IizUm0DiE4RNclNpaNd2uTl7fqmYTlzfeX/gUFMeUVpuFAnKXGzfKhsSLA3CsEfDGRzrP6qA2ZD4fl3ObR0gaKsNY2giL8TaeLDkfogaFLPy/hAgHCqgjCGYqAlaJkISHC4D/h70bIIo97FV+Ylkaotpk1gyils3c4QCtXZ9fTp1Fsal35O8KXhlklkpfVWgvWmo3nFq3BpMnEobA/h9j6jW0rcY8E7Hl+mcUpKTgBUugzm7YNQscVB87z8Tycn7Bft48maeW3aY7cUg== |
| ARC-Message-Signature | i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=h42QuDE6jcaGh0TF2+RXuDqRY+8Mz6bfchOA1/DaKyc=; b=bOzAVJVOxJlKJFedcQP+nT5xX1nKKL82XpiRwpdStsLL/5UIeClwwKU3nLxffWqu5sQuOjuLnW+hG4iA6CgNEiM7mkVneruiIpOby2e77TxjyWQHr0qUeujowiK/2z82Zag8pTSgkpLhzwU50piT7QR9sWeyh1MtkPXdRYZbh+LLHMQjqHyFBO9XZQjy25fg5jBOMGSEXyOW7BLko58HzpGVFfvvnpw9hAVTO8YPRhpfaNnef3ZX1F+9YvNNY9QgHaxlaaKH/Per6kJ5jGJzrjQChZNmeV0WvLELupqN6sytu6J49m18mCJS7GK/5fErARAjVeXlaUitHAVnaw4sgQ== |
| ARC-Authentication-Results | i=1; mx.microsoft.com 1; spf=softfail (sender ip is 45.150.34.178) smtp.rcpttodomain=hyperoptic.com smtp.mailfrom=altraconsulting.fr; dmarc=none action=none header.from=altraconsulting.fr; dkim=none (message not signed); arc=none (0) |
| Received | from [45.150.34.178] (45.150.34.178) by PA1PEPF000CC3FA.mail.protection.outlook.com (10.167.242.5) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8511.15 via Frontend Transport; Thu, 6 Mar 2025 13:33:03 +0000 |
| Authentication-Results | spf=pass (sender IP is 2a01:111:f403:2613::61b) smtp.mailfrom=altraconsulting.fr; dkim=pass (signature was verified) header.d=altraconsultingcrm.onmicrosoft.com;dmarc=bestguesspass action=none header.from=altraconsulting.fr;compauth=pass reason=109 |
| Received-SPF | SoftFail (protection.outlook.com: domain of transitioning altraconsulting.fr discourages use of 45.150.34.178 as permitted sender) |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=altraconsultingcrm.onmicrosoft.com; s=selector2-altraconsultingcrm-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=h42QuDE6jcaGh0TF2+RXuDqRY+8Mz6bfchOA1/DaKyc=; b=T+ctaDgwpMNt5LibfQWgtdkTCv+mp+VcI8JrjmDc3B1DyauTNoodZeWbDDSeWWkiZmrx8HKgUNHGpBJsx/16nLgfsLvWnQDth0NYs1CzV3zttFan+sjTV6EhEkX/MCZcWkcnEf8cF/bLgmfCEPJkRXPT5+blHNs2/1TQmepo8m8= |
| X-MS-Exchange-Authentication-Results | spf=softfail (sender IP is 45.150.34.178) smtp.mailfrom=altraconsulting.fr; dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=altraconsulting.fr; |
| Subject | EFT Pay Advice - Adviser 15(c) Request1.06.25 Hyperoptic limited Final.docx, Data Protection (Ref No: 172089VpaFM3x0mpzDrdhyky1uF6lyRhkm0YdFJdYjctVFWi6Q2G4JV) ... |
| From | Press <service.comptabilite@altraconsulting.fr> |
| To | press@hyperoptic.com |
| Message-Id | <174126798066.11516.15010442714776003154@altraconsulting.fr> |
| Content-Type | multipart/mixed; boundary="Boundary_(ID_AEn0eu3CFLW3xmJOyaZALh)" |
| Return-Path | service.comptabilite@altraconsulting.fr |
| Date | Thu, 06 Mar 2025 13:33:03 +0000 |
| X-EOPAttributedMessage | 1 |
| X-MS-TrafficTypeDiagnostic | PA1PEPF000CC3FA:EE_|AS4PR10MB6085:EE_|DB5PEPF00014B97:EE_|PA4PR07MB8839:EE_|PR1PR07MB5756:EE_ |
| X-MS-Office365-Filtering-Correlation-Id | 879947a0-4c45-43c2-ac3b-08dd5cb36ef5 |
| X-MS-Exchange-SenderADCheck | 1 |
| X-MS-Exchange-AntiSpam-Relay | 0 |
| X-Microsoft-Antispam-Untrusted | BCL:0;ARA:13230040|82310400026|376014|36860700013|1800799024|4076899003|8096899003|4053099003|15072699012; |
| X-Microsoft-Antispam-Message-Info-Original | kZ1C6qjqYLFLftC78sYUA9U7h9jhQJgiht9wlPd81xJm7VOk/RDkXIUAwFVE8DgP9oYDWZTHWR7hkiyWYKdyF2vDOvImZpckGsezjLO0FfRayypVrGggcJzBFMCcovNfVe228T8efo27Q4uba1MzPzOrrlykd4qUqvZjMHpo+sasCrG9uzyWwFqiK6sCBB5kMndfhd3x/eLyg20g0cNXJ+zvO/TFfBinScm1Es2KVBJrZA9zocpXWY+eraS6L6wrrkrwuv0fBsUcPS5Y9UL4YHeiQV5z+QEoxJRXAHmJpbGz0cDgSfM7lwyadnIY40rUsGcqi37lCK/DerjPWIKqJ+XIe0eAGDf/+wN+DrRU/otWTlreYs9A3CoHCGk/asxjwlkJEFGAws054jVhs9DynevQ4k/3qpVKBd2tpzk6DBoNVHvA3PkIbe1Ue1nagd03j8eohzGJHKcdfU/eSjMGfljsEGG1rbpt/Bh7PVpV47NyA6Rel/Ot0uZydwVFudYMCQIbD68R3QsXPvbRS8KJFM+5C+0NRqa1t6u0WkAtR2o87qQdZlxDUtVdXGyN0qpeW0XXlZvN1or01pRZ03peKUeUH5+vj8HVsZpwJy6kcFTgcwNEjQIh3LQzV4QcJWETnnkA+sqJnF8WPMfZyHLytLtM+FUpK1H8R6ynUYooHI6x1D/coWeBiBUa2agJ6gYPtVFRENFEP9yNq8EvKbLfeIrwlwuwD4wfANhbP3J7TioU0PBRJhn0wCv9uRhC7uCvEvzqqdK6OK40LOWRYzPL4x63A4J1NMLcPNQ5sGPUN0u6SDfTijILQmY/p3KQD5P0ZU2LGRGzJwXqf9CikOTqEsEuiB1yUdZ3/PeYDBOCkxxkwqyKOaRwEtjBXCx9ggrBmtrWPUtKYmptzdAVlk2rdwfoOCgC7A9kDZoWPuNfQXOh5qWWVzNzVl2jwXlMAiotxYSd1GN882WXDWb00uk7xjLZzUNBlR4rWyqN6tQdLrB9tQSNXo9sXnymJj6u8HLuwpyP4gGriODF+WF6a4iofbOLQAEUBTLGSHemDuVhJYqZ4muv26cnix1UKSBf53FV3T2Nkov8pLYie8URSNY1UXV2xwahjFsNdaIUsDpz5yQR6J1NnV2mh+yOzS54pn16/6YmwvnDNOIl7fym38IqEWHW1siVN1jA5OGTR1eIopkZzcJG4BP11bJ5opjupB31bvFzOYSJpr8wrm9kILm/vsXPTR14kUqakmvgVj4Dhr5P6P5QI+qMxZKKFE5Q9CmaRPP1z9OyE9FqtAQk6RikMnAyvvswGYD7+Bv+y+KL+5i+CtdGdyfkaTFFaBB7btWffEVAApZMUO0oDBrOGooZw9rZT/rWmpwHD7ZTDsMKTErkgJA+4bWxi0y3DvOSPQ3dtO3hM5SQa1QCS2LKPtrJoQ== |
| X-Forefront-Antispam-Report-Untrusted | CIP:45.150.34.178;CTRY:NL;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:[45.150.34.178];PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(376014)(36860700013)(1800799024)(4076899003)(8096899003)(4053099003)(15072699012);DIR:OUT;SFP:1101; |
| X-MS-Exchange-Transport-CrossTenantHeadersStamped | PA4PR07MB8839 |
| X-MS-Exchange-Organization-ExpirationStartTime | 06 Mar 2025 13:33:08.6974 (UTC) |
| X-MS-Exchange-Organization-ExpirationStartTimeReason | OriginalSubmit |
| X-MS-Exchange-Organization-ExpirationInterval | 1:00:00:00.0000000 |
| X-MS-Exchange-Organization-ExpirationIntervalReason | OriginalSubmit |
| X-MS-Exchange-Organization-Network-Message-Id | 879947a0-4c45-43c2-ac3b-08dd5cb36ef5 |
| X-EOPTenantAttributedMessage | df58f807-1209-4a95-9c55-f71b3c95667b:0 |
| X-MS-Exchange-Organization-MessageDirectionality | Incoming |
| X-MS-Exchange-Transport-CrossTenantHeadersStripped | DB5PEPF00014B97.eurprd02.prod.outlook.com |
| X-MS-Exchange-Transport-CrossTenantHeadersPromoted | DB5PEPF00014B97.eurprd02.prod.outlook.com |
| X-MS-PublicTrafficType | |
| X-MS-Exchange-Organization-AuthSource | DB5PEPF00014B97.eurprd02.prod.outlook.com |
| X-MS-Exchange-Organization-AuthAs | Anonymous |
| X-MS-Office365-Filtering-Correlation-Id-Prvs | a9f306c5-6753-48db-86bc-08dd5cb36bf8 |
| X-MS-Exchange-AtpMessageProperties | SA|SL |
| X-MS-Exchange-Organization-SCL | 1 |
| X-Microsoft-Antispam | BCL:0;ARA:13230040|5062899012|4073199012|5073199012|3072899012|2092899012|12012899012|35042699022|4076899003|8096899003|4053099003|15072699012; |
| X-Forefront-Antispam-Report | CIP:2a01:111:f403:2613::61b;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:EUR05-VI1-obe.outbound.protection.outlook.com;PTR:mail-vi1eur05on2061b.outbound.protection.outlook.com;CAT:NONE;SFS:(13230040)(5062899012)(4073199012)(5073199012)(3072899012)(2092899012)(12012899012)(35042699022)(4076899003)(8096899003)(4053099003)(15072699012);DIR:INB; |
| X-MS-Exchange-CrossTenant-OriginalArrivalTime | 06 Mar 2025 13:33:08.5567 (UTC) |
| X-MS-Exchange-CrossTenant-Network-Message-Id | 879947a0-4c45-43c2-ac3b-08dd5cb36ef5 |
| X-MS-Exchange-CrossTenant-Id | df58f807-1209-4a95-9c55-f71b3c95667b |
| X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp | TenantId=366d2fa7-6e70-4bbf-8f0a-17e774b37952;Ip=[45.150.34.178];Helo=[[45.150.34.178]] |
| X-MS-Exchange-CrossTenant-AuthSource | DB5PEPF00014B97.eurprd02.prod.outlook.com |
| X-MS-Exchange-CrossTenant-AuthAs | Anonymous |
| X-MS-Exchange-CrossTenant-FromEntityHeader | Internet |
| X-MS-Exchange-Transport-EndToEndLatency | 00:01:03.4572792 |
| X-MS-Exchange-Processed-By-BccFoldering | 15.20.8489.024 |
| X-Microsoft-Antispam-Mailbox-Delivery | ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(4955320)(4710117)(4712020)(920097)(930097)(140003)(1420198); |
| X-Microsoft-Antispam-Message-Info | vlYW1cgJLuJ/Ges8ieZKUEGwLlQZMLt044B6jptqA3VL5D7J5vJ3qrg2KPfNThiM57Me7X4RcPKxjW/iDdUwChi8SPeVyciXuDmXo6nuTLKLSC7eYaiJ9dmmvCNjBGluxX18y7T2s3yrvP0rpjDviweEQfDzkgdH1/EVNnYZbRd6Zth+418hSb4cR3gVmbJoRthaUr5tXWz3W52nZeaVPcrOGAyoBA7eFc5mL626wZfvgpur2L8YQ1F5l8V4fVcqPJ1e8tb4J5DyYXqIW2LcBmWOZE6c4ygDfb/nRLY9f1HQV43+e29FAj+EB88v6rQuoYmHfRG/Z1JoAH7nITQQRj+6qGJH/vXp+gAfjZ2lhbmMIAb9ZawVMZRrlvVMwwkpnxPGTXImRZm5k+daJLjGVlRR16D5zB/nkVXv8Zsh4Zp4pTEiSI8Ald4wMV78na0x1SlH3qNA4poSkSehZCpumc51/6iel2l37bZ6jH1ILZa+F5R+LNnRfdiA8ncgu6mgKnJVjBdcV3mJn7kcok14+uaYX7inPBts+zr84UnutC1RoLoKxHMoCpr1xXDSyDS/sMeIS6CpUam9HaiQIkzjptn0e17YLSdZLBDsfsvzinYaln8WxXUdW1NrOoQObqDA0z5OCZ6sBvHLmORq9GWw1vmtPqEheXGuYCFNDoSelDJagLtzzG1ogvibP09k5xtYE0I5SB4IxFkIIQy0k5dsdaYk9+vuEfZeTBmzbZBTOzuOplzkAuO43OTFZ/yHay9kqgpYLC+wjXp/uM3G4bon5EAEYmwjh70+LhmpHe0HDlCZBSPXP6IY6fvFTwIt8mgxIuvy5nzkgXGf8+lldcZM05cclqNnITbBGMq9x1MKo/Jiiiheu+UnFSpftSdhKxWfz4hfhLy1bT1QBiKCZYLEeTq8GSeEVpYNASdhYu9UWjLIydgLCplq2byQL9NcqLnnkb+kR6qNV9SHJ/tmnxxF9NL7cmloN9IU70OcogjLsx5pvFUMdlBRdzKzZ//375ZrJ6Gdil18Iamye8wEC4ie0eiMlqb1uH89pc6T5rdoMBnVaaKMn9D/c4nQFthkx7wPs26fkRs1CHX6k2HDpLpS0d+rBcPRD8QuwD6vLEb7K9tT+qqBRD0BlhG27kV6XqFbSJHHn7Drj4hk6AwMUIKhruiYFzkLLkudNjUfLHp3tNHXS0NPwa53JZgImTy5ODuu2chom57UdDliVJ7ANyDiIkHSo7MI6KhsV9GlOf+LTZMd/UJAzhlB4OkonrrFwlXvxCgFK12qs6+nPj/PPOtXSYJmC/yUW580gRJnMP5eFGInfWWXr0jUs+js4i9fs5ugx3IUpfZrYPwOOQsuVlgCNzQQ/iqyY6jVrRFnsD4nymxUGb34ZdRQkTvl0zkxljz7K2UqB8he1D7Mln5qrMzSb6F8LDniK5F6NILWGQ0OTnzIsd681zqJmt6e1aalE5DuPpJN2lNFTbwipHpaZI/lNAunBnQj/fAvvOdoS0zArYp3DLx54lIcHd05S2LCu63BNkBFc1F3fFaPx7ApaX7Mm6JKgcxDQCGKYcqRgZ6yWWIQjzCzN/oNWALV75uERS1bjunYSUQ8khhO4JSUqel8/0WpT3yNB6j3NvIs3PUXTW/27KvEWoeKeL7O8rkczAoK/U78NZBJiWGG5YKojVi3CnJlimRA5tk7RX+9B5dWsKMJCbSzaWKRzCdUVbnXF3c9rANzIv+FliIXWts5fMzcKZDBZEzr+/mMaQY3DGIdAAmZXjwXkM9P7PiaylcyLnqwtmMglvaxCnCXDAeS9OZ1m67xG9SD/NrTHktUzirmxecwJvN9/KXTJD49xtTLFeqvJbbfFKru6W4IrCnY2bwHaxXcP3uj5S9X9TodLEUGClEw9WicJkV6zTlL0Q54694mQo/ZLeUX3Cu9CN0GOYOznZfAXON+QLdbumc52FognEz7Sv4EX+w7XB5RCe28BBP0+KCHv6H5kfmp0FUsNnvbCDvucQLL1UOVhjL5SQul38QhnBD3PDiS8TE5mRM7ECcYeXP9mjuFQosAo2dZajMBzAk2S3tq25gUPpisX7+9KnM= |
| MIME-Version | 1.0 |
 | |
| Icon Hash: | 46070c0a8e0c67d6 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-06T16:37:57.822106+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.18 | 49827 | 52.123.130.14 | 443 | TCP |
| 2025-03-06T16:38:18.328030+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.18 | 49847 | 52.123.130.14 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 6, 2025 16:37:27.909377098 CET | 49752 | 80 | 192.168.2.18 | 199.232.210.172 |
| Mar 6, 2025 16:37:27.909399986 CET | 49761 | 80 | 192.168.2.18 | 199.232.210.172 |
| Mar 6, 2025 16:37:40.247749090 CET | 49824 | 80 | 192.168.2.18 | 142.250.184.195 |
| Mar 6, 2025 16:37:40.252836943 CET | 80 | 49824 | 142.250.184.195 | 192.168.2.18 |
| Mar 6, 2025 16:37:40.252935886 CET | 49824 | 80 | 192.168.2.18 | 142.250.184.195 |
| Mar 6, 2025 16:37:40.252988100 CET | 49824 | 80 | 192.168.2.18 | 142.250.184.195 |
| Mar 6, 2025 16:37:40.258044004 CET | 80 | 49824 | 142.250.184.195 | 192.168.2.18 |
| Mar 6, 2025 16:37:40.902110100 CET | 80 | 49824 | 142.250.184.195 | 192.168.2.18 |
| Mar 6, 2025 16:37:40.907598019 CET | 49824 | 80 | 192.168.2.18 | 142.250.184.195 |
| Mar 6, 2025 16:37:40.912712097 CET | 80 | 49824 | 142.250.184.195 | 192.168.2.18 |
| Mar 6, 2025 16:37:41.094713926 CET | 80 | 49824 | 142.250.184.195 | 192.168.2.18 |
| Mar 6, 2025 16:37:41.146365881 CET | 49824 | 80 | 192.168.2.18 | 142.250.184.195 |
| Mar 6, 2025 16:37:42.245578051 CET | 49826 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:37:42.245651007 CET | 443 | 49826 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:37:42.245759010 CET | 49826 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:37:42.247656107 CET | 49826 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:37:42.247677088 CET | 443 | 49826 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:37:49.682418108 CET | 49827 | 443 | 192.168.2.18 | 52.123.130.14 |
| Mar 6, 2025 16:37:49.682457924 CET | 443 | 49827 | 52.123.130.14 | 192.168.2.18 |
| Mar 6, 2025 16:37:49.682574034 CET | 49827 | 443 | 192.168.2.18 | 52.123.130.14 |
| Mar 6, 2025 16:37:49.682888985 CET | 49827 | 443 | 192.168.2.18 | 52.123.130.14 |
| Mar 6, 2025 16:37:49.682904005 CET | 443 | 49827 | 52.123.130.14 | 192.168.2.18 |
| Mar 6, 2025 16:37:49.861175060 CET | 49828 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:37:49.861227989 CET | 443 | 49828 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:37:49.861332893 CET | 49828 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:37:49.861644030 CET | 49828 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:37:49.861658096 CET | 443 | 49828 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:37:50.388787985 CET | 443 | 49826 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:37:50.388922930 CET | 49826 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:37:50.389003038 CET | 49826 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:37:50.389022112 CET | 443 | 49826 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:37:50.394994020 CET | 49829 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:37:50.395025015 CET | 443 | 49829 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:37:50.395101070 CET | 49829 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:37:50.395499945 CET | 49829 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:37:50.395513058 CET | 443 | 49829 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:37:57.822019100 CET | 443 | 49827 | 52.123.130.14 | 192.168.2.18 |
| Mar 6, 2025 16:37:57.822105885 CET | 49827 | 443 | 192.168.2.18 | 52.123.130.14 |
| Mar 6, 2025 16:37:57.822180986 CET | 49827 | 443 | 192.168.2.18 | 52.123.130.14 |
| Mar 6, 2025 16:37:57.822197914 CET | 443 | 49827 | 52.123.130.14 | 192.168.2.18 |
| Mar 6, 2025 16:37:57.823038101 CET | 49835 | 443 | 192.168.2.18 | 52.123.130.14 |
| Mar 6, 2025 16:37:57.823065996 CET | 443 | 49835 | 52.123.130.14 | 192.168.2.18 |
| Mar 6, 2025 16:37:57.823756933 CET | 49835 | 443 | 192.168.2.18 | 52.123.130.14 |
| Mar 6, 2025 16:37:57.823756933 CET | 49835 | 443 | 192.168.2.18 | 52.123.130.14 |
| Mar 6, 2025 16:37:57.823792934 CET | 443 | 49835 | 52.123.130.14 | 192.168.2.18 |
| Mar 6, 2025 16:37:58.045416117 CET | 443 | 49828 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:37:58.045530081 CET | 49828 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:37:58.045588970 CET | 49828 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:37:58.045608997 CET | 443 | 49828 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:37:58.070924044 CET | 49836 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:37:58.070981026 CET | 443 | 49836 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:37:58.071075916 CET | 49836 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:37:58.071604967 CET | 49836 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:37:58.071620941 CET | 443 | 49836 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:37:58.621505022 CET | 443 | 49829 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:37:58.621613979 CET | 49829 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:37:58.621758938 CET | 49829 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:37:58.621777058 CET | 443 | 49829 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:37:58.660082102 CET | 49837 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:37:58.660123110 CET | 443 | 49837 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:37:58.660213947 CET | 49837 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:37:58.660768032 CET | 49837 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:37:58.660788059 CET | 443 | 49837 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:38:06.045067072 CET | 443 | 49835 | 52.123.130.14 | 192.168.2.18 |
| Mar 6, 2025 16:38:06.045152903 CET | 49835 | 443 | 192.168.2.18 | 52.123.130.14 |
| Mar 6, 2025 16:38:06.045245886 CET | 49835 | 443 | 192.168.2.18 | 52.123.130.14 |
| Mar 6, 2025 16:38:06.045263052 CET | 443 | 49835 | 52.123.130.14 | 192.168.2.18 |
| Mar 6, 2025 16:38:06.254200935 CET | 443 | 49836 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:38:06.254319906 CET | 49836 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:06.254319906 CET | 49836 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:06.254755974 CET | 49843 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:06.254793882 CET | 443 | 49843 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:38:06.254872084 CET | 49843 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:06.256915092 CET | 49843 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:06.256958008 CET | 443 | 49843 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:38:06.257004976 CET | 49843 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:06.268064022 CET | 49844 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:06.268105984 CET | 443 | 49844 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:38:06.268186092 CET | 49844 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:06.268474102 CET | 49844 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:06.268485069 CET | 443 | 49844 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:38:06.558429956 CET | 49836 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:06.558460951 CET | 443 | 49836 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:38:06.814301014 CET | 443 | 49837 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:38:06.814424038 CET | 49837 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:38:06.814944029 CET | 49837 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:38:06.814965963 CET | 443 | 49837 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:38:06.837630987 CET | 49845 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:38:06.837682962 CET | 443 | 49845 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:38:06.837793112 CET | 49845 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:38:06.838195086 CET | 49845 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:38:06.838212967 CET | 443 | 49845 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:38:10.035017967 CET | 49847 | 443 | 192.168.2.18 | 52.123.130.14 |
| Mar 6, 2025 16:38:10.035067081 CET | 443 | 49847 | 52.123.130.14 | 192.168.2.18 |
| Mar 6, 2025 16:38:10.035166979 CET | 49847 | 443 | 192.168.2.18 | 52.123.130.14 |
| Mar 6, 2025 16:38:10.035550117 CET | 49847 | 443 | 192.168.2.18 | 52.123.130.14 |
| Mar 6, 2025 16:38:10.035564899 CET | 443 | 49847 | 52.123.130.14 | 192.168.2.18 |
| Mar 6, 2025 16:38:14.524640083 CET | 443 | 49844 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:38:14.524696112 CET | 49844 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:14.560698986 CET | 49844 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:14.560720921 CET | 443 | 49844 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:38:14.560985088 CET | 49851 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:14.561033010 CET | 443 | 49851 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:38:14.561104059 CET | 49851 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:14.565239906 CET | 49851 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:14.565257072 CET | 443 | 49851 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:38:14.586986065 CET | 49856 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:14.587030888 CET | 443 | 49856 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:14.587088108 CET | 49856 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:14.587502956 CET | 49856 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:14.587512970 CET | 443 | 49856 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:15.126266956 CET | 443 | 49845 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:38:15.126435995 CET | 49845 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:38:15.126562119 CET | 49845 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:38:15.126574993 CET | 443 | 49845 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:38:15.179441929 CET | 49860 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:38:15.179486036 CET | 443 | 49860 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:38:15.179594040 CET | 49860 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:38:15.180038929 CET | 49860 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:38:15.180049896 CET | 443 | 49860 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:38:15.214611053 CET | 49856 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:15.215192080 CET | 49861 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:15.215234041 CET | 443 | 49861 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:15.215313911 CET | 49861 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:15.215950966 CET | 49861 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:15.215964079 CET | 443 | 49861 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:15.256330967 CET | 443 | 49856 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:18.211539030 CET | 49819 | 443 | 192.168.2.18 | 40.115.3.253 |
| Mar 6, 2025 16:38:18.216675043 CET | 443 | 49819 | 40.115.3.253 | 192.168.2.18 |
| Mar 6, 2025 16:38:18.327861071 CET | 443 | 49847 | 52.123.130.14 | 192.168.2.18 |
| Mar 6, 2025 16:38:18.328030109 CET | 49847 | 443 | 192.168.2.18 | 52.123.130.14 |
| Mar 6, 2025 16:38:18.328094959 CET | 49847 | 443 | 192.168.2.18 | 52.123.130.14 |
| Mar 6, 2025 16:38:18.328110933 CET | 443 | 49847 | 52.123.130.14 | 192.168.2.18 |
| Mar 6, 2025 16:38:18.328779936 CET | 49866 | 443 | 192.168.2.18 | 52.123.130.14 |
| Mar 6, 2025 16:38:18.328818083 CET | 443 | 49866 | 52.123.130.14 | 192.168.2.18 |
| Mar 6, 2025 16:38:18.328900099 CET | 49866 | 443 | 192.168.2.18 | 52.123.130.14 |
| Mar 6, 2025 16:38:18.329435110 CET | 49866 | 443 | 192.168.2.18 | 52.123.130.14 |
| Mar 6, 2025 16:38:18.329448938 CET | 443 | 49866 | 52.123.130.14 | 192.168.2.18 |
| Mar 6, 2025 16:38:18.385803938 CET | 443 | 49819 | 40.115.3.253 | 192.168.2.18 |
| Mar 6, 2025 16:38:18.433506012 CET | 49819 | 443 | 192.168.2.18 | 40.115.3.253 |
| Mar 6, 2025 16:38:18.891912937 CET | 443 | 49856 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:18.892049074 CET | 49856 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:19.281066895 CET | 49868 | 443 | 192.168.2.18 | 216.58.212.164 |
| Mar 6, 2025 16:38:19.281109095 CET | 443 | 49868 | 216.58.212.164 | 192.168.2.18 |
| Mar 6, 2025 16:38:19.281181097 CET | 49868 | 443 | 192.168.2.18 | 216.58.212.164 |
| Mar 6, 2025 16:38:19.281687975 CET | 49868 | 443 | 192.168.2.18 | 216.58.212.164 |
| Mar 6, 2025 16:38:19.281698942 CET | 443 | 49868 | 216.58.212.164 | 192.168.2.18 |
| Mar 6, 2025 16:38:22.752537966 CET | 443 | 49851 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:38:22.752655029 CET | 49851 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:22.752696991 CET | 49851 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:22.752716064 CET | 443 | 49851 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:38:22.755172014 CET | 49870 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:22.755218983 CET | 443 | 49870 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:38:22.755512953 CET | 49870 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:22.755512953 CET | 49870 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:22.755760908 CET | 443 | 49870 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:38:22.756331921 CET | 49870 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:22.763073921 CET | 49871 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:22.763117075 CET | 443 | 49871 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:38:22.763197899 CET | 49871 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:22.763415098 CET | 49871 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:22.763430119 CET | 443 | 49871 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:38:23.330466032 CET | 443 | 49860 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:38:23.330539942 CET | 49860 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:38:23.330634117 CET | 49860 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:38:23.330657959 CET | 443 | 49860 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:38:23.333041906 CET | 49872 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:38:23.333085060 CET | 443 | 49872 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:38:23.333159924 CET | 49872 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:38:23.333523035 CET | 49872 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:38:23.333535910 CET | 443 | 49872 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:38:23.579349995 CET | 443 | 49861 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:23.579514027 CET | 49861 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:23.579732895 CET | 49861 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:23.579754114 CET | 443 | 49861 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:23.580333948 CET | 49874 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:23.580382109 CET | 443 | 49874 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:23.580504894 CET | 49874 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:23.580998898 CET | 49874 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:23.581012011 CET | 443 | 49874 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:26.466506958 CET | 443 | 49866 | 52.123.130.14 | 192.168.2.18 |
| Mar 6, 2025 16:38:26.466665983 CET | 49866 | 443 | 192.168.2.18 | 52.123.130.14 |
| Mar 6, 2025 16:38:26.466783047 CET | 49866 | 443 | 192.168.2.18 | 52.123.130.14 |
| Mar 6, 2025 16:38:26.466801882 CET | 443 | 49866 | 52.123.130.14 | 192.168.2.18 |
| Mar 6, 2025 16:38:27.649239063 CET | 443 | 49868 | 216.58.212.164 | 192.168.2.18 |
| Mar 6, 2025 16:38:27.649451971 CET | 49868 | 443 | 192.168.2.18 | 216.58.212.164 |
| Mar 6, 2025 16:38:27.649655104 CET | 49868 | 443 | 192.168.2.18 | 216.58.212.164 |
| Mar 6, 2025 16:38:27.649672985 CET | 443 | 49868 | 216.58.212.164 | 192.168.2.18 |
| Mar 6, 2025 16:38:27.650015116 CET | 49878 | 443 | 192.168.2.18 | 216.58.212.164 |
| Mar 6, 2025 16:38:27.650062084 CET | 443 | 49878 | 216.58.212.164 | 192.168.2.18 |
| Mar 6, 2025 16:38:27.650150061 CET | 49878 | 443 | 192.168.2.18 | 216.58.212.164 |
| Mar 6, 2025 16:38:27.650599957 CET | 49878 | 443 | 192.168.2.18 | 216.58.212.164 |
| Mar 6, 2025 16:38:27.650615931 CET | 443 | 49878 | 216.58.212.164 | 192.168.2.18 |
| Mar 6, 2025 16:38:28.623017073 CET | 49811 | 443 | 192.168.2.18 | 40.126.31.129 |
| Mar 6, 2025 16:38:28.623019934 CET | 49814 | 80 | 192.168.2.18 | 2.17.190.73 |
| Mar 6, 2025 16:38:28.623279095 CET | 49812 | 80 | 192.168.2.18 | 199.232.214.172 |
| Mar 6, 2025 16:38:28.628345013 CET | 80 | 49814 | 2.17.190.73 | 192.168.2.18 |
| Mar 6, 2025 16:38:28.628449917 CET | 49814 | 80 | 192.168.2.18 | 2.17.190.73 |
| Mar 6, 2025 16:38:28.628771067 CET | 443 | 49811 | 40.126.31.129 | 192.168.2.18 |
| Mar 6, 2025 16:38:28.628787041 CET | 80 | 49812 | 199.232.214.172 | 192.168.2.18 |
| Mar 6, 2025 16:38:28.628824949 CET | 49811 | 443 | 192.168.2.18 | 40.126.31.129 |
| Mar 6, 2025 16:38:28.628998995 CET | 49812 | 80 | 192.168.2.18 | 199.232.214.172 |
| Mar 6, 2025 16:38:30.985908985 CET | 443 | 49871 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:38:30.985991955 CET | 49871 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:30.986041069 CET | 49871 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:30.986063004 CET | 443 | 49871 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:38:30.987704992 CET | 49880 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:30.987754107 CET | 443 | 49880 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:38:30.987848043 CET | 49880 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:30.988240004 CET | 49880 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:30.988250017 CET | 443 | 49880 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:38:31.491812944 CET | 443 | 49872 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:38:31.491931915 CET | 49872 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:38:31.492350101 CET | 49872 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:38:31.492372036 CET | 443 | 49872 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:38:31.535836935 CET | 49882 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:38:31.535859108 CET | 443 | 49882 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:38:31.535959005 CET | 49882 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:38:31.536298990 CET | 49882 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:38:31.536319971 CET | 443 | 49882 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:38:31.956216097 CET | 443 | 49874 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:31.956346035 CET | 49874 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:31.956526995 CET | 49874 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:31.956542969 CET | 443 | 49874 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:32.997437954 CET | 49883 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:32.997478962 CET | 443 | 49883 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:32.997595072 CET | 49883 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:32.998264074 CET | 49883 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:32.998274088 CET | 443 | 49883 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:33.032383919 CET | 49885 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:33.032434940 CET | 443 | 49885 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:33.032530069 CET | 49885 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:33.032907963 CET | 49885 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:33.032921076 CET | 443 | 49885 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:36.057102919 CET | 443 | 49878 | 216.58.212.164 | 192.168.2.18 |
| Mar 6, 2025 16:38:36.057219982 CET | 49878 | 443 | 192.168.2.18 | 216.58.212.164 |
| Mar 6, 2025 16:38:36.057426929 CET | 49878 | 443 | 192.168.2.18 | 216.58.212.164 |
| Mar 6, 2025 16:38:36.057445049 CET | 443 | 49878 | 216.58.212.164 | 192.168.2.18 |
| Mar 6, 2025 16:38:39.139925957 CET | 443 | 49880 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:38:39.140140057 CET | 49880 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:39.140189886 CET | 49880 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:39.140211105 CET | 443 | 49880 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:38:39.140702009 CET | 49888 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:39.140749931 CET | 443 | 49888 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:38:39.140849113 CET | 49888 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:39.141117096 CET | 49888 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:39.141151905 CET | 443 | 49888 | 20.190.159.23 | 192.168.2.18 |
| Mar 6, 2025 16:38:39.141206026 CET | 49888 | 443 | 192.168.2.18 | 20.190.159.23 |
| Mar 6, 2025 16:38:39.657866001 CET | 443 | 49882 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:38:39.657958984 CET | 49882 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:38:39.658051968 CET | 49882 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:38:39.658067942 CET | 443 | 49882 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:38:39.683465004 CET | 49889 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:38:39.683502913 CET | 443 | 49889 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:38:39.683609009 CET | 49889 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:38:39.683988094 CET | 49889 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:38:39.684000015 CET | 443 | 49889 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:38:41.294929981 CET | 49824 | 80 | 192.168.2.18 | 142.250.184.195 |
| Mar 6, 2025 16:38:41.302050114 CET | 80 | 49824 | 142.250.184.195 | 192.168.2.18 |
| Mar 6, 2025 16:38:41.302169085 CET | 49824 | 80 | 192.168.2.18 | 142.250.184.195 |
| Mar 6, 2025 16:38:41.545401096 CET | 443 | 49883 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:41.545538902 CET | 49883 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:41.545713902 CET | 49883 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:41.545742035 CET | 443 | 49883 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:41.546139956 CET | 49891 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:41.546190023 CET | 443 | 49891 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:41.546365023 CET | 49891 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:41.546648979 CET | 49891 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:41.546664000 CET | 443 | 49891 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:41.548985004 CET | 443 | 49885 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:41.549063921 CET | 49885 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:41.549134970 CET | 49885 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:41.549154043 CET | 443 | 49885 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:41.549360991 CET | 49892 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:41.549380064 CET | 443 | 49892 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:41.549453974 CET | 49892 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:41.549740076 CET | 49892 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:41.549750090 CET | 443 | 49892 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:48.090739012 CET | 443 | 49889 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:38:48.090883017 CET | 49889 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:38:48.090975046 CET | 49889 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:38:48.090991974 CET | 443 | 49889 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:38:49.896599054 CET | 443 | 49891 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:49.896769047 CET | 49891 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:49.896915913 CET | 49891 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:49.896938086 CET | 443 | 49891 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:49.898319960 CET | 443 | 49892 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:49.898507118 CET | 49892 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:49.898672104 CET | 49892 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:49.898680925 CET | 443 | 49892 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:50.262895107 CET | 443 | 49813 | 13.107.253.72 | 192.168.2.18 |
| Mar 6, 2025 16:38:50.263040066 CET | 443 | 49813 | 13.107.253.72 | 192.168.2.18 |
| Mar 6, 2025 16:38:50.263174057 CET | 49813 | 443 | 192.168.2.18 | 13.107.253.72 |
| Mar 6, 2025 16:38:50.263725996 CET | 49813 | 443 | 192.168.2.18 | 13.107.253.72 |
| Mar 6, 2025 16:38:50.268750906 CET | 443 | 49813 | 13.107.253.72 | 192.168.2.18 |
| Mar 6, 2025 16:38:54.913017988 CET | 49900 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:54.913072109 CET | 443 | 49900 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:54.913162947 CET | 49900 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:54.913630962 CET | 49900 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:54.913652897 CET | 443 | 49900 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:54.914978027 CET | 49901 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:54.915015936 CET | 443 | 49901 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:38:54.915090084 CET | 49901 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:54.915358067 CET | 49901 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:38:54.915371895 CET | 443 | 49901 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:39:04.279165983 CET | 443 | 49900 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:39:04.279355049 CET | 49900 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:39:04.279529095 CET | 49900 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:39:04.279558897 CET | 443 | 49900 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:39:04.280272961 CET | 49906 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:39:04.280323029 CET | 443 | 49906 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:39:04.280409098 CET | 49906 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:39:04.280890942 CET | 49906 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:39:04.280903101 CET | 443 | 49906 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:39:04.309259892 CET | 443 | 49901 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:39:04.309403896 CET | 49901 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:39:04.309688091 CET | 49901 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:39:04.309705019 CET | 443 | 49901 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:39:04.310192108 CET | 49907 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:39:04.310249090 CET | 443 | 49907 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:39:04.310318947 CET | 49907 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:39:04.310844898 CET | 49907 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:39:04.310858965 CET | 443 | 49907 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:39:12.689090014 CET | 443 | 49906 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:39:12.689177036 CET | 49906 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:39:12.689431906 CET | 49906 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:39:12.689456940 CET | 443 | 49906 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:39:12.699126005 CET | 443 | 49907 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:39:12.699199915 CET | 49907 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:39:12.699418068 CET | 49907 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:39:12.699439049 CET | 443 | 49907 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:39:18.204448938 CET | 49819 | 443 | 192.168.2.18 | 40.115.3.253 |
| Mar 6, 2025 16:39:18.204526901 CET | 49815 | 443 | 192.168.2.18 | 40.115.3.253 |
| Mar 6, 2025 16:39:18.209652901 CET | 443 | 49819 | 40.115.3.253 | 192.168.2.18 |
| Mar 6, 2025 16:39:18.209672928 CET | 443 | 49815 | 40.115.3.253 | 192.168.2.18 |
| Mar 6, 2025 16:39:18.423537970 CET | 443 | 49819 | 40.115.3.253 | 192.168.2.18 |
| Mar 6, 2025 16:39:18.425179005 CET | 443 | 49815 | 40.115.3.253 | 192.168.2.18 |
| Mar 6, 2025 16:39:18.475600004 CET | 49819 | 443 | 192.168.2.18 | 40.115.3.253 |
| Mar 6, 2025 16:39:18.479434013 CET | 49815 | 443 | 192.168.2.18 | 40.115.3.253 |
| Mar 6, 2025 16:39:19.323947906 CET | 49915 | 443 | 192.168.2.18 | 216.58.212.164 |
| Mar 6, 2025 16:39:19.323988914 CET | 443 | 49915 | 216.58.212.164 | 192.168.2.18 |
| Mar 6, 2025 16:39:19.324093103 CET | 49915 | 443 | 192.168.2.18 | 216.58.212.164 |
| Mar 6, 2025 16:39:19.324482918 CET | 49915 | 443 | 192.168.2.18 | 216.58.212.164 |
| Mar 6, 2025 16:39:19.324492931 CET | 443 | 49915 | 216.58.212.164 | 192.168.2.18 |
| Mar 6, 2025 16:39:24.319777012 CET | 49918 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:39:24.319890976 CET | 443 | 49918 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:39:24.320013046 CET | 49918 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:39:24.320415974 CET | 49918 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:39:24.320450068 CET | 443 | 49918 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:39:27.851537943 CET | 443 | 49915 | 216.58.212.164 | 192.168.2.18 |
| Mar 6, 2025 16:39:27.851881027 CET | 49915 | 443 | 192.168.2.18 | 216.58.212.164 |
| Mar 6, 2025 16:39:27.851977110 CET | 49915 | 443 | 192.168.2.18 | 216.58.212.164 |
| Mar 6, 2025 16:39:27.852020979 CET | 443 | 49915 | 216.58.212.164 | 192.168.2.18 |
| Mar 6, 2025 16:39:27.852432013 CET | 49922 | 443 | 192.168.2.18 | 216.58.212.164 |
| Mar 6, 2025 16:39:27.852473021 CET | 443 | 49922 | 216.58.212.164 | 192.168.2.18 |
| Mar 6, 2025 16:39:27.852582932 CET | 49922 | 443 | 192.168.2.18 | 216.58.212.164 |
| Mar 6, 2025 16:39:27.852930069 CET | 49922 | 443 | 192.168.2.18 | 216.58.212.164 |
| Mar 6, 2025 16:39:27.852945089 CET | 443 | 49922 | 216.58.212.164 | 192.168.2.18 |
| Mar 6, 2025 16:39:32.471882105 CET | 443 | 49918 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:39:32.471972942 CET | 49918 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:39:32.472063065 CET | 49918 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:39:32.472084045 CET | 443 | 49918 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:39:32.477915049 CET | 49926 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:39:32.477962017 CET | 443 | 49926 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:39:32.478071928 CET | 49926 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:39:32.478430986 CET | 49926 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:39:32.478442907 CET | 443 | 49926 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:39:36.316643000 CET | 443 | 49922 | 216.58.212.164 | 192.168.2.18 |
| Mar 6, 2025 16:39:36.316747904 CET | 49922 | 443 | 192.168.2.18 | 216.58.212.164 |
| Mar 6, 2025 16:39:36.316937923 CET | 49922 | 443 | 192.168.2.18 | 216.58.212.164 |
| Mar 6, 2025 16:39:36.316963911 CET | 443 | 49922 | 216.58.212.164 | 192.168.2.18 |
| Mar 6, 2025 16:39:38.648629904 CET | 443 | 49926 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:39:38.702742100 CET | 49926 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:39:38.789686918 CET | 443 | 49926 | 52.149.20.212 | 192.168.2.18 |
| Mar 6, 2025 16:39:38.830707073 CET | 49926 | 443 | 192.168.2.18 | 52.149.20.212 |
| Mar 6, 2025 16:39:42.703725100 CET | 49931 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:39:42.703790903 CET | 443 | 49931 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:39:42.703890085 CET | 49931 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:39:42.704276085 CET | 49931 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:39:42.704291105 CET | 443 | 49931 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:39:42.704329014 CET | 49932 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:39:42.704370975 CET | 443 | 49932 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:39:42.706041098 CET | 49932 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:39:42.706041098 CET | 49932 | 443 | 192.168.2.18 | 213.209.150.110 |
| Mar 6, 2025 16:39:42.706084013 CET | 443 | 49932 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:39:47.254796028 CET | 443 | 49931 | 213.209.150.110 | 192.168.2.18 |
| Mar 6, 2025 16:39:47.300630093 CET | 49931 | 443 | 192.168.2.18 | 213.209.150.110 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 6, 2025 16:38:14.545170069 CET | 64239 | 53 | 192.168.2.18 | 1.1.1.1 |
| Mar 6, 2025 16:38:14.545367956 CET | 56574 | 53 | 192.168.2.18 | 1.1.1.1 |
| Mar 6, 2025 16:38:14.555130005 CET | 53 | 58031 | 1.1.1.1 | 192.168.2.18 |
| Mar 6, 2025 16:38:14.563226938 CET | 53 | 49453 | 1.1.1.1 | 192.168.2.18 |
| Mar 6, 2025 16:38:14.586235046 CET | 53 | 56574 | 1.1.1.1 | 192.168.2.18 |
| Mar 6, 2025 16:38:14.586289883 CET | 53 | 64239 | 1.1.1.1 | 192.168.2.18 |
| Mar 6, 2025 16:38:19.272212029 CET | 54282 | 53 | 192.168.2.18 | 1.1.1.1 |
| Mar 6, 2025 16:38:19.272515059 CET | 55553 | 53 | 192.168.2.18 | 1.1.1.1 |
| Mar 6, 2025 16:38:19.279450893 CET | 53 | 54282 | 1.1.1.1 | 192.168.2.18 |
| Mar 6, 2025 16:38:19.279966116 CET | 53 | 55553 | 1.1.1.1 | 192.168.2.18 |
| Mar 6, 2025 16:39:14.435385942 CET | 53 | 61215 | 1.1.1.1 | 192.168.2.18 |
| Mar 6, 2025 16:39:17.525681973 CET | 53 | 55464 | 1.1.1.1 | 192.168.2.18 |
| Mar 6, 2025 16:39:22.540287971 CET | 53 | 50907 | 1.1.1.1 | 192.168.2.18 |
| Mar 6, 2025 16:39:31.129101038 CET | 53 | 50132 | 1.1.1.1 | 192.168.2.18 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 6, 2025 16:38:14.545170069 CET | 192.168.2.18 | 1.1.1.1 | 0x291f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 6, 2025 16:38:14.545367956 CET | 192.168.2.18 | 1.1.1.1 | 0x75dd | Standard query (0) | 65 | IN (0x0001) | false | |
| Mar 6, 2025 16:38:19.272212029 CET | 192.168.2.18 | 1.1.1.1 | 0x5cff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 6, 2025 16:38:19.272515059 CET | 192.168.2.18 | 1.1.1.1 | 0x11a6 | Standard query (0) | 65 | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 6, 2025 16:37:49.681499958 CET | 1.1.1.1 | 192.168.2.18 | 0xfed4 | No error (0) | shed.s-0005.dual-s-dc-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 6, 2025 16:37:49.681499958 CET | 1.1.1.1 | 192.168.2.18 | 0xfed4 | No error (0) | s-0005.dual-s-dc-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 6, 2025 16:37:49.681499958 CET | 1.1.1.1 | 192.168.2.18 | 0xfed4 | No error (0) | 52.123.130.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 6, 2025 16:37:49.681499958 CET | 1.1.1.1 | 192.168.2.18 | 0xfed4 | No error (0) | 52.123.131.14 | A (IP address) | IN (0x0001) | false | ||
| Mar 6, 2025 16:38:14.586289883 CET | 1.1.1.1 | 192.168.2.18 | 0x291f | No error (0) | 213.209.150.110 | A (IP address) | IN (0x0001) | false | ||
| Mar 6, 2025 16:38:19.279450893 CET | 1.1.1.1 | 192.168.2.18 | 0x5cff | No error (0) | 216.58.212.164 | A (IP address) | IN (0x0001) | false | ||
| Mar 6, 2025 16:38:19.279966116 CET | 1.1.1.1 | 192.168.2.18 | 0x11a6 | No error (0) | 65 | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 0 | 192.168.2.18 | 49824 | 142.250.184.195 | 80 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 6, 2025 16:37:40.252988100 CET | 200 | OUT | |
| Mar 6, 2025 16:37:40.902110100 CET | 223 | IN | |
| Mar 6, 2025 16:37:40.907598019 CET | 202 | OUT | |
| Mar 6, 2025 16:37:41.094713926 CET | 223 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 10:37:31 |
| Start date: | 06/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x140000 |
| File size: | 34'446'744 bytes |
| MD5 hash: | 91A5292942864110ED734005B7E005C0 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 3 |
| Start time: | 10:37:49 |
| Start date: | 06/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7418a0000 |
| File size: | 710'048 bytes |
| MD5 hash: | EC652BEDD90E089D9406AFED89A8A8BD |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 4 |
| Start time: | 10:37:52 |
| Start date: | 06/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x840000 |
| File size: | 1'620'872 bytes |
| MD5 hash: | 1A0C2C2E7D9C4BC18E91604E9B0C7678 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 6 |
| Start time: | 10:37:53 |
| Start date: | 06/03/2025 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x840000 |
| File size: | 1'620'872 bytes |
| MD5 hash: | 1A0C2C2E7D9C4BC18E91604E9B0C7678 |
| Has elevated privileges: | true |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 9 |
| Start time: | 10:38:13 |
| Start date: | 06/03/2025 |
| Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff711e10000 |
| File size: | 3'388'000 bytes |
| MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | false |
| Target ID: | 10 |
| Start time: | 10:38:13 |
| Start date: | 06/03/2025 |
| Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff711e10000 |
| File size: | 3'388'000 bytes |
| MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | false |
⊘No disassembly