Loading ...

Play interactive tourEdit tour

Analysis Report https://protect-au.mimecast.com/s/8ti1C71ZgjCjGK56cWI7kq?domain=pr.ssm.echoworx.net

Overview

General Information

Sample URL:https://protect-au.mimecast.com/s/8ti1C71ZgjCjGK56cWI7kq?domain=pr.ssm.echoworx.net
Analysis ID:433025
Infos:

Most interesting Screenshot:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

Process Tree

  • System is w10x64
  • iexplore.exe (PID: 4984 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 5296 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4984 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll
Source: unknownHTTPS traffic detected: 124.47.150.19:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 124.47.150.19:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.17.15.199:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.17.15.199:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.17.15.199:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: msapplication.xml0.2.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xbd8897d1,0x01d75ec8</date><accdate>0xbd8897d1,0x01d75ec8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.2.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xbd8897d1,0x01d75ec8</date><accdate>0xbd92213a,0x01d75ec8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.2.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xbd92213a,0x01d75ec8</date><accdate>0xbd92213a,0x01d75ec8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.2.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xbd92213a,0x01d75ec8</date><accdate>0xbd92213a,0x01d75ec8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.2.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xbd92213a,0x01d75ec8</date><accdate>0xbd92213a,0x01d75ec8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.2.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xbd92213a,0x01d75ec8</date><accdate>0xbd92213a,0x01d75ec8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: unknownDNS traffic detected: queries for: protect-au.mimecast.com
Source: msapplication.xml.2.drString found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.2.drString found in binary or memory: http://www.google.com/
Source: msapplication.xml2.2.drString found in binary or memory: http://www.live.com/
Source: msapplication.xml3.2.drString found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.2.drString found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.2.drString found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.2.drString found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.2.drString found in binary or memory: http://www.youtube.com/
Source: brand[1].htm.3.drString found in binary or memory: https://pr.ssm.echoworx.net//brand?act=download&entp=citi&locale=en_US&cat=Resource_Center&f=/emx/he
Source: ~DFAC8FE0F9274D997D.TMP.2.dr, {E431D7E0-CABB-11EB-90E5-ECF4BB2D2496}.dat.2.drString found in binary or memory: https://pr.ssm.echoworx.net/brand?act=download&entp=citi&locale=en_US&cat=Resource_Center&f=emx/help
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownHTTPS traffic detected: 124.47.150.19:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 124.47.150.19:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.17.15.199:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.17.15.199:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.17.15.199:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: classification engineClassification label: clean0.win@3/18@3/2
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E431D7DE-CABB-11EB-90E5-ECF4BB2D2496}.datJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DF105B1BD805E1ACCB.TMPJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4984 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4984 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection1Masquerading1OS Credential DumpingFile and Directory Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://protect-au.mimecast.com/s/8ti1C71ZgjCjGK56cWI7kq?domain=pr.ssm.echoworx.net0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.wikipedia.com/0%URL Reputationsafe
http://www.wikipedia.com/0%URL Reputationsafe
http://www.wikipedia.com/0%URL Reputationsafe
http://www.wikipedia.com/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
alb-echoworx-v00-907380543.us-east-2.elb.amazonaws.com
3.17.15.199
truefalse
    high
    protect-au.mimecast.com
    124.47.150.19
    truefalse
      high
      pr.ssm.echoworx.net
      unknown
      unknownfalse
        high

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://www.wikipedia.com/msapplication.xml6.2.drfalse
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        unknown
        http://www.amazon.com/msapplication.xml.2.drfalse
          high
          http://www.nytimes.com/msapplication.xml3.2.drfalse
            high
            http://www.live.com/msapplication.xml2.2.drfalse
              high
              http://www.reddit.com/msapplication.xml4.2.drfalse
                high
                http://www.twitter.com/msapplication.xml5.2.drfalse
                  high
                  http://www.youtube.com/msapplication.xml7.2.drfalse
                    high

                    Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public

                    IPDomainCountryFlagASNASN NameMalicious
                    124.47.150.19
                    protect-au.mimecast.comAustralia
                    17477MCT-SYDNEYMacquarieTelecomAUfalse
                    3.17.15.199
                    alb-echoworx-v00-907380543.us-east-2.elb.amazonaws.comUnited States
                    16509AMAZON-02USfalse

                    General Information

                    Joe Sandbox Version:32.0.0 Black Diamond
                    Analysis ID:433025
                    Start date:11.06.2021
                    Start time:06:49:02
                    Joe Sandbox Product:CloudBasic
                    Overall analysis duration:0h 4m 17s
                    Hypervisor based Inspection enabled:false
                    Report type:light
                    Cookbook file name:browseurl.jbs
                    Sample URL:https://protect-au.mimecast.com/s/8ti1C71ZgjCjGK56cWI7kq?domain=pr.ssm.echoworx.net
                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                    Number of analysed new started processes analysed:18
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • HDC enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Detection:CLEAN
                    Classification:clean0.win@3/18@3/2
                    Cookbook Comments:
                    • Adjust boot time
                    • Enable AMSI
                    Warnings:
                    Show All
                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, ielowutil.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                    • TCP Packets have been reduced to 100
                    • Excluded IPs from analysis (whitelisted): 104.43.193.48, 104.43.139.144, 104.42.151.234, 88.221.62.148, 52.147.198.201, 20.82.210.154, 152.199.19.161, 20.54.104.15, 20.54.26.129, 20.54.7.98, 92.122.213.247, 92.122.213.194, 20.82.209.183, 23.218.208.56
                    • Excluded domains from analysis (whitelisted): iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, go.microsoft.com, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, ie9comview.vo.msecnd.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, skypedataprdcolcus16.cloudapp.net, consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net, skypedataprdcolcus15.cloudapp.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolwus16.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, cs9.wpc.v0cdn.net, neu-consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net
                    • Not all processes where analyzed, report is missing behavior information

                    Simulations

                    Behavior and APIs

                    No simulations

                    Joe Sandbox View / Context

                    IPs

                    No context

                    Domains

                    No context

                    ASN

                    No context

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E431D7DE-CABB-11EB-90E5-ECF4BB2D2496}.dat
                    Process:C:\Program Files\internet explorer\iexplore.exe
                    File Type:Microsoft Word Document
                    Category:dropped
                    Size (bytes):30296
                    Entropy (8bit):1.8542030625178114
                    Encrypted:false
                    SSDEEP:96:r2ZJ7Z22yWatdAf11B1MHZT1TRc+fh1AlX:r2ZJ7Z22yWatGf11MZP9fhsX
                    MD5:98D1CC7AB3008F6EDCC4887BE169F6B2
                    SHA1:330D51271FD8B73AF5FCC364C73386015AA6DD0E
                    SHA-256:B2E025CB4B8015BD6ABA01D9DBC4FA2F29D4C7A3000BF045C6125F2126EBAC45
                    SHA-512:D45213B07FA890BD171E36E612A9B09AF62C7A1D1F237EDBC6162745A66C6E83043AD0D6086BE78BD95B247D38C83845BA8CA6F539CC5D71B2069EC02046111E
                    Malicious:false
                    Reputation:low
                    Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E431D7E0-CABB-11EB-90E5-ECF4BB2D2496}.dat
                    Process:C:\Program Files\internet explorer\iexplore.exe
                    File Type:Microsoft Word Document
                    Category:dropped
                    Size (bytes):24352
                    Entropy (8bit):1.6654547840497167
                    Encrypted:false
                    SSDEEP:48:IwaGcpr7jGwpafG4pQfGrapbSwGQpBOGHHpcXTGUp8iGzYpmKvGop10/fsSZGP8g:reZJQx6jBS4jd2hWeMm7PGg
                    MD5:270CA8896E61901D2C3597D599378727
                    SHA1:50C33F76CDC1F6630B68129B7BC4A223A2A3B616
                    SHA-256:A6C62DF1728D551614E497EB3C59B48888B3167BDB9267A285035626727A5E1D
                    SHA-512:C02C15AF500E7D72DB68109135363769070D786EB62FA7D47263C16CAF7CDCE984D732D41EB1C35CA4E05E2F6B29CA258DE71616F0DC2D5486B9FB04A528DE03
                    Malicious:false
                    Reputation:low
                    Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EC985E86-CABB-11EB-90E5-ECF4BB2D2496}.dat
                    Process:C:\Program Files\internet explorer\iexplore.exe
                    File Type:Microsoft Word Document
                    Category:dropped
                    Size (bytes):16984
                    Entropy (8bit):1.5659408419736596
                    Encrypted:false
                    SSDEEP:48:IwnGcprOjGwpavG4pQhGrapbSrGQpKpG7HpRwTGIpG:rNZiQh6xBSFAITkA
                    MD5:10BAA0203E4E1C76C1BD5456CFB8ADC4
                    SHA1:3DB0A81672D85BC317E929E590DD1186E9B91BEE
                    SHA-256:EDCBDE54139CA1AC44772A388ADEADD388124EE2271E02943647108F99E3293C
                    SHA-512:9F5D0880807AC84FB6E4A570C4D5A5CCA044730B08B0BB0EB3C2E12C5D5B0AADD638D84D5FE4C783B3D2ED2B9485529BD7017481711A505CDEDC09A25D9E7A7E
                    Malicious:false
                    Reputation:low
                    Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
                    Process:C:\Program Files\internet explorer\iexplore.exe
                    File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                    Category:dropped
                    Size (bytes):659
                    Entropy (8bit):5.081817752116938
                    Encrypted:false
                    SSDEEP:12:TMHdNMNxOEGOnWimI002EtM3MHdNMNxOEGOnWimI00OVbVbkEtMb:2d6NxO4SZHKd6NxO4SZ7V6b
                    MD5:32068C8D228C03C686D38F6BF1C24920
                    SHA1:B192E58D1E9F532F9B929051124A7562FE893F91
                    SHA-256:54070EF8F96637350F32E9C7C36C21901946E275C8068C3177FA1AEB5076825C
                    SHA-512:57C0C18B9C999F91BB8A8D0A89ED74EBF8E4E5D0C17D491B6590FC9B87B1B631414FFBB8732619ED4E30DF065BA3A6DE30CE5E7458E59A658AAA17AE28DA82E1
                    Malicious:false
                    Reputation:low
                    Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xbd92213a,0x01d75ec8</date><accdate>0xbd92213a,0x01d75ec8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xbd92213a,0x01d75ec8</date><accdate>0xbd92213a,0x01d75ec8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..
                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
                    Process:C:\Program Files\internet explorer\iexplore.exe
                    File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                    Category:dropped
                    Size (bytes):656
                    Entropy (8bit):5.089896047179206
                    Encrypted:false
                    SSDEEP:12:TMHdNMNxe2keioMnWimI002EtM3MHdNMNxe2keioMnWimI00OVbkak6EtMb:2d6Nxr2SZHKd6Nxr2SZ7VAa7b
                    MD5:4C1B73BFD936285EC8229EE1F31E1D3A
                    SHA1:B6ED175CCF1E993CEBE8FBF0171952CAA53ADD83
                    SHA-256:B75CC5597613C9779AB4C02DCD2DCC6212CF7C883095A0AB9B91B172FDE0A19A
                    SHA-512:9FDA7F3D43EA2A852B02E899A67165ADA764A4E6E8B0F4A8C518D533C76B469DDB74369E12BF07CBFB01F39035A7221BA8045BC3C6E48F64AB57F1B9FD5DD413
                    Malicious:false
                    Reputation:low
                    Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0xbd8897d1,0x01d75ec8</date><accdate>0xbd8897d1,0x01d75ec8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0xbd8897d1,0x01d75ec8</date><accdate>0xbd8897d1,0x01d75ec8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..
                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
                    Process:C:\Program Files\internet explorer\iexplore.exe
                    File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                    Category:dropped
                    Size (bytes):665
                    Entropy (8bit):5.099914895563024
                    Encrypted:false
                    SSDEEP:12:TMHdNMNxvLGOnWimI002EtM3MHdNMNxvLGOnWimI00OVbmZEtMb:2d6NxvRSZHKd6NxvRSZ7Vmb
                    MD5:A63FC11287365AF8EC53A2210F774331
                    SHA1:D18CC658592F016CF560AFD79D40560F13BD3474
                    SHA-256:B9DA91C3EDF3DF051F82053748CB614F66428A82891F14F1F55AA213464CC305
                    SHA-512:B77CB5B4DF8BD5CB313E1F5A5E326769C4D47C06527455EAA313FD6A11F010A2B5C0A02B93A6174394C4D9386DCCDEC383AEE33993C99CA7501F4A966DEB6540
                    Malicious:false
                    Reputation:low
                    Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0xbd92213a,0x01d75ec8</date><accdate>0xbd92213a,0x01d75ec8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0xbd92213a,0x01d75ec8</date><accdate>0xbd92213a,0x01d75ec8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..
                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
                    Process:C:\Program Files\internet explorer\iexplore.exe
                    File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                    Category:dropped
                    Size (bytes):650
                    Entropy (8bit):5.09723889880327
                    Encrypted:false
                    SSDEEP:12:TMHdNMNxiGOnWimI002EtM3MHdNMNxiGOnWimI00OVbd5EtMb:2d6NxuSZHKd6NxuSZ7VJjb
                    MD5:E756115ADD09EC8380173C251F31DD9B
                    SHA1:B582204CB74F0C95380968A38B0B923CC11119DC
                    SHA-256:0A651A1840131D57A5FFE3D5E33BA10415FD0C41F90EDF3A7DBAEB2053DB0D99
                    SHA-512:43D1C6E256A07D46FEA91FB9FE340821D9C71B233D07FE9318C72BF5DD9A0B303D8D73EEA1C678ABE81EAFE4EDB8B4DD95C13806829B5D2A6177C3974FA5A571
                    Malicious:false
                    Reputation:low
                    Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0xbd92213a,0x01d75ec8</date><accdate>0xbd92213a,0x01d75ec8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0xbd92213a,0x01d75ec8</date><accdate>0xbd92213a,0x01d75ec8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..
                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
                    Process:C:\Program Files\internet explorer\iexplore.exe
                    File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                    Category:dropped
                    Size (bytes):659
                    Entropy (8bit):5.1129820777831085
                    Encrypted:false
                    SSDEEP:12:TMHdNMNxhGwGOnWimI002EtM3MHdNMNxhGwGOnWimI00OVb8K075EtMb:2d6NxQcSZHKd6NxQcSZ7VYKajb
                    MD5:D8D15A6B0D0EC81E3EB2D3EC04C04EAA
                    SHA1:33C2B1923DADD384DC6847823F68BEEF5678575E
                    SHA-256:45F6158AA83FFD4E3968C1203FFC2FFA1B0E2BF17043EF47985E3B8C2129F276
                    SHA-512:08379275746E07A259A7283F155273A657F2CB8570679374C75605B9EC8C88420D086ECEEFA1AA7B88B676BE538903AFF87288E7FB3F419BD952825F00AF9CBC
                    Malicious:false
                    Reputation:low
                    Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xbd92213a,0x01d75ec8</date><accdate>0xbd92213a,0x01d75ec8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xbd92213a,0x01d75ec8</date><accdate>0xbd92213a,0x01d75ec8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..
                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
                    Process:C:\Program Files\internet explorer\iexplore.exe
                    File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                    Category:dropped
                    Size (bytes):656
                    Entropy (8bit):5.0830301930589075
                    Encrypted:false
                    SSDEEP:12:TMHdNMNx0nGOnWimI002EtM3MHdNMNx0nGOnWimI00OVbxEtMb:2d6Nx01SZHKd6Nx01SZ7Vnb
                    MD5:C56F7186749427532AD6DFD08CB6EEEF
                    SHA1:D431D2E40E03F1CB55B415AD37FB0A86E829200A
                    SHA-256:265DE9F7F14B38481D524CE51EF4883B4060521A753B416B5DA43A721B7DFA6D
                    SHA-512:3DCE0A9AC6D3B1693881041DC4F16A3401407B02624C4436A6597D36853D22B9D849F64A199FC9275778133F90F2818C0EBD75ADFF4D298ED1EB730E07223CC0
                    Malicious:false
                    Reputation:low
                    Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0xbd92213a,0x01d75ec8</date><accdate>0xbd92213a,0x01d75ec8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0xbd92213a,0x01d75ec8</date><accdate>0xbd92213a,0x01d75ec8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..
                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
                    Process:C:\Program Files\internet explorer\iexplore.exe
                    File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                    Category:dropped
                    Size (bytes):659
                    Entropy (8bit):5.121618854079136
                    Encrypted:false
                    SSDEEP:12:TMHdNMNxxGOnWimI002EtM3MHdNMNxxGOnWimI00OVb6Kq5EtMb:2d6NxvSZHKd6NxvSZ7Vob
                    MD5:3A9B9EA3F160EBA02CAAC1E3BA641303
                    SHA1:85FDDC16D9AA9FD2B26569207EE34BDD6DD3E7B4
                    SHA-256:67B8619A2C43770DC2299980B95EEF119C2126175914B63D43BB8AC4B08D6CB9
                    SHA-512:4E004E85CA36DACB145B8101B3DA6E2E5A17F9E6046C7ED26876185AF560D4A03FFDD2E42A66A58B3B5AC63CC78CA5676F64CDC01840FC7D7C89BF6FF7F294F9
                    Malicious:false
                    Reputation:low
                    Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0xbd92213a,0x01d75ec8</date><accdate>0xbd92213a,0x01d75ec8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0xbd92213a,0x01d75ec8</date><accdate>0xbd92213a,0x01d75ec8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..
                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
                    Process:C:\Program Files\internet explorer\iexplore.exe
                    File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                    Category:dropped
                    Size (bytes):662
                    Entropy (8bit):5.091938853991822
                    Encrypted:false
                    SSDEEP:12:TMHdNMNxceioMnWimI002EtM3MHdNMNxceiOnWimI00OVbVEtMb:2d6Nx+SZHKd6NxjSZ7VDb
                    MD5:8D1A2DB4FB26C17A195704E30BB29858
                    SHA1:3D184FB5A82DDDE493DCC30926391FCFAA3E553A
                    SHA-256:7F7D40A50ECF921837B0926B08618A05A0E32E016FCBBBEAF286F75E3965C8C3
                    SHA-512:A16AF3743859756D65D49A8769AE3BF29DDF8A674ADCF57B6B468454D41ECBA16734DE2C650A14722969E3C93B665FF5B5374C0296466211C1FD8353EAEAAF8E
                    Malicious:false
                    Reputation:low
                    Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xbd8897d1,0x01d75ec8</date><accdate>0xbd8897d1,0x01d75ec8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xbd8897d1,0x01d75ec8</date><accdate>0xbd92213a,0x01d75ec8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..
                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
                    Process:C:\Program Files\internet explorer\iexplore.exe
                    File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                    Category:dropped
                    Size (bytes):656
                    Entropy (8bit):5.082779872538658
                    Encrypted:false
                    SSDEEP:12:TMHdNMNxfnGOnWimI002EtM3MHdNMNxfnGOnWimI00OVbe5EtMb:2d6Nx9SZHKd6Nx9SZ7Vijb
                    MD5:1C87B1182ACEFE801B00CB8AF971ED95
                    SHA1:DF0B69BF41261DD60E5F919929E3BD7177FDDC3D
                    SHA-256:9D621E0827EBDAF741BF38EFC5F795FB005EB4DA8A948D867524B30301A5A384
                    SHA-512:A051562FAA747DECB4B579913373C6BD962807117549EC5B63460DEA48BBF4578BEBD9089A2D2EB36338CDE2BA808AF390692ACA30B5BE6C42B83D743738998F
                    Malicious:false
                    Reputation:low
                    Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0xbd92213a,0x01d75ec8</date><accdate>0xbd92213a,0x01d75ec8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0xbd92213a,0x01d75ec8</date><accdate>0xbd92213a,0x01d75ec8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\favicon[1].xml
                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                    Category:downloaded
                    Size (bytes):246
                    Entropy (8bit):5.218638368552994
                    Encrypted:false
                    SSDEEP:6:TMVBd/g/4hORq4FFc8LfXpEWxMLe56R/DfT+UZzR3hR:TMHdthIDcaphxMk6RX+UR5hR
                    MD5:149DFA4D944224CEE584064F50462B60
                    SHA1:99C0188CCF526518AEA06E8A012C466852F91366
                    SHA-256:D8B1526B1CEAF780C3162E67D4D8C46A0D50575345C6432E0422944053DE2630
                    SHA-512:384749670F8A1798C606BF54D8060A60740CB6AA528D8E353A774D4099A63A8E3448BB9B12C455589B389688BB9348F809A47463F4F675FE4E7FD6237E7159E8
                    Malicious:false
                    Reputation:low
                    IE Cache URL:https://pr.ssm.echoworx.net/favicon.ico
                    Preview: <?xml version="1.0" encoding="UTF-8"?>..<Info><Response>UNKNOWN</Response><ApplicationName>UNKNOWN</ApplicationName><SubjectList /><ExceptionCondition /><Time>2021-06-11T04:49:59Z</Time><Version><Major>1</Major><Minor>0</Minor></Version></Info>..
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\citilogo_branding_60x35[1].png
                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                    File Type:PNG image data, 60 x 35, 8-bit/color RGBA, non-interlaced
                    Category:downloaded
                    Size (bytes):2618
                    Entropy (8bit):7.917905654499842
                    Encrypted:false
                    SSDEEP:48:7BS3d5gfYBLrat6w4MIQlGVGsHTmSoNSBXp0yhP21PgiAb4NX:WgfOBPM1luz67gjcl
                    MD5:0D765F9D542BE474413B0468964C8B6D
                    SHA1:EC29369A72C7F050799AE0094266286CCCB0679B
                    SHA-256:F1C635C4782FCE1EEF7290194A81F790B0DC0655C6EAFDC43EB1498FD6B10295
                    SHA-512:2FF14ED86325965C6F765D6CCDF135E02BCE415D52FD53CE10F62AAABD02698259BDE331244091BC5B5554F05999232D830B122A01B0EA41FE024BA5A9D30B34
                    Malicious:false
                    Reputation:low
                    IE Cache URL:https://pr.ssm.echoworx.net//brand?act=download&entp=citi&locale=en_US&cat=Resource_Center&f=/emx/help/citilogo_branding_60x35.png
                    Preview: .PNG........IHDR...<...#......|i<....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..Y.pT....ww...&.MH...P..E........qh.....>.U.Z.L}..t.>,..D...H...RJ.0.C.UA.Z(O!@. ..v..{..w.MnnV.............9a\...H...7..cL.]...$bQJ~...`...6r...F..8i.d..7.3A.c..[......O....>2MCn..I..c7.....}@.Uo3.......a4Q<F.......!~.$.....1b...ys..9......<......8.e...F|tz......8.p.0..NB16..H.:]....y=..E.V..)...<.....!.:..T._WN,.N.|.DsO.:s..[y[{......:G...c...B!.Y<.}m.e....Y0D..x....O.:1/.tW..G..x..SD[.aKFW.Z\r...a|>b~...~..^.r.=..X'$..k..7N.?...s..ur......VXL...q.U..n.<2..1.!.... .J.v.....{F..W...,..S.............s.".e..4.,0J...jL....hc+.Rk...*[.'..!.<t.D.9..l../x..S6jY...C..TQ~..._gy..".;no!...2.Y.'4.x(.......H..'ji.........}.z...!.D..H.Vl.}v.>..mT^.`!D...1.4.../...?xh..w..a...X-...i.N....LC.Lf.ItF.hI.4.}' ...M~._.-...q..1...........f..df.$...k/..v._../..i.Z./.mA.N...C......o..X.zD..<.n;..q.4...n"..ko.I.n..$t,......~...TN$.t."D.d.^=wq.3OW{..$.FR%..m....l.;3..]..v0....
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\brand[1].htm
                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                    File Type:HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                    Category:downloaded
                    Size (bytes):4359
                    Entropy (8bit):5.158727486978279
                    Encrypted:false
                    SSDEEP:96:PkiSJH010HbHarxhfCU4jZbtYR14yH2Ir7t11EsVeB5qbViN7:PNSu107SDfCU4sRWIt11EsVeB5Ca7
                    MD5:99B6AC1D0DA523A6F6F1EF6244752446
                    SHA1:E2DE5597EB485C1CDC1667269517A711E6D0E8FB
                    SHA-256:038A0E3C2BA3281E2704700B08DACF852AF50E2DDC2B4B1230082500EB8EC488
                    SHA-512:613E60B76EBEA461AB9C748B82245252492362390CA91F1D6858B4735EFA0AA190DF9C813554B24B23C7CCEA7D9B9F2BF2BE5B6F33BB4A4794AAAE40A007C692
                    Malicious:false
                    Reputation:low
                    IE Cache URL:https://pr.ssm.echoworx.net/brand?act=download&entp=citi&locale=en_US&cat=Resource_Center&f=emx/help/notice_privacy.html
                    Preview: .<!doctype HTML>..<html>..<head>...<title>Citi Secure Email Center Notice - Password Recover Questions...</title>...<style type="text/css">....* {.....box-sizing:border-box;.....margin:0;....}........html, body {.....margin:0;.....padding:0;.....height:100%;....}........body {.....font-family:Interstate_Light,"open sans",sans-serif;.....font-size:1em;.....background-color:#eee;....}........p {.....font-size:0.9em;....}........h1 {.....margin:15px 0px;.....font-weight:500;....}........h2 {.....margin:15px 0px;.....font-weight:500;....}........p {.....margin:10px 0px;.....line-height:1.6em;....}........#container {.....display:block;.....position:relative;.....min-height:100%;.....margin-bottom:-100px;....}........#header {.....padding-top:10px;.....min-height:86px;.....vertical-align:middle;.....border-bottom:1px solid #aaa;.....background-color:#fff;.....background: -webkit-linear-gradient(top,#00bdf2,#00b3f0 18%,#0066b3 77%,#004985);.....background: linear-gradient(180deg,#00bdf2,#0
                    C:\Users\user\AppData\Local\Temp\~DF105B1BD805E1ACCB.TMP
                    Process:C:\Program Files\internet explorer\iexplore.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):13029
                    Entropy (8bit):0.4791264017153545
                    Encrypted:false
                    SSDEEP:24:c9lLh9lLh9lIn9lIn9lo19loV9lWigeyG2fk:kBqoI+ggybfk
                    MD5:4028E9549C0479E06235D5CF428C3329
                    SHA1:D9C6C6F30E410383F37F55E64E2581085A6982EC
                    SHA-256:9E181C5822A2D793C94B152C92871BA1411E5B6818DA267231E226123768D524
                    SHA-512:30F116C100A3C56569AA416D6A7DDB2559F1E8D28C7D2F02DC64DB1380805942E711427A7641AEC5A2A64175DC7AE339D39402368D3B14D20877EEABF1137C5C
                    Malicious:false
                    Reputation:low
                    Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                    C:\Users\user\AppData\Local\Temp\~DF75A02B489D34ACB9.TMP
                    Process:C:\Program Files\internet explorer\iexplore.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):25441
                    Entropy (8bit):0.27918767598683664
                    Encrypted:false
                    SSDEEP:24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab
                    MD5:AB889A32AB9ACD33E816C2422337C69A
                    SHA1:1190C6B34DED2D295827C2A88310D10A8B90B59B
                    SHA-256:4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
                    SHA-512:BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6
                    Malicious:false
                    Reputation:low
                    Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                    C:\Users\user\AppData\Local\Temp\~DFAC8FE0F9274D997D.TMP
                    Process:C:\Program Files\internet explorer\iexplore.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):34545
                    Entropy (8bit):0.382372108437617
                    Encrypted:false
                    SSDEEP:24:c9lLh9lLh9lIn9lIn9lRg9lRA9lTS9lTy9lSSd9lSSd9lwZW9lwZ769l2Zqd9l2H:kBqoxKAuvScS+LFX+KIKX0/fsS0
                    MD5:E531E1BAC024FA93D63D4D77AF7BE77D
                    SHA1:5DFBDB4FA3DA8D4360221863C758FB068433DD30
                    SHA-256:BC3BFE5F73364ACC6DBE0247EBED77391199899E95011812733F1E8B90E69C24
                    SHA-512:7C3FBB9BBF208F384C5B1D8A9E5C7BBE45D2E581B1907B8D3684B7AA35DDF420FEB80AE1E9C6D6440462BAE70826A5B5CB00F4A44683688EF286F3BC62B1B28C
                    Malicious:false
                    Reputation:low
                    Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    Static File Info

                    No static file info

                    Network Behavior

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Jun 11, 2021 06:49:52.896141052 CEST49714443192.168.2.6124.47.150.19
                    Jun 11, 2021 06:49:52.896965027 CEST49715443192.168.2.6124.47.150.19
                    Jun 11, 2021 06:49:53.185051918 CEST44349714124.47.150.19192.168.2.6
                    Jun 11, 2021 06:49:53.185080051 CEST44349715124.47.150.19192.168.2.6
                    Jun 11, 2021 06:49:53.185240984 CEST49714443192.168.2.6124.47.150.19
                    Jun 11, 2021 06:49:53.188692093 CEST49715443192.168.2.6124.47.150.19
                    Jun 11, 2021 06:49:53.196625948 CEST49715443192.168.2.6124.47.150.19
                    Jun 11, 2021 06:49:53.196661949 CEST49714443192.168.2.6124.47.150.19
                    Jun 11, 2021 06:49:53.487396955 CEST44349715124.47.150.19192.168.2.6
                    Jun 11, 2021 06:49:53.488101959 CEST44349714124.47.150.19192.168.2.6
                    Jun 11, 2021 06:49:53.488452911 CEST44349715124.47.150.19192.168.2.6
                    Jun 11, 2021 06:49:53.488497019 CEST44349715124.47.150.19192.168.2.6
                    Jun 11, 2021 06:49:53.488532066 CEST44349715124.47.150.19192.168.2.6
                    Jun 11, 2021 06:49:53.488548994 CEST49715443192.168.2.6124.47.150.19
                    Jun 11, 2021 06:49:53.488598108 CEST49715443192.168.2.6124.47.150.19
                    Jun 11, 2021 06:49:53.488605022 CEST49715443192.168.2.6124.47.150.19
                    Jun 11, 2021 06:49:53.489211082 CEST44349714124.47.150.19192.168.2.6
                    Jun 11, 2021 06:49:53.489253998 CEST44349714124.47.150.19192.168.2.6
                    Jun 11, 2021 06:49:53.489284039 CEST44349714124.47.150.19192.168.2.6
                    Jun 11, 2021 06:49:53.489337921 CEST49714443192.168.2.6124.47.150.19
                    Jun 11, 2021 06:49:53.489430904 CEST49714443192.168.2.6124.47.150.19
                    Jun 11, 2021 06:49:53.489439964 CEST49714443192.168.2.6124.47.150.19
                    Jun 11, 2021 06:49:53.518937111 CEST49714443192.168.2.6124.47.150.19
                    Jun 11, 2021 06:49:53.520503998 CEST49715443192.168.2.6124.47.150.19
                    Jun 11, 2021 06:49:53.525055885 CEST49714443192.168.2.6124.47.150.19
                    Jun 11, 2021 06:49:53.810175896 CEST44349714124.47.150.19192.168.2.6
                    Jun 11, 2021 06:49:53.810328007 CEST49714443192.168.2.6124.47.150.19
                    Jun 11, 2021 06:49:53.810977936 CEST44349715124.47.150.19192.168.2.6
                    Jun 11, 2021 06:49:53.811094999 CEST49715443192.168.2.6124.47.150.19
                    Jun 11, 2021 06:49:53.855684042 CEST44349714124.47.150.19192.168.2.6
                    Jun 11, 2021 06:49:54.209718943 CEST44349714124.47.150.19192.168.2.6
                    Jun 11, 2021 06:49:54.209784031 CEST44349714124.47.150.19192.168.2.6
                    Jun 11, 2021 06:49:54.209939003 CEST49714443192.168.2.6124.47.150.19
                    Jun 11, 2021 06:49:54.210004091 CEST49714443192.168.2.6124.47.150.19
                    Jun 11, 2021 06:49:54.218255997 CEST49714443192.168.2.6124.47.150.19
                    Jun 11, 2021 06:49:54.507224083 CEST44349714124.47.150.19192.168.2.6
                    Jun 11, 2021 06:49:58.787702084 CEST44349714124.47.150.19192.168.2.6
                    Jun 11, 2021 06:49:58.787951946 CEST49714443192.168.2.6124.47.150.19
                    Jun 11, 2021 06:49:58.872083902 CEST49720443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:58.872134924 CEST49721443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.012017012 CEST443497203.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.012326002 CEST49720443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.014271975 CEST49720443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.018022060 CEST443497213.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.018340111 CEST49721443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.019881964 CEST49721443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.153918982 CEST443497203.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.162545919 CEST443497203.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.162589073 CEST443497203.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.162637949 CEST443497203.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.162669897 CEST49720443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.162679911 CEST443497203.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.162720919 CEST49720443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.162729025 CEST49720443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.162733078 CEST49720443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.165704966 CEST443497213.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.174318075 CEST443497213.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.174371958 CEST443497213.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.174407959 CEST443497213.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.174417973 CEST49721443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.174443960 CEST443497213.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.174494982 CEST49721443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.174550056 CEST49721443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.174875021 CEST49720443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.175312996 CEST49720443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.175575018 CEST49720443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.178508043 CEST49721443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.178946972 CEST49721443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.316286087 CEST443497203.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.316528082 CEST443497203.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.316556931 CEST443497203.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.316651106 CEST49720443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.316690922 CEST49720443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.318106890 CEST49720443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.325751066 CEST443497213.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.325783014 CEST443497213.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.326018095 CEST443497213.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.335400105 CEST49721443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.335443020 CEST443497203.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.335500956 CEST443497203.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.335541010 CEST443497203.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.335575104 CEST443497203.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.335602999 CEST443497203.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.335597038 CEST49720443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.335633993 CEST49720443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.335639000 CEST49720443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.335676908 CEST49720443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.337146044 CEST49721443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.403953075 CEST49720443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.502463102 CEST443497203.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.529855967 CEST443497213.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.546638012 CEST443497203.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.563565016 CEST443497203.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.563618898 CEST443497203.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.563652992 CEST443497203.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.563679934 CEST443497203.17.15.199192.168.2.6
                    Jun 11, 2021 06:49:59.563699007 CEST49720443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.563755035 CEST49720443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.563806057 CEST49720443192.168.2.63.17.15.199
                    Jun 11, 2021 06:49:59.878592968 CEST49720443192.168.2.63.17.15.199

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Jun 11, 2021 06:49:44.236893892 CEST6426753192.168.2.68.8.8.8
                    Jun 11, 2021 06:49:44.287075996 CEST53642678.8.8.8192.168.2.6
                    Jun 11, 2021 06:49:45.154815912 CEST4944853192.168.2.68.8.8.8
                    Jun 11, 2021 06:49:45.205399036 CEST53494488.8.8.8192.168.2.6
                    Jun 11, 2021 06:49:46.178725958 CEST6034253192.168.2.68.8.8.8
                    Jun 11, 2021 06:49:46.229497910 CEST53603428.8.8.8192.168.2.6
                    Jun 11, 2021 06:49:47.288608074 CEST6134653192.168.2.68.8.8.8
                    Jun 11, 2021 06:49:47.339334011 CEST53613468.8.8.8192.168.2.6
                    Jun 11, 2021 06:49:48.251399040 CEST5177453192.168.2.68.8.8.8
                    Jun 11, 2021 06:49:48.301599979 CEST53517748.8.8.8192.168.2.6
                    Jun 11, 2021 06:49:49.248955011 CEST5602353192.168.2.68.8.8.8
                    Jun 11, 2021 06:49:49.301238060 CEST53560238.8.8.8192.168.2.6
                    Jun 11, 2021 06:49:50.228514910 CEST5838453192.168.2.68.8.8.8
                    Jun 11, 2021 06:49:50.280530930 CEST53583848.8.8.8192.168.2.6
                    Jun 11, 2021 06:49:51.565171003 CEST6026153192.168.2.68.8.8.8
                    Jun 11, 2021 06:49:51.624222040 CEST53602618.8.8.8192.168.2.6
                    Jun 11, 2021 06:49:51.670892000 CEST5606153192.168.2.68.8.8.8
                    Jun 11, 2021 06:49:51.723994017 CEST53560618.8.8.8192.168.2.6
                    Jun 11, 2021 06:49:52.806663036 CEST5833653192.168.2.68.8.8.8
                    Jun 11, 2021 06:49:52.884427071 CEST53583368.8.8.8192.168.2.6
                    Jun 11, 2021 06:49:54.155527115 CEST5378153192.168.2.68.8.8.8
                    Jun 11, 2021 06:49:54.205874920 CEST53537818.8.8.8192.168.2.6
                    Jun 11, 2021 06:49:56.070228100 CEST5406453192.168.2.68.8.8.8
                    Jun 11, 2021 06:49:56.120417118 CEST53540648.8.8.8192.168.2.6
                    Jun 11, 2021 06:49:57.360879898 CEST5281153192.168.2.68.8.8.8
                    Jun 11, 2021 06:49:57.411514044 CEST53528118.8.8.8192.168.2.6
                    Jun 11, 2021 06:49:58.466937065 CEST5529953192.168.2.68.8.8.8
                    Jun 11, 2021 06:49:58.529037952 CEST53552998.8.8.8192.168.2.6
                    Jun 11, 2021 06:49:58.804078102 CEST6374553192.168.2.68.8.8.8
                    Jun 11, 2021 06:49:58.866739988 CEST53637458.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:00.892452955 CEST5005553192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:00.946038008 CEST53500558.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:02.640511990 CEST6137453192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:02.695547104 CEST53613748.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:03.781336069 CEST5033953192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:03.844701052 CEST53503398.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:04.583234072 CEST6330753192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:04.636890888 CEST53633078.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:10.582756042 CEST4969453192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:10.645833969 CEST53496948.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:10.738950014 CEST5498253192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:10.792041063 CEST53549828.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:11.569263935 CEST5001053192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:11.619601965 CEST53500108.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:16.372633934 CEST6371853192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:16.434716940 CEST53637188.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:21.607191086 CEST6211653192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:21.667524099 CEST53621168.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:22.372471094 CEST6381653192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:22.431260109 CEST53638168.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:22.637332916 CEST6211653192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:22.697768927 CEST53621168.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:23.417274952 CEST6381653192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:23.477365971 CEST53638168.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:23.683056116 CEST6211653192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:23.747996092 CEST53621168.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:24.464900970 CEST6381653192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:24.524734020 CEST53638168.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:25.731291056 CEST6211653192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:25.784548998 CEST53621168.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:26.511292934 CEST6381653192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:26.571794987 CEST53638168.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:29.777399063 CEST6211653192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:29.829013109 CEST53621168.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:30.574150085 CEST6381653192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:30.636538982 CEST53638168.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:34.405864000 CEST5501453192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:34.466727018 CEST53550148.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:35.130315065 CEST6220853192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:35.190814972 CEST53622088.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:35.623259068 CEST5757453192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:35.683223963 CEST53575748.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:35.849730015 CEST5181853192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:35.911269903 CEST53518188.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:36.445476055 CEST5662853192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:36.510792971 CEST53566288.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:37.049515009 CEST6077853192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:37.111593962 CEST53607788.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:38.120421886 CEST5379953192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:38.259500980 CEST53537998.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:39.243570089 CEST5468353192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:39.306793928 CEST53546838.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:40.174675941 CEST5932953192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:40.236625910 CEST53593298.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:41.347383022 CEST6402153192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:41.499370098 CEST53640218.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:42.149908066 CEST5612953192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:42.211060047 CEST53561298.8.8.8192.168.2.6
                    Jun 11, 2021 06:50:56.064095020 CEST5817753192.168.2.68.8.8.8
                    Jun 11, 2021 06:50:56.124412060 CEST53581778.8.8.8192.168.2.6
                    Jun 11, 2021 06:51:26.309387922 CEST5070053192.168.2.68.8.8.8
                    Jun 11, 2021 06:51:26.379045963 CEST53507008.8.8.8192.168.2.6
                    Jun 11, 2021 06:51:27.590250969 CEST5406953192.168.2.68.8.8.8
                    Jun 11, 2021 06:51:27.662661076 CEST53540698.8.8.8192.168.2.6
                    Jun 11, 2021 06:51:28.050021887 CEST6117853192.168.2.68.8.8.8
                    Jun 11, 2021 06:51:28.112843037 CEST53611788.8.8.8192.168.2.6

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                    Jun 11, 2021 06:49:52.806663036 CEST192.168.2.68.8.8.80x247aStandard query (0)protect-au.mimecast.comA (IP address)IN (0x0001)
                    Jun 11, 2021 06:49:58.804078102 CEST192.168.2.68.8.8.80xe99eStandard query (0)pr.ssm.echoworx.netA (IP address)IN (0x0001)
                    Jun 11, 2021 06:50:10.582756042 CEST192.168.2.68.8.8.80xb010Standard query (0)pr.ssm.echoworx.netA (IP address)IN (0x0001)

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                    Jun 11, 2021 06:49:52.884427071 CEST8.8.8.8192.168.2.60x247aNo error (0)protect-au.mimecast.com124.47.150.19A (IP address)IN (0x0001)
                    Jun 11, 2021 06:49:52.884427071 CEST8.8.8.8192.168.2.60x247aNo error (0)protect-au.mimecast.com103.13.69.19A (IP address)IN (0x0001)
                    Jun 11, 2021 06:49:58.866739988 CEST8.8.8.8192.168.2.60xe99eNo error (0)pr.ssm.echoworx.netalb-echoworx-v00-907380543.us-east-2.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)
                    Jun 11, 2021 06:49:58.866739988 CEST8.8.8.8192.168.2.60xe99eNo error (0)alb-echoworx-v00-907380543.us-east-2.elb.amazonaws.com3.17.15.199A (IP address)IN (0x0001)
                    Jun 11, 2021 06:49:58.866739988 CEST8.8.8.8192.168.2.60xe99eNo error (0)alb-echoworx-v00-907380543.us-east-2.elb.amazonaws.com3.142.104.20A (IP address)IN (0x0001)
                    Jun 11, 2021 06:50:10.645833969 CEST8.8.8.8192.168.2.60xb010No error (0)pr.ssm.echoworx.netalb-echoworx-v00-907380543.us-east-2.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)
                    Jun 11, 2021 06:50:10.645833969 CEST8.8.8.8192.168.2.60xb010No error (0)alb-echoworx-v00-907380543.us-east-2.elb.amazonaws.com3.17.15.199A (IP address)IN (0x0001)
                    Jun 11, 2021 06:50:10.645833969 CEST8.8.8.8192.168.2.60xb010No error (0)alb-echoworx-v00-907380543.us-east-2.elb.amazonaws.com3.142.104.20A (IP address)IN (0x0001)

                    HTTPS Packets

                    TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                    Jun 11, 2021 06:49:53.488532066 CEST124.47.150.19443192.168.2.649715CN=*.mimecast.com, O=Mimecast Services Limited, L=London, C=GB CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USFri Feb 19 01:00:00 CET 2021 Thu Sep 24 02:00:00 CEST 2020Wed Mar 23 00:59:59 CET 2022 Tue Sep 24 01:59:59 CEST 2030771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                    CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USThu Sep 24 02:00:00 CEST 2020Tue Sep 24 01:59:59 CEST 2030
                    Jun 11, 2021 06:49:53.489284039 CEST124.47.150.19443192.168.2.649714CN=*.mimecast.com, O=Mimecast Services Limited, L=London, C=GB CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USFri Feb 19 01:00:00 CET 2021 Thu Sep 24 02:00:00 CEST 2020Wed Mar 23 00:59:59 CET 2022 Tue Sep 24 01:59:59 CEST 2030771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                    CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USThu Sep 24 02:00:00 CEST 2020Tue Sep 24 01:59:59 CEST 2030
                    Jun 11, 2021 06:49:59.162679911 CEST3.17.15.199443192.168.2.649720CN=*.ssm.echoworx.net CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=USCN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Tue May 25 20:53:28 CEST 2021 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021Mon Aug 23 20:53:28 CEST 2021 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                    CN=R3, O=Let's Encrypt, C=USCN=ISRG Root X1, O=Internet Security Research Group, C=USFri Sep 04 02:00:00 CEST 2020Mon Sep 15 18:00:00 CEST 2025
                    CN=ISRG Root X1, O=Internet Security Research Group, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Jan 20 20:14:03 CET 2021Mon Sep 30 20:14:03 CEST 2024
                    Jun 11, 2021 06:49:59.174443960 CEST3.17.15.199443192.168.2.649721CN=*.ssm.echoworx.net CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=USCN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Tue May 25 20:53:28 CEST 2021 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021Mon Aug 23 20:53:28 CEST 2021 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                    CN=R3, O=Let's Encrypt, C=USCN=ISRG Root X1, O=Internet Security Research Group, C=USFri Sep 04 02:00:00 CEST 2020Mon Sep 15 18:00:00 CEST 2025
                    CN=ISRG Root X1, O=Internet Security Research Group, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Jan 20 20:14:03 CET 2021Mon Sep 30 20:14:03 CEST 2024
                    Jun 11, 2021 06:50:10.958244085 CEST3.17.15.199443192.168.2.649726CN=*.ssm.echoworx.net CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=USCN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Tue May 25 20:53:28 CEST 2021 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021Mon Aug 23 20:53:28 CEST 2021 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,037f463bf4616ecd445d4a1937da06e19
                    CN=R3, O=Let's Encrypt, C=USCN=ISRG Root X1, O=Internet Security Research Group, C=USFri Sep 04 02:00:00 CEST 2020Mon Sep 15 18:00:00 CEST 2025
                    CN=ISRG Root X1, O=Internet Security Research Group, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Jan 20 20:14:03 CET 2021Mon Sep 30 20:14:03 CEST 2024

                    Code Manipulations

                    Statistics

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Start time:06:49:50
                    Start date:11/06/2021
                    Path:C:\Program Files\internet explorer\iexplore.exe
                    Wow64 process (32bit):false
                    Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
                    Imagebase:0x7ff721e20000
                    File size:823560 bytes
                    MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low

                    General

                    Start time:06:49:51
                    Start date:11/06/2021
                    Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                    Wow64 process (32bit):true
                    Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4984 CREDAT:17410 /prefetch:2
                    Imagebase:0x1020000
                    File size:822536 bytes
                    MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low

                    Disassembly

                    Reset < >