Windows
Analysis Report
20220531_180800.rtf
Overview
General Information
Detection
Score: | 68 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
- WINWORD.EXE (PID: 1424 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\WINWOR D.EXE" /Au tomation - Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_Doc_WordXMLRels_May22 | Detects a suspicious pattern in docx document.xml.rels file as seen in CVE-2022-30190 | Tobias Michalski, Christian Burkard, Wojciech Cie\305\233lak |
| |
INDICATOR_OLE_RemoteTemplate | Detects XML relations where an OLE object is refrencing an external target in dropper OOXML documents | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
MAL_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 | Tobias Michalski, Christian Burkard |
| |
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
MAL_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 | Tobias Michalski, Christian Burkard |
| |
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security | ||
MAL_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 | Tobias Michalski, Christian Burkard |
| |
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security | ||
MAL_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 | Tobias Michalski, Christian Burkard |
| |
Click to see the 1 entries |
Click to jump to signature section
Exploits |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Extracted files from sample: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: |
Source: | TCP traffic: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | ASN Name: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File created: | Jump to behavior |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Matched rule: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Key opened: | Jump to behavior |
Source: | LNK file: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Data Obfuscation |
---|
Source: | Initial file: |
Persistence and Installation Behavior |
---|
Source: | Extracted files from sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 13 Exploitation for Client Execution | Path Interception | Path Interception | 11 Masquerading | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Obfuscated Files or Information | LSASS Memory | 2 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 2 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 13 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 2 Ingress Tool Transfer | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
cyberleague.co | 13.250.15.191 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
13.250.15.191 | cyberleague.co | United States | 16509 | AMAZON-02US | true |
Joe Sandbox Version: | 35.0.0 Citrine |
Analysis ID: | 639039 |
Start date and time: 03/06/202222:56:31 | 2022-06-03 22:56:31 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 4m 52s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 20220531_180800.rtf |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 1 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal68.expl.evad.winRTF@1/20@15/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): mrxdav.sys, dllhost.exe, rundll32.exe
- Report size getting too big, too many NtCreateFile calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
AMAZON-02US | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
05af1f5ca1b87cc9cc9b25185115607d | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
7dcce5b76c8b17472d024758970a406b | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.28805818698686764 |
Encrypted: | false |
SSDEEP: | 96:K80LHs15sXMfsKQYKg5EgkZ9SlxDZ9Slx1H:10ZQ5EgkgFgv |
MD5: | 0F53A328D727C7A8393CF8DB618D4D62 |
SHA1: | 40630D0F9A6F68A29581FDA5E76576BF7AE71B7A |
SHA-256: | A38F36CF8DA290265A3EBD5FFE647E624FC904C2B31B5D95A76A7DE879476C89 |
SHA-512: | 31456776CEC78F653EEE9B95DC80322F4BD1183EE380F7766751ED271534AF4ECD987EBF91E5A61B17332D879AF642F01F0032E186B6FD02BA9656B38B2E43DE |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{D07E1317-E210-451E-906F-B47A5E9E2F72}.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.6745994346547596 |
Encrypted: | false |
SSDEEP: | 96:KXpYCylKgE5XB6V+PAeAKoGR+EPRAriArrGRrDij8A7EAOiMrApMrA:94gEv9pIGNPR4i4UrDij8sEviMrmMr |
MD5: | CE42E4E68F81AFD5140DEB010D3974D9 |
SHA1: | B28D3F230028716DE5868FCEB78FFD804CB64F20 |
SHA-256: | 66046EDB9D30EE2110E19A0F6B13EB85BD3AD7C0E2F7A39DF5A243899C01B015 |
SHA-512: | 562D29C5C5EADDDB09DA1CE689A793AE9177034D986291711AF6C51039EAE3C92B30626FE20645889C51D4FE8EFB73AF98163C0759BA5547E4AE31078252EBC7 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 114 |
Entropy (8bit): | 3.9333319485137532 |
Encrypted: | false |
SSDEEP: | 3:yVlgsRlz5nOlVilXKPIldOYRO+fzpWSR5l276:yPblz5nOlVilaIXOYRO+fzpWSt22 |
MD5: | DBA609DFDA4A5C85C8EE0FC4064E7EF1 |
SHA1: | 5A08AFFB1250AEB5F1CABF76D4ACB41163B6EB21 |
SHA-256: | F63018A026B41D192965C2AF5B317D276F7A1752656DDC92553208C086C74918 |
SHA-512: | FB4531A2D4B2017E3F1C11584782A8F981C8C4858AAAFC8612275B5B707EFB6103CA48D63B73F13FCA5396BC4F419E69B4CC42E7478C5FBBF86C6B213D55FABD |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.28681787155888283 |
Encrypted: | false |
SSDEEP: | 96:KoLGWkpIdVgNhBNHiN34xoByqVTh/JydVN0Quw+nYwVQXj7zVQuw+nYwVQXj7z6H:juAWZi/kqm8d78dv |
MD5: | ABA9368EAF1B4D977D05230FA0AA98A3 |
SHA1: | 30B33313B742BF2D6FF18C5F94A968BEA72AC1DF |
SHA-256: | 19E5D7038C725D60565FD1555F8327660BC49A35D2FBC98DDE8590919C9BCEB8 |
SHA-512: | F4C1954A2F70D90DAC1726915FC4D3AF07D6F8FF349ED7B6FF507DDDA1BEB26BFC47A473482D78CDBB0B9CD605E383EF7C918F1D094D2029420619247201D0B3 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{2BA6A725-AC26-4BE3-96A9-7AB218EE9A3D}.FSD
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.22146428280828123 |
Encrypted: | false |
SSDEEP: | 24:I3ev8LwnM0B34FlvHIJKqubKuXCZx6GSeWPOOVRb5XJr8IZxfpA5j36QIHu/w2fG:I3rUrB+vHyZMNdtfxxAUBiRiZ |
MD5: | 234B22C34D8E43311793320B0BA6E463 |
SHA1: | 217801EE5CA96B065D4F1282983487272AB7D89A |
SHA-256: | E59D9F9EBEDDF1697EC9B434F7D23C9EF4ACC4DB61E0B4942C28D2DADC0FDD87 |
SHA-512: | 826B4DFF773E1F94E66847407EE1877E164C3C5C260CE5664B048B23F4C0190F91E5DEFBF7382138EDE9659434361790AC74B1C8D82A6556CC65B4674F07DFB4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 114 |
Entropy (8bit): | 3.9560520403188666 |
Encrypted: | false |
SSDEEP: | 3:yVlgsRlz1ylJ19X1vWSw/+9snKhmf276:yPblz125XdWSy+anKk22 |
MD5: | 921A52A43CA18F34DA0D4E2EC1EB1864 |
SHA1: | 386EAAD70D06862C0124558FB2D109A0048307D6 |
SHA-256: | 4FEBAE4D1D78D716F73088AA1BE00524C09E132F293AE4F371C47CC29E38C51D |
SHA-512: | 1E7826AC83669F7411DA3E232695C8D85EEF466E8404893B5741C0A5E8D0D9C4CC26912E81F74A4DB9FAB01E2588A2BBB6D6414638D8DBE05543D81FF78FCC8C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\th1s[1].htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | downloaded |
Size (bytes): | 5092 |
Entropy (8bit): | 1.5689266993578892 |
Encrypted: | false |
SSDEEP: | 12:hPlf7fguuuuuuuuuuuuuuuuuuuuuuuuuuuuuuyxH8d2GZfgGwf80K2GUJU6+LtSm:hP12dlRg7nfG/bLtF0ooS34BM3 |
MD5: | DA03F3022C8E3A07A6F196216B29135E |
SHA1: | 1F12DE0F50FF34CDB1C1BD99BCA553F7192FA416 |
SHA-256: | 87E5A464DE2F85A500F1B8D1028F5742F0903D9C0C3387DC572AAC8CF9027BCC |
SHA-512: | 9E039948E2706E864656E1EE2D1CC659F60DC24A5964D220DA4409CCDC7815197F6E3636EC5CA43915BE70DA0A88888BE55B3EAA1F1AC828265D771145EF495E |
Malicious: | true |
Yara Hits: |
|
Reputation: | low |
IE Cache URL: | https://cyberleague.co/th1s.html |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2B293583.htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5092 |
Entropy (8bit): | 1.5689266993578892 |
Encrypted: | false |
SSDEEP: | 12:hPlf7fguuuuuuuuuuuuuuuuuuuuuuuuuuuuuuyxH8d2GZfgGwf80K2GUJU6+LtSm:hP12dlRg7nfG/bLtF0ooS34BM3 |
MD5: | DA03F3022C8E3A07A6F196216B29135E |
SHA1: | 1F12DE0F50FF34CDB1C1BD99BCA553F7192FA416 |
SHA-256: | 87E5A464DE2F85A500F1B8D1028F5742F0903D9C0C3387DC572AAC8CF9027BCC |
SHA-512: | 9E039948E2706E864656E1EE2D1CC659F60DC24A5964D220DA4409CCDC7815197F6E3636EC5CA43915BE70DA0A88888BE55B3EAA1F1AC828265D771145EF495E |
Malicious: | true |
Yara Hits: |
|
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\775ABF47.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4980 |
Entropy (8bit): | 3.8087894377622136 |
Encrypted: | false |
SSDEEP: | 48:cqZDMN7gsdBgLfVTped//HksYHGui3DAjG6kpJoApdHk/O:cqi7lBSTped//qH3i3DAqXLE/O |
MD5: | 5B29927367C1C2BEBE25499E5602DE05 |
SHA1: | 10EB42142920A3299851F183D624731B910C6FCE |
SHA-256: | 820E5CFE32DD64E31AEE40837BC3730B1B0F810787A7D3AAFC700191E6551C68 |
SHA-512: | CD1E48056BDCBDD8CE2C0B7C8E15CA645D26FF372CA68D20D6B3078580943D4D5FA68FEE84A0C1AAC86F275ACE0059A3F76C2AF402EEC918C6680549BAB2C2EC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A0472FED.htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5092 |
Entropy (8bit): | 1.5689266993578892 |
Encrypted: | false |
SSDEEP: | 12:hPlf7fguuuuuuuuuuuuuuuuuuuuuuuuuuuuuuyxH8d2GZfgGwf80K2GUJU6+LtSm:hP12dlRg7nfG/bLtF0ooS34BM3 |
MD5: | DA03F3022C8E3A07A6F196216B29135E |
SHA1: | 1F12DE0F50FF34CDB1C1BD99BCA553F7192FA416 |
SHA-256: | 87E5A464DE2F85A500F1B8D1028F5742F0903D9C0C3387DC572AAC8CF9027BCC |
SHA-512: | 9E039948E2706E864656E1EE2D1CC659F60DC24A5964D220DA4409CCDC7815197F6E3636EC5CA43915BE70DA0A88888BE55B3EAA1F1AC828265D771145EF495E |
Malicious: | true |
Yara Hits: |
|
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D634E9A8.jpeg
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 91933 |
Entropy (8bit): | 7.9892937833237845 |
Encrypted: | false |
SSDEEP: | 1536:7JCBhGCgBEFzvY1kH0R1ngxcrXo3N0rKL1nvFhbbrC3PJ4+6JaZB5:UBkCgBEZPml3rY3NBpvFRbAhOJi5 |
MD5: | A53C5995856D35B0097F80E38D258D33 |
SHA1: | 31099B09DCCAC8C4A1BAA7E1F1B14E6C80FC516F |
SHA-256: | E87E50F77EEC96A1F0E37FCA345001474B3A023EAABC8DBE6FB1989DCFCDA543 |
SHA-512: | 92C0748B624D9C2C8941C7720EF34C7EF7793589C19517FA4AAAF40C5BE3DCDE3F7C601D1D2B142AED5EFA92E50E5B449B2A61AAB96D22FBBF2B2C9F0EEFA1F6 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{529AA3F3-C7EA-493B-9EDD-4242ACBC44EE}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4096 |
Entropy (8bit): | 1.8698058088064178 |
Encrypted: | false |
SSDEEP: | 12:rl3bn+qFYsRY3ao92p0hCFySD5lzHSB2TTCt0aNB2TFn7iVjOFyS4CIFyS4FyS4U:rYdIp08B02UL2pigEiWBF4 |
MD5: | 250374534DAFD474CE245E6A5281B3A9 |
SHA1: | 8D3C4BD81822054D6811F54B16EE750903032071 |
SHA-256: | C142D359182AFDC3B726ADFD4E25161734D3D201027DD7B16C9632C05511D9F1 |
SHA-512: | E63C7F88A48269F2573FB300D1E2EDB88B2DEB97CE0A908C49579EDDD50F72BA3906DC1BB492BFF93B0B0C72CDE4D7A30BD60CCE1F4AB28CD920798D7E212AFA |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{058B4FD5-0265-42FA-A9A3-3C51BC43AA1B}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1024 |
Entropy (8bit): | 0.05390218305374581 |
Encrypted: | false |
SSDEEP: | 3:ol3lYdn:4Wn |
MD5: | 5D4D94EE7E06BBB0AF9584119797B23A |
SHA1: | DBB111419C704F116EFA8E72471DD83E86E49677 |
SHA-256: | 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1 |
SHA-512: | 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3847A8D6-DBE6-42C6-982A-DFBC45D1EACD}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1536 |
Entropy (8bit): | 1.3186956359584476 |
Encrypted: | false |
SSDEEP: | 6:W4ofylIcElClbYS7plQalvbK/SterHr4PxZUttrasD3Salx3d4XsDialL1:9oal7MClc2HK/rLGZmra4zlb4XelJ |
MD5: | 969565D4524D45ACD7910BFECB14B97D |
SHA1: | 272B72B769BB8DB11CF5E3B9D13AE3512B71B890 |
SHA-256: | 2380C8F197156562ED8C5024E8E7F361862FC307D5CF6B6F5EC417B8DA0093B4 |
SHA-512: | 58C7DC7E487BE8135461A125061D10289F0D81E804EDC8B57CDC9CDD5157FEE9FF14EE104CE7450BFE3708EF0DC930EF30906F4B8570092AEE4A5F79FFEB76BD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.0256287320096627 |
Encrypted: | false |
SSDEEP: | 6:I3DPcfObYvxggLRHF1NNSapRXv//4tfnRujlw//+GtluJ/eRuj:I3DPJbOr7PFHvYg3J/ |
MD5: | 0F8D76FDBEDB717807CA629B7BFECABE |
SHA1: | 171373F8A5B5A47539DBD5CCE33C58CA2BD66EDD |
SHA-256: | C1D337465844316985A4631572BEB8DE266EFBD2CD9A35AA991E24AFAB233FBF |
SHA-512: | 8473B7DC81543F660D7E1FD57CB9D215E62F8C4BDA3F1744DFA53C4AFDED4C9B1014F8E7AC298B33484103CCB3DB6077424D38018B106C33EB97EAE8E9FA165D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.025609728427755104 |
Encrypted: | false |
SSDEEP: | 6:I3DPciIeBvxggLR21MtiX/t0tE3RXv//4tfnRujlw//+GtluJ/eRuj:I3DPrBPtivmtERvYg3J/ |
MD5: | 560D6C31C54209C7E805EAC5ADA0DBB4 |
SHA1: | A4CAB559CB8FC78B59DE7F225BC5406257794615 |
SHA-256: | 3B3232E7A76CD10AC33A42A30D2447BB78FA2AC693B94687A6F644BFB03D98E6 |
SHA-512: | 0372D772A5DAE29AFEF459599119D6568BE5A2B690D9689F71B7FC84317503E3F4B4A3B785641683F754A3D22194020736D7B5AEA86F1819AD2235863AE8B5F8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1039 |
Entropy (8bit): | 4.495584157169374 |
Encrypted: | false |
SSDEEP: | 12:8epRgXg/XAlCPCHaXWBlXB/zxkpX+WZjewU0fWiLCicvbOd7MYDtZ3YilMMEpxRG:8En/XTm3xqbiwU0fpLJeqNDv3q/Y7h |
MD5: | 0D873EAEF2936CDC358A2B9E248B5432 |
SHA1: | 78DAECA24D53D6739485EF2628959D3D7572CF86 |
SHA-256: | EDD37464C85F0C3932E9CE1741CA5B21BE7B65CD16165E93206F2C681E4119CB |
SHA-512: | 81D184F7B79B79BF0EDDEE9ECA67476981AA90AC1FFFBBAB5EB0428FD6411124FD6C2B65DCABD3B729E584CF9FDED99BFC64CCFDE1F1E9391548010815F2356C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 82 |
Entropy (8bit): | 4.526832677737851 |
Encrypted: | false |
SSDEEP: | 3:bDuMJlHDISlmxWk1DISlv:bCBSjS1 |
MD5: | 07CF9C274D2D15FCBB60B6FD51508E35 |
SHA1: | C35DD2A08AA5B765EDB55775B247CCE0C0090064 |
SHA-256: | 07AB1BBAA3C36DDF78D815F20B1C37D36775AED93532D8BC8A3A200B92B6120F |
SHA-512: | FEDAF1A0E92C4A3123F8916CB1F6AFFC708806AD9A825C070824CF27A11C52CE692AC579F955CA9503180229ECA49974D29643369C63DD77017732356E42B33F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707525 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyEJbiJk/p2TKWWhMGHiV/ln:vdsCkWttViJkh2TKHM9V/l |
MD5: | C5E24006AFAC8C2659023AD09A07EB0F |
SHA1: | 4B7B834BEDADFD0A2764743E021D40C55A51F284 |
SHA-256: | 7C9E6D71E3F53D37A78CCE23FA21D259365A9571C6C3A01E8D216586177BA87E |
SHA-512: | 673649AF8318514414758F92756D408FB6F0CA4859CB2994A921E288126561A7B4EB3C7D824CC90352D939952EA167A473A4282838362B36E85B701A4B582396 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707525 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyEJbiJk/p2TKWWhMGHiV/ln:vdsCkWttViJkh2TKHM9V/l |
MD5: | C5E24006AFAC8C2659023AD09A07EB0F |
SHA1: | 4B7B834BEDADFD0A2764743E021D40C55A51F284 |
SHA-256: | 7C9E6D71E3F53D37A78CCE23FA21D259365A9571C6C3A01E8D216586177BA87E |
SHA-512: | 673649AF8318514414758F92756D408FB6F0CA4859CB2994A921E288126561A7B4EB3C7D824CC90352D939952EA167A473A4282838362B36E85B701A4B582396 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.9948510704789975 |
TrID: |
|
File name: | 20220531_180800.rtf |
File size: | 199522 |
MD5: | 7b9c8e08371550238fbcd7cee1c8087d |
SHA1: | ff8c9deb358b2d22aa086cf36406461e8e9978b2 |
SHA256: | b93326f795459d836c277730058e9923ab5f9bfbcef32e1c951e4a0d7538f9f5 |
SHA512: | 962c4c0a48519ffa81a95771b25987cc6aeed4bb8737e1e5ab242233f849370d72675f08da3628270bad410659772f437209d7f02bed089b5a220f97314ec1f4 |
SSDEEP: | 3072:LP/BkCPAXydgrYOUIr0XX95JQ7Anr5w2wJLWsk2n3rYxNYlT+MaJis19s9k:b/qXySM3XtQMnrq2Jon3MfYoL19s9k |
TLSH: | 7814131876E61EB9C60F3BB6B875A1076B9F0017EC14D2BF0C6065F98931964B670F8B |
File Content Preview: | PK..........!....iw...........[Content_Types].xml.T.n.0..W.? _#p.CUU!9t96..~.1.q.M...}.HQ........y..f........F.d..I...\.2%.....D>0.3i4.d..L'.7.......}J.!.GJ=_.b>1.4".q..<..Z.?Y..n8.....:... ..3.l-C....M.Lh.=5u.UJ..Rp.........(.....BJb$....@h.>..H_.*....n. |
Icon Hash: | e4eea2aaa4b4b4a4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 3, 2022 22:57:19.943697929 CEST | 49171 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:19.943775892 CEST | 443 | 49171 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:19.943865061 CEST | 49171 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:19.964051008 CEST | 49171 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:19.964108944 CEST | 443 | 49171 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:20.359473944 CEST | 443 | 49171 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:20.359684944 CEST | 49171 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:20.373123884 CEST | 49171 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:20.373183012 CEST | 443 | 49171 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:20.373627901 CEST | 443 | 49171 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:20.373694897 CEST | 49171 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:20.676564932 CEST | 49171 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:20.720520973 CEST | 443 | 49171 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:20.866599083 CEST | 443 | 49171 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:20.866712093 CEST | 49171 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:20.866750956 CEST | 443 | 49171 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:20.866786957 CEST | 443 | 49171 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:20.866797924 CEST | 49171 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:20.866830111 CEST | 49171 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:20.866849899 CEST | 49171 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:20.866868019 CEST | 443 | 49171 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:20.866874933 CEST | 49171 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:20.866910934 CEST | 49171 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:26.539957047 CEST | 49172 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:26.540018082 CEST | 443 | 49172 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:26.540102005 CEST | 49172 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:26.540370941 CEST | 49172 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:26.540399075 CEST | 443 | 49172 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:26.960410118 CEST | 443 | 49172 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:26.960488081 CEST | 49172 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:26.967047930 CEST | 49172 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:26.967062950 CEST | 443 | 49172 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:26.967387915 CEST | 443 | 49172 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:26.980971098 CEST | 49172 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:27.024497986 CEST | 443 | 49172 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:27.376456022 CEST | 443 | 49172 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:27.376615047 CEST | 443 | 49172 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:27.376735926 CEST | 49172 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:27.376802921 CEST | 49172 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:27.376820087 CEST | 443 | 49172 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:31.790095091 CEST | 49173 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:31.790122986 CEST | 443 | 49173 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:31.790210962 CEST | 49173 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:31.791918039 CEST | 49173 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:31.791934967 CEST | 443 | 49173 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:32.201199055 CEST | 443 | 49173 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:32.202213049 CEST | 49173 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:32.225771904 CEST | 49173 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:32.225794077 CEST | 443 | 49173 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:32.226578951 CEST | 443 | 49173 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:32.272612095 CEST | 49173 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:32.316492081 CEST | 443 | 49173 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:32.602184057 CEST | 443 | 49173 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:32.602251053 CEST | 443 | 49173 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:32.602561951 CEST | 49173 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:32.602585077 CEST | 49173 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:32.602600098 CEST | 443 | 49173 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:32.602688074 CEST | 49173 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:32.602694988 CEST | 443 | 49173 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:32.602695942 CEST | 49173 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:32.602699041 CEST | 443 | 49173 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:35.228313923 CEST | 49174 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:35.228359938 CEST | 443 | 49174 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:35.228441954 CEST | 49174 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:35.228722095 CEST | 49174 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:35.228737116 CEST | 443 | 49174 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:35.606906891 CEST | 443 | 49174 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:35.607220888 CEST | 49174 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:35.621345997 CEST | 49174 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:35.621412039 CEST | 443 | 49174 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:35.622071028 CEST | 443 | 49174 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:35.623574018 CEST | 49174 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:35.668502092 CEST | 443 | 49174 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:35.976391077 CEST | 443 | 49174 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:35.976555109 CEST | 443 | 49174 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:35.976737976 CEST | 49174 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:35.983047962 CEST | 49174 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:35.983087063 CEST | 443 | 49174 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:37.074811935 CEST | 49175 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:37.074841022 CEST | 443 | 49175 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:37.074956894 CEST | 49175 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:37.075555086 CEST | 49175 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:37.075567007 CEST | 443 | 49175 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:37.458427906 CEST | 443 | 49175 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:37.458610058 CEST | 49175 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:37.471674919 CEST | 49175 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:37.471684933 CEST | 443 | 49175 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:37.472399950 CEST | 443 | 49175 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:37.474443913 CEST | 49175 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:37.516489029 CEST | 443 | 49175 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:37.833076000 CEST | 443 | 49175 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:37.833199978 CEST | 443 | 49175 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:37.833389997 CEST | 49175 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:37.838345051 CEST | 49175 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:37.838361979 CEST | 443 | 49175 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:37.864737034 CEST | 49176 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:37.864792109 CEST | 443 | 49176 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:37.864876986 CEST | 49176 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:37.866413116 CEST | 49176 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:37.866449118 CEST | 443 | 49176 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:38.243213892 CEST | 443 | 49176 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:38.243807077 CEST | 49176 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:38.277620077 CEST | 49176 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:38.277631998 CEST | 443 | 49176 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:38.281229019 CEST | 49176 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:38.281239033 CEST | 443 | 49176 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:38.616075039 CEST | 443 | 49176 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:38.616178036 CEST | 443 | 49176 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:38.616194010 CEST | 49176 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:38.616221905 CEST | 443 | 49176 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:38.616241932 CEST | 49176 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:38.616262913 CEST | 49176 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:38.616275072 CEST | 443 | 49176 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:38.616309881 CEST | 443 | 49176 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:38.616332054 CEST | 49176 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:38.616359949 CEST | 49176 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:38.618458033 CEST | 49176 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:38.618490934 CEST | 443 | 49176 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:38.826630116 CEST | 49177 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:38.826662064 CEST | 443 | 49177 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:38.826791048 CEST | 49177 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:38.827254057 CEST | 49177 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:38.827266932 CEST | 443 | 49177 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:39.221398115 CEST | 443 | 49177 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:39.221622944 CEST | 49177 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:39.222325087 CEST | 49177 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:39.222341061 CEST | 443 | 49177 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:39.229341030 CEST | 49177 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:39.229365110 CEST | 443 | 49177 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:39.612029076 CEST | 443 | 49177 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:39.612159014 CEST | 443 | 49177 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:39.612246990 CEST | 49177 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:39.612323999 CEST | 49177 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:39.612436056 CEST | 49177 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:39.612473011 CEST | 443 | 49177 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:39.612490892 CEST | 49177 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:39.612548113 CEST | 49177 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:40.013264894 CEST | 49178 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:40.013319969 CEST | 443 | 49178 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:40.013473034 CEST | 49178 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:40.013536930 CEST | 49178 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:40.013552904 CEST | 443 | 49178 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:40.421729088 CEST | 443 | 49178 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:40.422668934 CEST | 49178 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:40.422812939 CEST | 49178 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:40.422827959 CEST | 443 | 49178 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:40.429675102 CEST | 49178 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:40.429687977 CEST | 443 | 49178 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:40.824681997 CEST | 443 | 49178 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:40.824826002 CEST | 443 | 49178 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:40.824934006 CEST | 49178 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:40.824954033 CEST | 49178 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:40.825187922 CEST | 49178 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:40.825215101 CEST | 443 | 49178 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:40.825232029 CEST | 49178 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:40.825298071 CEST | 49178 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:40.919873953 CEST | 49179 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:40.919951916 CEST | 443 | 49179 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:40.920033932 CEST | 49179 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:40.920434952 CEST | 49179 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:40.920463085 CEST | 443 | 49179 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:41.325354099 CEST | 443 | 49179 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:41.325489998 CEST | 49179 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:41.339307070 CEST | 49179 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:41.339329958 CEST | 443 | 49179 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:41.340070963 CEST | 443 | 49179 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:41.341128111 CEST | 49179 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:41.384496927 CEST | 443 | 49179 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:41.721765041 CEST | 443 | 49179 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:41.721859932 CEST | 443 | 49179 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:41.722080946 CEST | 49179 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:41.722244024 CEST | 49179 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:41.722273111 CEST | 443 | 49179 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:42.683770895 CEST | 49180 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:42.683818102 CEST | 443 | 49180 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:42.683906078 CEST | 49180 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:42.684485912 CEST | 49180 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:42.684510946 CEST | 443 | 49180 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:43.092612982 CEST | 443 | 49180 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:43.092722893 CEST | 49180 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:43.099359035 CEST | 49180 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:43.099375010 CEST | 443 | 49180 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:43.099873066 CEST | 443 | 49180 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:43.101250887 CEST | 49180 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:43.144592047 CEST | 443 | 49180 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:43.494555950 CEST | 443 | 49180 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:43.494617939 CEST | 443 | 49180 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:43.494937897 CEST | 49180 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:43.495177984 CEST | 49180 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:43.495208979 CEST | 443 | 49180 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:44.354296923 CEST | 49181 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:44.354358912 CEST | 443 | 49181 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:44.354528904 CEST | 49181 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:44.355681896 CEST | 49181 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:44.355722904 CEST | 443 | 49181 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:44.732672930 CEST | 443 | 49181 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:44.732757092 CEST | 49181 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:44.739978075 CEST | 49181 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:44.739991903 CEST | 443 | 49181 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:44.740324020 CEST | 443 | 49181 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:44.742100000 CEST | 49181 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:44.784501076 CEST | 443 | 49181 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:45.105829954 CEST | 443 | 49181 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:45.105897903 CEST | 443 | 49181 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:45.106028080 CEST | 49181 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:45.106206894 CEST | 49181 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:45.106231928 CEST | 443 | 49181 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:45.125375032 CEST | 49182 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:45.125458956 CEST | 443 | 49182 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:45.125571966 CEST | 49182 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:45.125909090 CEST | 49182 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:45.125927925 CEST | 443 | 49182 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:45.518675089 CEST | 443 | 49182 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:45.518877029 CEST | 49182 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:45.519414902 CEST | 49182 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:45.519440889 CEST | 443 | 49182 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:45.523298025 CEST | 49182 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:45.523339033 CEST | 443 | 49182 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:45.909744024 CEST | 443 | 49182 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:45.909878969 CEST | 443 | 49182 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:45.910048962 CEST | 49182 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:45.911292076 CEST | 49182 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:45.911326885 CEST | 49182 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:45.911362886 CEST | 443 | 49182 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:45.911381006 CEST | 49182 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:45.911441088 CEST | 49182 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:45.914758921 CEST | 49183 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:45.914820910 CEST | 443 | 49183 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:45.914906025 CEST | 49183 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:45.915287018 CEST | 49183 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:45.915318012 CEST | 443 | 49183 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:46.295481920 CEST | 443 | 49183 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:46.295619011 CEST | 49183 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:46.296084881 CEST | 49183 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:46.296093941 CEST | 443 | 49183 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:46.299644947 CEST | 49183 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:46.299659967 CEST | 443 | 49183 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:46.673059940 CEST | 443 | 49183 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:46.673167944 CEST | 443 | 49183 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:46.673171043 CEST | 49183 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:46.673223019 CEST | 49183 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:46.682723999 CEST | 49183 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:46.682787895 CEST | 443 | 49183 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:46.682807922 CEST | 49183 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:46.682851076 CEST | 49183 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:46.885020971 CEST | 49184 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:46.885052919 CEST | 443 | 49184 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:46.885118961 CEST | 49184 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:46.885339022 CEST | 49184 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:46.885349989 CEST | 443 | 49184 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:47.259876013 CEST | 443 | 49184 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:47.259933949 CEST | 49184 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:47.260330915 CEST | 49184 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:47.260335922 CEST | 443 | 49184 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:47.263874054 CEST | 49184 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:47.263886929 CEST | 443 | 49184 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:47.632270098 CEST | 443 | 49184 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:47.632344007 CEST | 443 | 49184 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:47.632424116 CEST | 49184 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:47.632431030 CEST | 49184 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:47.632575989 CEST | 49184 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:47.632586956 CEST | 443 | 49184 | 13.250.15.191 | 192.168.2.22 |
Jun 3, 2022 22:57:47.632595062 CEST | 49184 | 443 | 192.168.2.22 | 13.250.15.191 |
Jun 3, 2022 22:57:47.633361101 CEST | 49184 | 443 | 192.168.2.22 | 13.250.15.191 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 3, 2022 22:57:19.871170998 CEST | 55868 | 53 | 192.168.2.22 | 8.8.8.8 |
Jun 3, 2022 22:57:19.930835962 CEST | 53 | 55868 | 8.8.8.8 | 192.168.2.22 |
Jun 3, 2022 22:57:26.314532042 CEST | 49688 | 53 | 192.168.2.22 | 8.8.8.8 |
Jun 3, 2022 22:57:26.456120968 CEST | 53 | 49688 | 8.8.8.8 | 192.168.2.22 |
Jun 3, 2022 22:57:26.459547043 CEST | 58836 | 53 | 192.168.2.22 | 8.8.8.8 |
Jun 3, 2022 22:57:26.538995981 CEST | 53 | 58836 | 8.8.8.8 | 192.168.2.22 |
Jun 3, 2022 22:57:31.445116997 CEST | 50134 | 53 | 192.168.2.22 | 8.8.8.8 |
Jun 3, 2022 22:57:31.463130951 CEST | 53 | 50134 | 8.8.8.8 | 192.168.2.22 |
Jun 3, 2022 22:57:31.464679003 CEST | 55275 | 53 | 192.168.2.22 | 8.8.8.8 |
Jun 3, 2022 22:57:31.789314032 CEST | 53 | 55275 | 8.8.8.8 | 192.168.2.22 |
Jun 3, 2022 22:57:35.143301010 CEST | 59915 | 53 | 192.168.2.22 | 8.8.8.8 |
Jun 3, 2022 22:57:35.200170040 CEST | 53 | 59915 | 8.8.8.8 | 192.168.2.22 |
Jun 3, 2022 22:57:35.210647106 CEST | 54408 | 53 | 192.168.2.22 | 8.8.8.8 |
Jun 3, 2022 22:57:35.227852106 CEST | 53 | 54408 | 8.8.8.8 | 192.168.2.22 |
Jun 3, 2022 22:57:36.922116995 CEST | 50108 | 53 | 192.168.2.22 | 8.8.8.8 |
Jun 3, 2022 22:57:36.939106941 CEST | 53 | 50108 | 8.8.8.8 | 192.168.2.22 |
Jun 3, 2022 22:57:36.942188978 CEST | 54723 | 53 | 192.168.2.22 | 8.8.8.8 |
Jun 3, 2022 22:57:37.069972992 CEST | 53 | 54723 | 8.8.8.8 | 192.168.2.22 |
Jun 3, 2022 22:57:40.868483067 CEST | 58062 | 53 | 192.168.2.22 | 8.8.8.8 |
Jun 3, 2022 22:57:40.897502899 CEST | 53 | 58062 | 8.8.8.8 | 192.168.2.22 |
Jun 3, 2022 22:57:40.899883986 CEST | 56703 | 53 | 192.168.2.22 | 8.8.8.8 |
Jun 3, 2022 22:57:40.918878078 CEST | 53 | 56703 | 8.8.8.8 | 192.168.2.22 |
Jun 3, 2022 22:57:42.643587112 CEST | 59241 | 53 | 192.168.2.22 | 8.8.8.8 |
Jun 3, 2022 22:57:42.662676096 CEST | 53 | 59241 | 8.8.8.8 | 192.168.2.22 |
Jun 3, 2022 22:57:42.665538073 CEST | 55244 | 53 | 192.168.2.22 | 8.8.8.8 |
Jun 3, 2022 22:57:42.682970047 CEST | 53 | 55244 | 8.8.8.8 | 192.168.2.22 |
Jun 3, 2022 22:57:44.315067053 CEST | 53958 | 53 | 192.168.2.22 | 8.8.8.8 |
Jun 3, 2022 22:57:44.334134102 CEST | 53 | 53958 | 8.8.8.8 | 192.168.2.22 |
Jun 3, 2022 22:57:44.336416960 CEST | 56020 | 53 | 192.168.2.22 | 8.8.8.8 |
Jun 3, 2022 22:57:44.353132010 CEST | 53 | 56020 | 8.8.8.8 | 192.168.2.22 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jun 3, 2022 22:57:19.871170998 CEST | 192.168.2.22 | 8.8.8.8 | 0xdcdd | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 3, 2022 22:57:26.314532042 CEST | 192.168.2.22 | 8.8.8.8 | 0xd494 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 3, 2022 22:57:26.459547043 CEST | 192.168.2.22 | 8.8.8.8 | 0x6c29 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 3, 2022 22:57:31.445116997 CEST | 192.168.2.22 | 8.8.8.8 | 0xf2ca | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 3, 2022 22:57:31.464679003 CEST | 192.168.2.22 | 8.8.8.8 | 0xdc64 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 3, 2022 22:57:35.143301010 CEST | 192.168.2.22 | 8.8.8.8 | 0xbe50 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 3, 2022 22:57:35.210647106 CEST | 192.168.2.22 | 8.8.8.8 | 0x646c | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 3, 2022 22:57:36.922116995 CEST | 192.168.2.22 | 8.8.8.8 | 0x12f1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 3, 2022 22:57:36.942188978 CEST | 192.168.2.22 | 8.8.8.8 | 0xe6e0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 3, 2022 22:57:40.868483067 CEST | 192.168.2.22 | 8.8.8.8 | 0xbbd1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 3, 2022 22:57:40.899883986 CEST | 192.168.2.22 | 8.8.8.8 | 0x41b6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 3, 2022 22:57:42.643587112 CEST | 192.168.2.22 | 8.8.8.8 | 0x6703 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 3, 2022 22:57:42.665538073 CEST | 192.168.2.22 | 8.8.8.8 | 0x7820 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 3, 2022 22:57:44.315067053 CEST | 192.168.2.22 | 8.8.8.8 | 0x2c87 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 3, 2022 22:57:44.336416960 CEST | 192.168.2.22 | 8.8.8.8 | 0x4c7a | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jun 3, 2022 22:57:19.930835962 CEST | 8.8.8.8 | 192.168.2.22 | 0xdcdd | No error (0) | 13.250.15.191 | A (IP address) | IN (0x0001) | ||
Jun 3, 2022 22:57:26.456120968 CEST | 8.8.8.8 | 192.168.2.22 | 0xd494 | No error (0) | 13.250.15.191 | A (IP address) | IN (0x0001) | ||
Jun 3, 2022 22:57:26.538995981 CEST | 8.8.8.8 | 192.168.2.22 | 0x6c29 | No error (0) | 13.250.15.191 | A (IP address) | IN (0x0001) | ||
Jun 3, 2022 22:57:31.463130951 CEST | 8.8.8.8 | 192.168.2.22 | 0xf2ca | No error (0) | 13.250.15.191 | A (IP address) | IN (0x0001) | ||
Jun 3, 2022 22:57:31.789314032 CEST | 8.8.8.8 | 192.168.2.22 | 0xdc64 | No error (0) | 13.250.15.191 | A (IP address) | IN (0x0001) | ||
Jun 3, 2022 22:57:35.200170040 CEST | 8.8.8.8 | 192.168.2.22 | 0xbe50 | No error (0) | 13.250.15.191 | A (IP address) | IN (0x0001) | ||
Jun 3, 2022 22:57:35.227852106 CEST | 8.8.8.8 | 192.168.2.22 | 0x646c | No error (0) | 13.250.15.191 | A (IP address) | IN (0x0001) | ||
Jun 3, 2022 22:57:36.939106941 CEST | 8.8.8.8 | 192.168.2.22 | 0x12f1 | No error (0) | 13.250.15.191 | A (IP address) | IN (0x0001) | ||
Jun 3, 2022 22:57:37.069972992 CEST | 8.8.8.8 | 192.168.2.22 | 0xe6e0 | No error (0) | 13.250.15.191 | A (IP address) | IN (0x0001) | ||
Jun 3, 2022 22:57:40.897502899 CEST | 8.8.8.8 | 192.168.2.22 | 0xbbd1 | No error (0) | 13.250.15.191 | A (IP address) | IN (0x0001) | ||
Jun 3, 2022 22:57:40.918878078 CEST | 8.8.8.8 | 192.168.2.22 | 0x41b6 | No error (0) | 13.250.15.191 | A (IP address) | IN (0x0001) | ||
Jun 3, 2022 22:57:42.662676096 CEST | 8.8.8.8 | 192.168.2.22 | 0x6703 | No error (0) | 13.250.15.191 | A (IP address) | IN (0x0001) | ||
Jun 3, 2022 22:57:42.682970047 CEST | 8.8.8.8 | 192.168.2.22 | 0x7820 | No error (0) | 13.250.15.191 | A (IP address) | IN (0x0001) | ||
Jun 3, 2022 22:57:44.334134102 CEST | 8.8.8.8 | 192.168.2.22 | 0x2c87 | No error (0) | 13.250.15.191 | A (IP address) | IN (0x0001) | ||
Jun 3, 2022 22:57:44.353132010 CEST | 8.8.8.8 | 192.168.2.22 | 0x4c7a | No error (0) | 13.250.15.191 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49171 | 13.250.15.191 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-06-03 20:57:20 UTC | 0 | OUT | |
2022-06-03 20:57:20 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.22 | 49172 | 13.250.15.191 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-06-03 20:57:26 UTC | 0 | OUT | |
2022-06-03 20:57:27 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.22 | 49181 | 13.250.15.191 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-06-03 20:57:44 UTC | 9 | OUT | |
2022-06-03 20:57:45 UTC | 9 | IN | |
2022-06-03 20:57:45 UTC | 9 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
11 | 192.168.2.22 | 49182 | 13.250.15.191 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-06-03 20:57:45 UTC | 10 | OUT | |
2022-06-03 20:57:45 UTC | 10 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
12 | 192.168.2.22 | 49183 | 13.250.15.191 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-06-03 20:57:46 UTC | 10 | OUT | |
2022-06-03 20:57:46 UTC | 10 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
13 | 192.168.2.22 | 49184 | 13.250.15.191 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-06-03 20:57:47 UTC | 11 | OUT | |
2022-06-03 20:57:47 UTC | 11 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.22 | 49173 | 13.250.15.191 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-06-03 20:57:32 UTC | 0 | OUT | |
2022-06-03 20:57:32 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.22 | 49174 | 13.250.15.191 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-06-03 20:57:35 UTC | 0 | OUT | |
2022-06-03 20:57:35 UTC | 1 | IN | |
2022-06-03 20:57:35 UTC | 1 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.22 | 49175 | 13.250.15.191 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-06-03 20:57:37 UTC | 1 | OUT | |
2022-06-03 20:57:37 UTC | 1 | IN | |
2022-06-03 20:57:37 UTC | 1 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.22 | 49176 | 13.250.15.191 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-06-03 20:57:38 UTC | 2 | OUT | |
2022-06-03 20:57:38 UTC | 2 | IN | |
2022-06-03 20:57:38 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.22 | 49177 | 13.250.15.191 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-06-03 20:57:39 UTC | 7 | OUT | |
2022-06-03 20:57:39 UTC | 7 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.22 | 49178 | 13.250.15.191 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-06-03 20:57:40 UTC | 8 | OUT | |
2022-06-03 20:57:40 UTC | 8 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.22 | 49179 | 13.250.15.191 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-06-03 20:57:41 UTC | 8 | OUT | |
2022-06-03 20:57:41 UTC | 8 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.22 | 49180 | 13.250.15.191 | 443 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-06-03 20:57:43 UTC | 8 | OUT | |
2022-06-03 20:57:43 UTC | 9 | IN | |
2022-06-03 20:57:43 UTC | 9 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 22:58:11 |
Start date: | 03/06/2022 |
Path: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13fb90000 |
File size: | 1423704 bytes |
MD5 hash: | 9EE74859D22DAE61F1750B3A1BACB6F5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |