Edit tour
Windows
Analysis Report
Details_for_booking.docx.doc
Overview
General Information
| Sample Name: | Details_for_booking.docx.doc |
| Analysis ID: | 1284837 |
| MD5: | df9fe95e3fd54568a935b92e25b88024 |
| SHA1: | ff84a61688475d484daea4c9a096b0d23c0c3577 |
| SHA256: | f3e6621928875a322ee7230ccf186bdaa5609118c4a6d1c2f4026adfb8e88744 |
| Tags: | doc |
| Infos: |  |
 | |
Detection
| Score: | 84 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Contains an external reference to another file
Office viewer loads remote template
Microsoft Office drops suspicious files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Potential document exploit detected (unknown TCP traffic)
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
IP address seen in connection with other malware
Document misses a certain OLE stream usually present in this Microsoft Office document type
Classification
- System is w10x64
WINWORD.EXE (PID: 4648 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \Office16\ WINWORD.EX E" /Automa tion -Embe dding MD5: 0B9AB9B9C4DE429473D6450D4297A123) 
MSOSYNC.EXE (PID: 5960 cmdline: C:\Program Files (x8 6)\Microso ft Office\ Office16\M soSync.exe MD5: EA19F4A0D18162BE3A0C8DAD249ADE8C) - MSOSYNC.EXE (PID: 5940 cmdline:
C:\Program Files (x8 6)\Microso ft Office\ Office16\M soSync.exe MD5: EA19F4A0D18162BE3A0C8DAD249ADE8C) 
splwow64.exe (PID: 6864 cmdline: C:\Windows \splwow64. exe 12288 MD5: 8D59B31FF375059E3C32B17BF31A76D5)
- cleanup
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| INDICATOR_OLE_RemoteTemplate | Detects XML relations where an OLE object is refrencing an external target in dropper OOXML documents | ditekSHen |
|
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | JA3 fingerprint: | ||
| Source: | IP Address: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
System Summary | |
|---|
| Source: | Matched rule: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Matched rule: | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | ReversingLabs: | ||
| Source: | Virustotal: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | LNK file: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File written: | Jump to behavior | ||
| Source: | Classification label: | ||
| Source: | OLE document summary: | ||
| Source: | OLE document summary: | ||
| Source: | OLE document summary: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Initial sample: | ||
Persistence and Installation Behavior | |
|---|
| Source: | Extracted files from sample: | ||
| Source: | Extracted files from sample: | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | 3 Exploitation for Client Execution | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Query Registry | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
| Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 3 Ingress Tool Transfer | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
| Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Remote System Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 3 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
| Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 DLL Side-Loading | NTDS | 2 File and Directory Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 14 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
| Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 12 System Information Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 45% | ReversingLabs | Document-Word.Exploit.CVE-2017-0199 | ||
| 50% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 12% | Virustotal | Browse |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| dd6qg4wn9ejpd.cloudfront.net | 18.66.192.71 | true | false | high | |
| blogspot.l.googleusercontent.com | 142.250.203.97 | true | false | high | |
| 73cceb63-7ecd-45e2-9eab-f8d98aab177f.usrfiles.com | unknown | unknown | true |
| unknown |
| huskidkifklaoksikfkfijsju.blogspot.com | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| low | ||
| true |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| true |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| true |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 142.250.203.97 | blogspot.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false | |
| 18.66.192.52 | unknown | United States | 3 | MIT-GATEWAYSUS | false | |
| 18.66.192.71 | dd6qg4wn9ejpd.cloudfront.net | United States | 3 | MIT-GATEWAYSUS | false |
| IP |
|---|
| 192.168.2.1 |
| Joe Sandbox Version: | 38.0.0 Beryl |
| Analysis ID: | 1284837 |
| Start date and time: | 2023-08-03 08:13:12 +02:00 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 7m 9s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsofficecookbook.jbs |
| Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
| Run name: | Potential for more IOCs and behavior |
| Number of analysed new started processes analysed: | 8 |
| Number of new started drivers analysed: | 1 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample file name: | Details_for_booking.docx.doc |
| Detection: | MAL |
| Classification: | mal84.evad.winDOC@7/39@4/4 |
| EGA Information: | Failed |
| HDC Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, mrxdav.sys, WMIADAP.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.109.28.100, 20.126.106.131, 20.231.70.194, 20.25.84.51, 20.234.90.154
- Excluded domains from analysis (whitelisted): prod-w.nexus.live.com.akadns.net, config.officeapps.live.com, prod.configsvc1.live.com.akadns.net, nexus.officeapps.live.com, officeclient.microsoft.com, europe.configsvc1.live.com.akadns.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
| Time | Type | Description |
|---|---|---|
| 08:15:18 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 18.66.192.52 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Phisher | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Phisher | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| dd6qg4wn9ejpd.cloudfront.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| MIT-GATEWAYSUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Phisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Phisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| ce5f3254611a8c095a3d821d44539877 | Get hash | malicious | Amadey, SmokeLoader | Browse |
| |
| Get hash | malicious | RisePro Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | RisePro Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Amadey | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | RisePro Stealer | Browse |
| ||
| Get hash | malicious | RisePro Stealer | Browse |
| ||
| Get hash | malicious | Nymaim | Browse |
| ||
| Get hash | malicious | SmokeLoader | Browse |
| ||
| Get hash | malicious | RisePro Stealer | Browse |
|
⊘No context
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 532480 |
| Entropy (8bit): | 0.4741703589902547 |
| Encrypted: | false |
| SSDEEP: | 384:kGfXasJCIi8SFqfZ0jGBz8myW2wtZ1Il+hVZO4FC5j:vfX/C5HWZBv92/GWj |
| MD5: | 1771770F4B43B01C541B0015BE57D4BA |
| SHA1: | FE28E461700F4B4CE1E9742F86BF19C6832886B1 |
| SHA-256: | 049C249B85C4FF167FC488DDE30A0773C04FB47D7AF0825A2B4701FFD1CEBD91 |
| SHA-512: | EBFA0DDA91C3DC850B30EE96343595699869547B2D11AA71B03F45A8EAFF8F7ECD3F4FC442D1FED0799882EBB0F19FBEE6E1963C5BF62CCFFED4593E6BADD39A |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 36 |
| Entropy (8bit): | 2.730660070105504 |
| Encrypted: | false |
| SSDEEP: | 3:5NixJlElGUR:WrEcUR |
| MD5: | 1F830B53CA33A1207A86CE43177016FA |
| SHA1: | BDF230E1F33AFBA5C9D5A039986C6505E8B09665 |
| SHA-256: | EAF9CDC741596275E106DDDCF8ABA61240368A8C7B0B58B08F74450D162337EF |
| SHA-512: | 502248E893FCFB179A50863D7AC1866B5A466C9D5781499EBC1D02DF4F6D3E07B9E99E0812E747D76734274BD605DAD6535178D6CE06F08F1A02AB60335DE066 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | modified |
| Size (bytes): | 128 |
| Entropy (8bit): | 1.3860360556164644 |
| Encrypted: | false |
| SSDEEP: | 3:QCRvaNtvaV:QCRvWtvu |
| MD5: | 90E1889C46E72D6B1F8D7EFD8383DDCB |
| SHA1: | FFABF01457C3904CB9A1EDA6E80BB18206A17AF2 |
| SHA-256: | E25B1090A4C89056E18CB186BCE12F9E871767E9E887AC39C6024478292F4424 |
| SHA-512: | E283871FBD623AEFBD5EF635A95497C97AA1A76F67EFE256683594D1607DF44DB22D2AE09C56B3FEE82F924C4B0495C5948744502EDF63D6677EA6DA4A48ABC3 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\666FA31C-D6ED-4456-9B96-8743CF57EC6A
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 158636 |
| Entropy (8bit): | 5.348613977919032 |
| Encrypted: | false |
| SSDEEP: | 1536:i+C/FPgfHB7U9guw19Q9DQA+zQk5k4F77nXmvidlXRAE6LIj6t:tDQ9DQA+zNXHa |
| MD5: | 2AF452344E41D1C7C4AFC2210711BD91 |
| SHA1: | 3304960DC906E81DC282A10950ACDCE855C7FF61 |
| SHA-256: | 9BB4CC376B9482C9716C38D6F2CB210B44C1B4631E3F1613B724E861EC11391C |
| SHA-512: | F0C09F1E3489A77964117C08C6EA337A2104A82078C771D16C9DE0C63DEBE04EA7006EF04F85FF2F62F38C55E5E4685073124275457C68F83FF7FC6D911D9BA7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16193 |
| Entropy (8bit): | 7.221735672106242 |
| Encrypted: | false |
| SSDEEP: | 192:nmz+IH1eQyUwHpj0w1sPbxbnb25bv/0PdvwOfw5Ie9e8ebWqgj:+BVeTHpwCsDRbSGwmw5IX86tq |
| MD5: | 9932FAB98F2C021632045D04966DB4FD |
| SHA1: | 95F6E7EEEA10068C60A5856AC05FD3B9A554D500 |
| SHA-256: | DB1185F24C56CADEC1C85A33B0EFEB2D803FF00ABF4C9DF1E00D860683068415 |
| SHA-512: | E04ADA4590E295B2A20FA04622C75B1CA266E3CADE9202887AE45A45C7991823DC52D0D28F830B08ED05A8F049583AD3FD998FA26A72FBC262901F657FF95BF5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 52 |
| Entropy (8bit): | 1.8614575055208968 |
| Encrypted: | false |
| SSDEEP: | 3:Vm1olpUktK0Xg/lrll0:MW6kK0XgtI |
| MD5: | 07FFEFF17A8A1A1209AB3C2690D569D4 |
| SHA1: | 37CB513FABDDCDBBAA2E7296B31A4BC9832E1B01 |
| SHA-256: | 57CFA30BB860B95B7012ED62427025959B671D270AAF67FC406FBC3C4F3C48D4 |
| SHA-512: | 743591E7BFE9936EEE057C9D1769595D48C90BA28057D8EBD0F7299B8FCACD7B8FA50AF30BD0B8B6E09F77ADE16B47D6F0ABB079D60E975443A57C514099AD86 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16193 |
| Entropy (8bit): | 7.221735672106242 |
| Encrypted: | false |
| SSDEEP: | 192:nmz+IH1eQyUwHpj0w1sPbxbnb25bv/0PdvwOfw5Ie9e8ebWqgj:+BVeTHpwCsDRbSGwmw5IX86tq |
| MD5: | 9932FAB98F2C021632045D04966DB4FD |
| SHA1: | 95F6E7EEEA10068C60A5856AC05FD3B9A554D500 |
| SHA-256: | DB1185F24C56CADEC1C85A33B0EFEB2D803FF00ABF4C9DF1E00D860683068415 |
| SHA-512: | E04ADA4590E295B2A20FA04622C75B1CA266E3CADE9202887AE45A45C7991823DC52D0D28F830B08ED05A8F049583AD3FD998FA26A72FBC262901F657FF95BF5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 132 |
| Entropy (8bit): | 5.227032471155872 |
| Encrypted: | false |
| SSDEEP: | 3:yionv//thPlrytntHp/ZMLts7CX9/85ldDyxdqKylNFauGacR/lVp:6v/lhP0ttJ/ZMR/e9qqhx5cR/lVp |
| MD5: | C53A5A340D1ECCCFF7878149B0964C13 |
| SHA1: | 9F5260D7068E9F880AD43A15D789072362DEB5F6 |
| SHA-256: | EC4A6B660D6864059903A0FE856254D55C7FD7A14C41254AD6D863CAF38D0963 |
| SHA-512: | DB7D473332F201182D46D62CA84D6DDD08785EBA428B2AF707266924DDE25475B81387286CDD12B89091CDF921587B0DF551A59D455D959991EF77C22BDDB17F |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16193 |
| Entropy (8bit): | 7.221735672106242 |
| Encrypted: | false |
| SSDEEP: | 192:nmz+IH1eQyUwHpj0w1sPbxbnb25bv/0PdvwOfw5Ie9e8ebWqgj:+BVeTHpwCsDRbSGwmw5IX86tq |
| MD5: | 9932FAB98F2C021632045D04966DB4FD |
| SHA1: | 95F6E7EEEA10068C60A5856AC05FD3B9A554D500 |
| SHA-256: | DB1185F24C56CADEC1C85A33B0EFEB2D803FF00ABF4C9DF1E00D860683068415 |
| SHA-512: | E04ADA4590E295B2A20FA04622C75B1CA266E3CADE9202887AE45A45C7991823DC52D0D28F830B08ED05A8F049583AD3FD998FA26A72FBC262901F657FF95BF5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 74 |
| Entropy (8bit): | 2.117514616373907 |
| Encrypted: | false |
| SSDEEP: | 3:t/Wlsl81olpUktK0Xg/lrll0:t/d8W6kK0XgtI |
| MD5: | C4E6B3035AC3828D375E5479E8485D0D |
| SHA1: | 624B2E68B669293CE5EF5EDA4EFCFDE97FFEA84A |
| SHA-256: | 591890CBBED60EF32252835A3F13362E9204F1088E5EFA9E164A3526B612C4D7 |
| SHA-512: | 1864A7CBF1C5205F0D1CAC9DA5CA4E8F103B9C045913A98B8A9DA62B3850AB842913235BF38DA6C7D78ECE985D35EBC8F6C15471B5C2FE23A6A4BBF66A03E4DB |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 74 |
| Entropy (8bit): | 2.117514616373907 |
| Encrypted: | false |
| SSDEEP: | 3:t/Wlsl81olpUktK0Xg/lrll0:t/d8W6kK0XgtI |
| MD5: | C4E6B3035AC3828D375E5479E8485D0D |
| SHA1: | 624B2E68B669293CE5EF5EDA4EFCFDE97FFEA84A |
| SHA-256: | 591890CBBED60EF32252835A3F13362E9204F1088E5EFA9E164A3526B612C4D7 |
| SHA-512: | 1864A7CBF1C5205F0D1CAC9DA5CA4E8F103B9C045913A98B8A9DA62B3850AB842913235BF38DA6C7D78ECE985D35EBC8F6C15471B5C2FE23A6A4BBF66A03E4DB |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 74 |
| Entropy (8bit): | 2.117514616373907 |
| Encrypted: | false |
| SSDEEP: | 3:t/Wlsl81olpUktK0Xg/lrll0:t/d8W6kK0XgtI |
| MD5: | C4E6B3035AC3828D375E5479E8485D0D |
| SHA1: | 624B2E68B669293CE5EF5EDA4EFCFDE97FFEA84A |
| SHA-256: | 591890CBBED60EF32252835A3F13362E9204F1088E5EFA9E164A3526B612C4D7 |
| SHA-512: | 1864A7CBF1C5205F0D1CAC9DA5CA4E8F103B9C045913A98B8A9DA62B3850AB842913235BF38DA6C7D78ECE985D35EBC8F6C15471B5C2FE23A6A4BBF66A03E4DB |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 260068 |
| Entropy (8bit): | 7.997800447784521 |
| Encrypted: | true |
| SSDEEP: | 6144:jCMe3GNL3oVb9Y2rw0oC/8xDBs9OJyLcLvuo7Tp:jFj4Vb9Y2rIxSayADuo7Tp |
| MD5: | B25FB11228F1CBA5D905C1F73FAD336D |
| SHA1: | AC699AB2EA4447E165BA528DED211552D7B32B52 |
| SHA-256: | BE794852C065C9C8F2B216C32B908C686EDB62EF4905958DC8FB5EA33E6A9AD5 |
| SHA-512: | 71A5E2F9E7AAD62166CF8FDA0A962446DCF944AFDEF0A17E60BB16ED3476CE128F0D7841ADB9EFD4F8F9088DED185863CFB701CED6B748235673A21237ED9CC9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 74 |
| Entropy (8bit): | 2.117514616373907 |
| Encrypted: | false |
| SSDEEP: | 3:t/Wlsl81olpUktK0Xg/lrll0:t/d8W6kK0XgtI |
| MD5: | C4E6B3035AC3828D375E5479E8485D0D |
| SHA1: | 624B2E68B669293CE5EF5EDA4EFCFDE97FFEA84A |
| SHA-256: | 591890CBBED60EF32252835A3F13362E9204F1088E5EFA9E164A3526B612C4D7 |
| SHA-512: | 1864A7CBF1C5205F0D1CAC9DA5CA4E8F103B9C045913A98B8A9DA62B3850AB842913235BF38DA6C7D78ECE985D35EBC8F6C15471B5C2FE23A6A4BBF66A03E4DB |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRF{BEC05FF6-2C19-4441-8E8B-2A23D951FADD}.tmp
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16384 |
| Entropy (8bit): | 1.764769561907633 |
| Encrypted: | false |
| SSDEEP: | 96:zq/RqQi7qW4PkqUWCWmqdW1q1PkqUW1qWPkq:zqpv8AkIKf12kI1Rk |
| MD5: | 1B4EEA0BB5B6F9BCCEAAF9255DA13A88 |
| SHA1: | D5670B60A349B1A0CAFA6D7C9BF479F5FB095FE8 |
| SHA-256: | 5E21C3FC9AE646A14D85B7DD719C992EEAC2DE7C1AF45917EDCD2875B2193B6B |
| SHA-512: | 9086BEABE4D24434E9AC6B2AB59FB8BABEE0110F4209EDB04B771CFC629FF6A2F81909571728F7592E87DFEF507CB0EEC78589A35B7C06CF0C6709B74366EC16 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{82128AD7-F23D-44F4-913C-9440786EFB13}.tmp
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1560 |
| Entropy (8bit): | 2.982970713437751 |
| Encrypted: | false |
| SSDEEP: | 12:YXHH3ilvmc8WiKC1QRy0ZyIvmc8WiKC1QRy0Zo2UUUfvHGeXfdgRo/GZ7+ZCelf:IngmPGg04KmPGg0S2UUUfvHVXf+g |
| MD5: | 537546D8C80F750BB8EDACBEB1DB3840 |
| SHA1: | 8C47A123646A010434C0AD431CA8B2738A55A202 |
| SHA-256: | B3746FDE6BEA09CA08E63A66A4A0520F7186B51A218C745D5B1F764448233A63 |
| SHA-512: | ED0A4C9F2DB1E4B70D9B1F8CF07C028FBAA1E0955E578E132E9BA17994CD57AF78EB13260D5E7C479BC57987650B8D6127707A80CB95CC9576034411B2DB256E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{8F65A2DB-B767-47AD-9245-BCF51102F3AE}.tmp
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1736 |
| Entropy (8bit): | 3.010377194288277 |
| Encrypted: | false |
| SSDEEP: | 12:YXHH3ilvEh9eTRDQ805yQ2UUUfvHG01BgRo/GZ7+ZCWTmc8WiKC1QRy0Zi:IngEh9q0QQ2UUUfvHrqQTmPGg0I |
| MD5: | 819B6BE655EC1B69791045F552C8EC6B |
| SHA1: | 60F19A2B153562B2B2BFE23DF3DAD1C214878AD2 |
| SHA-256: | 14EE55E7F16CFE1E05FEB115CE7B243D79B5776C3EFE760AC18582B29FE3115D |
| SHA-512: | 11ED8516449FDBD54FBFD9955C988475062E520C9FB165EAAF48091DD1267B17C0BF7479DC79F379CACDC005D6893196DF690F79D31F756EC66910B93753F4AF |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{DDC17094-52C7-4CCA-8BF0-E18CED731956}.tmp
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1024 |
| Entropy (8bit): | 1.0858937549421035 |
| Encrypted: | false |
| SSDEEP: | 3:dXXXXXXXPN6dn/lDl/PlXllZrGzy/CsavFhrkvkov9zltWvm3pkvtZkvs7Wvl3:CAzT5Na1VakWo4Wd |
| MD5: | 81E2A56D989EC48CAD978B9CB468E9DC |
| SHA1: | 3289BB74065AB1150B39A52E85D6CBE757F13D5A |
| SHA-256: | E66D1CDE9454BD488532D1A352E8BD40BFFECB3EB38E225AD5D1F549DE81225B |
| SHA-512: | 4810D43C9D0C2D63D3DCAC74FAE511C9FCF666F7ECE0F767C4E80850CA5BE42D2F899D8FE8EEF4F331E5725D6980A74FBE8A3C9C48F699A5739FFBB0E62E5495 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\73cceb_b5b6005e2aa74cf48cd55dca1a2ff093[1].docx
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16193 |
| Entropy (8bit): | 7.221735672106242 |
| Encrypted: | false |
| SSDEEP: | 192:nmz+IH1eQyUwHpj0w1sPbxbnb25bv/0PdvwOfw5Ie9e8ebWqgj:+BVeTHpwCsDRbSGwmw5IX86tq |
| MD5: | 9932FAB98F2C021632045D04966DB4FD |
| SHA1: | 95F6E7EEEA10068C60A5856AC05FD3B9A554D500 |
| SHA-256: | DB1185F24C56CADEC1C85A33B0EFEB2D803FF00ABF4C9DF1E00D860683068415 |
| SHA-512: | E04ADA4590E295B2A20FA04622C75B1CA266E3CADE9202887AE45A45C7991823DC52D0D28F830B08ED05A8F049583AD3FD998FA26A72FBC262901F657FF95BF5 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 333602 |
| Entropy (8bit): | 4.65455658727993 |
| Encrypted: | false |
| SSDEEP: | 6144:ybW83ob181+MKHZR5D7H3hgtfL/8mIDbEhPv9FHSVsioWUyGYmwxAw+GIfnUNv5J:Z |
| MD5: | 58AAFDDC9C9FC6A422C6B29E8C4FCCA3 |
| SHA1: | 1A83A0297FE83D91950B71114F06CE42F4978316 |
| SHA-256: | 9095FE60C9F5A135DFC22B23082574FBF2F223BD3551E75456F57787ABC5797B |
| SHA-512: | 1EBB116BAE9FE02CA942366C8E55D479743ABB549965F4F4302E27A21B28CDF8B75C8730508F045BA4954A5AA0B7EB593EE88226DE3C94BF4E821DBE4513118A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 297017 |
| Entropy (8bit): | 5.000343845106573 |
| Encrypted: | false |
| SSDEEP: | 6144:GwprAtk0qvtfL/vF/bkWPz9yv7EOMBPitjASjTQQr7IwR0TnyDkJb78plJwf33iV:I |
| MD5: | 0D0E65173F5AE6FE524DA09EEDDDCC84 |
| SHA1: | C868617C86C1287B35875AE8D943457756B0B338 |
| SHA-256: | 787D1CBF076902B2568E8CFF1245E5FBEBA6AAD84240A54C4F9957084B93F90D |
| SHA-512: | E2FD5156BA707F6205B5CC52CC4FF8E1CDECB10B6C04E70EC4B3D3D0FA636AB9FDAE77F249D9D303D35CCCA8F8B399B60C602629B8803F708CFDAE8A1122603D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 268670 |
| Entropy (8bit): | 5.054376958189988 |
| Encrypted: | false |
| SSDEEP: | 6144:JwprAJiR95vtfb8p4bgWPzDCvCmvQursq7vImej/yQzSS1apSiQhHDOruvoVeMUh:N4 |
| MD5: | B17C7119B252FD46A675143F80499AA4 |
| SHA1: | 4445782BEC229727EE6F384EC29E0CBA82C25D22 |
| SHA-256: | 8535282A6E53FA4F307375BCEE99DD073A4E2E04FAF8841E51E1AA0EE351A670 |
| SHA-512: | F9FB76A662DC6AB8DE22B87E817B4BAAC1AEEE08BA4F5090E6BC3060F42BC7CD15A71EB5B117554AEB395B22E5C2EEA7D0EFC36FF13BEC13B156879B87641505 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 256358 |
| Entropy (8bit): | 5.104453150382283 |
| Encrypted: | false |
| SSDEEP: | 6144:gwprAB795vtfb8p4bgWPWEtTmtcRCDPThNPFQwB+26RxlsIBkAgRMBHcTCwsHe5a:BW |
| MD5: | 4C7ECD0ED5ADCC30352E2C06931D290A |
| SHA1: | 0E6A8E0EDDB5E67E26CF15692D1E8591F3D3D1DE |
| SHA-256: | 40BACD32DB58799FA95B4707588ADEA1C9065CD804712B69B55DDD332C037D4E |
| SHA-512: | 2C25363DCCDB718D427CE451963F1616344A59A57AF0A19F946B7C06536E773E0EA383AC48AAC35E109327B7B86432D608CB0490EBF9590A31AA87330D6F929B |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 251449 |
| Entropy (8bit): | 5.103599476769172 |
| Encrypted: | false |
| SSDEEP: | 6144:hwprA3R95vtfb8p4bgWPwW6/m26AnV9IBgIkqm6HITUZJcjUZS1XkaNPQTlvB2zr:XA |
| MD5: | 234430F3D3032B9648671D3DF168D827 |
| SHA1: | 4B7606E1F7E8172EE74DE90EE4CA75E3F44A0A2B |
| SHA-256: | DC7160C2FE5939E82BFEEE180C1DA8176C4914C034CAE8938ED6C9F7A9144F3E |
| SHA-512: | 943119B65B2017F8FAAD5EC6B490CC8E263EC6128DD3D274A54EFB826FBE4353C72D335F5708974F1624E9BAE971C9D112905638B3F2123FC384DB201DE5B26C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 284802 |
| Entropy (8bit): | 5.006325058456308 |
| Encrypted: | false |
| SSDEEP: | 6144:B9G5o7Fv0ZcxrStAtXWty8zRLYBQd8itHiYYPVJHMSo27hlwNR57johqBXlwNR2b:G |
| MD5: | 08AD981C6D9BFD066BF29A77A62F0FEA |
| SHA1: | DBE60C2A2BC9A80EFBD6BE114BDF1416261C94E6 |
| SHA-256: | BCFB2EF3D37F7DAFCB9FF4D92885C5F87B4BEC7A3045BC7208460DAE7DABAE31 |
| SHA-512: | 64A939705679AA9EBD66634059A63BE280DF197845F23334906EF419C891E1393700344EE8D200195B72509874AD6046495815B94C1BF998116C351BC483C6EB |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294525 |
| Entropy (8bit): | 4.978414555953716 |
| Encrypted: | false |
| SSDEEP: | 6144:ndkJ3yU0orh0SCLVXyMFsoiOjWIm4vW2uo4hfhf7v3uH4NYYP4BpBaZTTSSamEUD:Y |
| MD5: | 96F3CCC20E23824F1904EDFDFE5CDA02 |
| SHA1: | EF78E9B415A9FFD4094E525509D3AEB3E2A68EEE |
| SHA-256: | 9970654851826C920261D52F8536B1305F7E582C7A2E892BAC344A95F909FE63 |
| SHA-512: | 1022D3E990B1A31361C9658C6C15DB9B41DA38E73319C93C62EE8E57E36333261F66897E1F0F6502EC28B780A9FC434E7F548178F3BC1D4463A44BCF508604E1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 270642 |
| Entropy (8bit): | 5.074829646335759 |
| Encrypted: | false |
| SSDEEP: | 6144:JwprAi5R95vtfb8pDbgWPzDCvCmvQursq7vImej/yQ4SS1apSiQhHDOruvoVeMUX:WL |
| MD5: | 831E5489F3047AFF2EFDFF758FA42FEC |
| SHA1: | F27C9E96D726464E802AD007FE749B8F27FF4525 |
| SHA-256: | 7914A8B4ADFDC9A6589ED181DE46D3D735676A38AA61B8FAFC0F862B9EC3A1CD |
| SHA-512: | B84800FAB9FDF2AEFACBFC14527BC8361459E5138309E11C1025CF61A855C481E77EF14623182F485F3122A40BA4F873E4300B8D8209D924E3E16646FA34BCB8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 217578 |
| Entropy (8bit): | 5.069961862348856 |
| Encrypted: | false |
| SSDEEP: | 6144:AwprA3Z95vtf58pb1WP2DCvCmvQursq7vIme5QyQzSS1apSiQhHDlruvoVeMUwFj:4P |
| MD5: | 7777C0173259D8F4A4F5E69C1461CA14 |
| SHA1: | 9C83B87C098AECF3CDFC1B5C4C78B696BF14A5E6 |
| SHA-256: | A343D61BAB2F25D138BDCC57D33C4A83FD494A54EAF3DF0F539E3B51CFE011F1 |
| SHA-512: | 77BFD6F7D21AB9771DF1993FB9AB82BA6D5E900F0B846F0F11578313E8A99C99E095612510CBB07590367EADE9B31CF396B26ABA5E8380F3ABC0886FA02858B9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 255219 |
| Entropy (8bit): | 5.004117790808506 |
| Encrypted: | false |
| SSDEEP: | 6144:MwprA8niNgtfbzbOWPuv7kOMBLitjAUjTQLrYHwR0TnyDkHqV3iPr1zHX5T6SSXj:x |
| MD5: | C9460BEAF863E337428518DAF5C09C5C |
| SHA1: | 76BE7E80D117A73A4FFC96682345EECE9A5C4D2A |
| SHA-256: | A69368BE9AC843B088D739F1573007E634D1068DB0AD9937A95FE7A0690C05E0 |
| SHA-512: | 9E4A7D3E019D182CD6CFF4947364DCF435EF3B40BA004A360260EDA0712839875CB797DBFCCCD9E50885EB10AEF8695052899E4BAC16423D0EECCF025CF6B03F |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 251336 |
| Entropy (8bit): | 5.057713103491112 |
| Encrypted: | false |
| SSDEEP: | 6144:JwprA6sS95vtfb8p4bgWPzkhUh9I5/oBRSifJeg/yQzvapSiQhHZeruvoXMUw3im:u9 |
| MD5: | DAE31FA14BC97723A87F126B5121BAE3 |
| SHA1: | C6B5CFF442FCC8795A5AF0D69ACDA24497D9F4BE |
| SHA-256: | 30F377F7AC24B022F52371ADA97CB057460265F4C8BDDBB521642B6E2462EE27 |
| SHA-512: | AE6B8BB6FCF956E1973C9E40702CB1A86FD8AD6F87FA1C2D3A2113C2F8AEC2A495FE636D71786843496F37FF9DB3D2F0E034BC4014D9C379E4EA4CC9495BE907 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 344662 |
| Entropy (8bit): | 5.023256859004611 |
| Encrypted: | false |
| SSDEEP: | 6144:UwprAwnsqvtfL/vF/bkWPRMMv7EOMBPitjASjTQQr7IwR0TnyDk1b78plJwf33iD:F |
| MD5: | F82561FF802442D12B8B77EC6EDC027E |
| SHA1: | EE7ED23C6EF8DA4968BA969FC094203D61065C0E |
| SHA-256: | 5B7A52DFAA9C3E9E340E081178B54E827ED591AC27DC098C3985C94BDE5CABE9 |
| SHA-512: | FA205BCD1D61226A940EA333B3B3EC43FB461E7683669A344403B543B9F699677A9E332827EC0160E81A8FBFD43CA61735A5C414EE7C17143DC9819A137044B5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 37730 |
| Entropy (8bit): | 3.124837888644143 |
| Encrypted: | false |
| SSDEEP: | 768:aatNbFeZKdogeyHMOeYhIVi+iOFOqbPXdEmanb:F/eLAhIVJb2 |
| MD5: | B7112871065732E9AFBB4B1E2ECEA38D |
| SHA1: | B7D4E85405B6C8099CFAA0E4E15BE6696EF858A3 |
| SHA-256: | 6106434F99F6E0660D2DAF36B5DCA00CB6A59B51317D221112F6424369345967 |
| SHA-512: | BEC006417A0EF1925398A41C6C5C3E9BAE6BF04C4C3F1D4EB1CDE93B6A5700009C92F1677EDCEE1E3D1C88FA4BB5260C219D9F734DA4A435763DB7CAA9A2BFED |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\73cceb_b5b6005e2aa74cf48cd55dca1a2ff093.docx.url 
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 132 |
| Entropy (8bit): | 5.0827126967061735 |
| Encrypted: | false |
| SSDEEP: | 3:HRAbABGQYm2fvmHhcqGEGD/xMKLJlmHsglWFDnKDn:HRYFVm44hcqGEGDGKLJlwsMAbK |
| MD5: | 80F0547029F1E52F7D624F1DE34E7253 |
| SHA1: | 5ED5E40F0C5E7603FA699F89D1DF7E4D84766F32 |
| SHA-256: | DD5182F7E965392F4EF09166D434DD120343A6C2AE94C49E60BF0BA3AE8E2964 |
| SHA-512: | 77780F1498DDCD04A1E28BA4B3EE5673E8ABCD4B9346BD20E28E0549591A99FB62FEA17C16AF790499EE0A1D5387A80A3260EE2C8994D789E018AD9E6FAF9D01 |
| Malicious: | true |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1141 |
| Entropy (8bit): | 4.7430927919640125 |
| Encrypted: | false |
| SSDEEP: | 24:89A6eiHUqK21eAAU3OJt1e8D0wmtZt/w7aB6m:8yM7YXU3uYsmvjB6 |
| MD5: | 67907E95F2F3277C8103DDF175DF6D9C |
| SHA1: | 7D225C09ADE312C146992BA4EDCC1B821FDE68DE |
| SHA-256: | 612BD8F61DC3664904CB2725BA8184A1DFB9E0C0D8474E1A6468F7742E09C765 |
| SHA-512: | BA75DB77A795E3C2395183E7F5FC6D72CA2F8274760947D13F2C8FB9E0D7E0804414A8346DC6B56F38AA3763452C753F57C2118BC3D7AD50522DA6A7097E8A7C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 206 |
| Entropy (8bit): | 5.104210143520503 |
| Encrypted: | false |
| SSDEEP: | 3:HiAMglWFDnKcr8834cqGEGD/xMKeSTiLBMgfLFSmX1WOBMgfLFSv:HjMMAb7T34cqGEGDGKeSTOVjFsOVjFc |
| MD5: | 3D6D74E7C7004FEFE5895BFBD797E7B1 |
| SHA1: | 880968469CD74E2E6F058CE7C1D0C6F61C57E2F2 |
| SHA-256: | 7048667F093F474DECA1BC434C0EDECA47170E6C665C48014BC88A0DDCCA6AC6 |
| SHA-512: | 83F3B55BBA4EC0A97B746CB820ADB2B50D79666D8025DD75EA9E94F9690DA55B103319ABA40ECB92F9FEB0416D217D1A05A7944160BFD612161A6AC3E15895E1 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\ugd on 73cceb63-7ecd-45e2-9eab-f8d98aab177f.usrfiles.com.url
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 88 |
| Entropy (8bit): | 5.0724417044519425 |
| Encrypted: | false |
| SSDEEP: | 3:HRAbABGQYm2fvmHhcqGEGD/xMKLJovn:HRYFVm44hcqGEGDGKLJy |
| MD5: | 0C64E515DE5A3C7725A11133CC1EDD5E |
| SHA1: | D7AE3947B094A519248B283D003202C5813C5A1A |
| SHA-256: | 6B0D18E6DF738B39CEEA29E6A0F0483C415B7762704488713BD0034581D5A949 |
| SHA-512: | 5EF0646A1B74C1254141BB04EEC304D99D4B78D9E8FD1B3EC4EBFB779B2B6DF6076EF0ED79DF2C86BCD8E60454DFE5A895F6CA4BE04F767A63B97F2558776E2E |
| Malicious: | true |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 20 |
| Entropy (8bit): | 2.8954618442383215 |
| Encrypted: | false |
| SSDEEP: | 3:QVNliGn:Q9rn |
| MD5: | C4F79900719F08A6F11287E3C7991493 |
| SHA1: | 754325A769BE6ECCC664002CD8F6BDB0D0B8CA4D |
| SHA-256: | 625CA96CCA65A363CC76429804FF47520B103D2044BA559B11EB02AB7B4D79A8 |
| SHA-512: | 0F3C498BC7680B4C9167F790CC0BE6C889354AF703ABF0547F87B78FEB0BAA9F5220691DF511192B36AD9F3F69E547E6D382833E6BC25CDB4CD2191920970C5F |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2 |
| Entropy (8bit): | 1.0 |
| Encrypted: | false |
| SSDEEP: | 3:Qn:Qn |
| MD5: | F3B25701FE362EC84616A93A45CE9998 |
| SHA1: | D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB |
| SHA-256: | B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209 |
| SHA-512: | 98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 162 |
| Entropy (8bit): | 3.0421299676410487 |
| Encrypted: | false |
| SSDEEP: | 3:Rl/Zdx8yJF6llTUc1t7H/9/gyHlm4/l20U:RtZcyO/TF1tZIy7/l20U |
| MD5: | 25C92F1BDABDDBE9AA9148DD46D667D5 |
| SHA1: | 4A6EAAEA24A81896EEC315AE637A30A59E67E92C |
| SHA-256: | 591F53F8D3FF34352CA0C40D00A2C7763F12226714C082CE27E396BCE48B5663 |
| SHA-512: | 20BE627AF94CE13160B2E08F92B33D279B7D194912506471139A223B9978DFFE53F65920186EF864150853A8E8F61667659D5B4D0C245F26165F316CA6C45220 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.9874078378484565 |
| TrID: |
|
| File name: | Details_for_booking.docx.doc |
| File size: | 276'153 bytes |
| MD5: | df9fe95e3fd54568a935b92e25b88024 |
| SHA1: | ff84a61688475d484daea4c9a096b0d23c0c3577 |
| SHA256: | f3e6621928875a322ee7230ccf186bdaa5609118c4a6d1c2f4026adfb8e88744 |
| SHA512: | 5de3b1fa9894065becc83246d6f02a82cbc44295176142bb059008e19faf57146adbf47fc7e2bc5f11a58668ad125d3c779c61645a8a61f2b7e3793edc9265a4 |
| SSDEEP: | 6144:LCMe3GNL3oVb9Y2rw0oC/8xDBs9OJyLcLvuo7Tg:LFj4Vb9Y2rIxSayADuo7Tg |
| TLSH: | B64423366540BCBDD0E84A39887926EA3106CA557B84F2BCFD46FF6A71E414E8B2144E |
| File Content Preview: | PK..........!.5...............[Content_Types].xml ...(......................................................................................................................................................................................................... |
 | |
| Icon Hash: | 39f5a98c818aacb3 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Aug 3, 2023 08:14:09.259030104 CEST | 49699 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:09.259088039 CEST | 443 | 49699 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:09.259241104 CEST | 49699 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:09.355304956 CEST | 49699 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:09.355340004 CEST | 443 | 49699 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:09.410408020 CEST | 443 | 49699 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:09.410533905 CEST | 49699 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:09.448894024 CEST | 49699 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:09.448934078 CEST | 443 | 49699 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:09.449517012 CEST | 443 | 49699 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:09.462039948 CEST | 49699 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:09.502810955 CEST | 443 | 49699 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:09.643270969 CEST | 443 | 49699 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:09.643590927 CEST | 443 | 49699 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:09.643680096 CEST | 49699 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:09.644898891 CEST | 49699 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:09.644898891 CEST | 49699 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:09.644949913 CEST | 443 | 49699 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:09.644979000 CEST | 443 | 49699 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:09.734515905 CEST | 49700 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:09.734580994 CEST | 443 | 49700 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:09.734674931 CEST | 49700 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:09.735198975 CEST | 49700 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:09.735236883 CEST | 443 | 49700 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:09.779791117 CEST | 443 | 49700 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:09.781014919 CEST | 49700 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:09.781059027 CEST | 443 | 49700 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:09.783691883 CEST | 49700 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:09.783710003 CEST | 443 | 49700 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:09.811434984 CEST | 443 | 49700 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:09.811707973 CEST | 443 | 49700 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:09.811834097 CEST | 49700 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:09.812376022 CEST | 49700 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:09.812416077 CEST | 443 | 49700 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:09.812448978 CEST | 49700 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:09.812465906 CEST | 443 | 49700 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:12.860687971 CEST | 49701 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:12.860745907 CEST | 443 | 49701 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:12.860892057 CEST | 49701 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:12.861193895 CEST | 49701 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:12.861217022 CEST | 443 | 49701 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:12.904818058 CEST | 443 | 49701 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:12.905973911 CEST | 49701 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:12.906013012 CEST | 443 | 49701 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:12.908644915 CEST | 49701 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:12.908664942 CEST | 443 | 49701 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.099790096 CEST | 443 | 49701 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.099915028 CEST | 443 | 49701 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.100014925 CEST | 49701 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:13.101849079 CEST | 49701 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:13.101886034 CEST | 443 | 49701 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.101914883 CEST | 49701 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:13.101927042 CEST | 443 | 49701 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.227725029 CEST | 49702 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.227802038 CEST | 443 | 49702 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.227910042 CEST | 49702 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.230165005 CEST | 49702 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.230195045 CEST | 443 | 49702 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.272401094 CEST | 443 | 49702 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.272619009 CEST | 49702 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.298259020 CEST | 49702 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.298304081 CEST | 443 | 49702 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.299084902 CEST | 443 | 49702 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.299227953 CEST | 49702 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.299853086 CEST | 49702 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.317878008 CEST | 443 | 49702 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.317951918 CEST | 443 | 49702 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.318003893 CEST | 443 | 49702 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.318037987 CEST | 49702 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.318082094 CEST | 49702 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.318108082 CEST | 443 | 49702 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.318181992 CEST | 49702 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.318205118 CEST | 443 | 49702 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.318248987 CEST | 443 | 49702 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.318275928 CEST | 49702 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.318319082 CEST | 49702 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.325508118 CEST | 49702 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.325563908 CEST | 443 | 49702 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.363135099 CEST | 49703 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.363184929 CEST | 443 | 49703 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.363351107 CEST | 49703 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.363939047 CEST | 49703 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.363957882 CEST | 443 | 49703 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.410662889 CEST | 443 | 49703 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.410934925 CEST | 49703 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.411443949 CEST | 49703 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.411458015 CEST | 443 | 49703 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.416896105 CEST | 49703 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.416920900 CEST | 443 | 49703 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.439503908 CEST | 443 | 49703 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.439584017 CEST | 49703 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.439594984 CEST | 443 | 49703 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.439651966 CEST | 49703 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.439863920 CEST | 49703 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.439894915 CEST | 443 | 49703 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.439908028 CEST | 49703 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.439954042 CEST | 49703 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.497306108 CEST | 49704 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:13.497359991 CEST | 443 | 49704 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.497500896 CEST | 49704 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:13.497864962 CEST | 49704 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:13.497881889 CEST | 443 | 49704 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.536019087 CEST | 443 | 49704 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.536612988 CEST | 49704 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:13.536647081 CEST | 443 | 49704 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.538568020 CEST | 49704 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:13.538578033 CEST | 443 | 49704 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.714524031 CEST | 443 | 49704 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.714754105 CEST | 443 | 49704 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.714880943 CEST | 49704 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:13.714926958 CEST | 443 | 49704 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.714962959 CEST | 49704 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:13.714962959 CEST | 49704 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:13.714977026 CEST | 443 | 49704 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.714986086 CEST | 443 | 49704 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.827428102 CEST | 49705 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:13.827502012 CEST | 443 | 49705 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.828222036 CEST | 49705 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:13.828222036 CEST | 49705 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:13.828273058 CEST | 443 | 49705 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.866235018 CEST | 443 | 49705 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.868813038 CEST | 49705 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:13.868813038 CEST | 49705 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:13.868942022 CEST | 443 | 49705 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.895056009 CEST | 443 | 49705 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.895149946 CEST | 443 | 49705 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.895385981 CEST | 49705 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:13.895385981 CEST | 49705 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:13.896238089 CEST | 49705 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:13.896267891 CEST | 443 | 49705 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.913656950 CEST | 49706 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.913693905 CEST | 443 | 49706 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.913788080 CEST | 49706 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.914146900 CEST | 49706 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.914163113 CEST | 443 | 49706 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.955135107 CEST | 443 | 49706 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.955245972 CEST | 49706 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.955635071 CEST | 49706 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.955651045 CEST | 443 | 49706 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.958156109 CEST | 49706 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.958173990 CEST | 443 | 49706 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.983402014 CEST | 443 | 49706 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.983493090 CEST | 443 | 49706 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.983520985 CEST | 49706 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.983568907 CEST | 49706 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.983755112 CEST | 49706 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.983794928 CEST | 443 | 49706 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.983819008 CEST | 49706 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:13.983871937 CEST | 49706 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.002818108 CEST | 49707 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.002882957 CEST | 443 | 49707 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.003266096 CEST | 49707 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.003379107 CEST | 49707 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.003401041 CEST | 443 | 49707 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.042618990 CEST | 443 | 49707 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.042887926 CEST | 49707 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.043725967 CEST | 49707 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.048585892 CEST | 49707 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.048693895 CEST | 443 | 49707 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.071033955 CEST | 443 | 49707 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.071234941 CEST | 443 | 49707 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.071331978 CEST | 49707 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.071332932 CEST | 49707 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.071446896 CEST | 49707 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.071497917 CEST | 443 | 49707 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.071530104 CEST | 49707 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.071830034 CEST | 49707 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.184176922 CEST | 49708 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:14.184231997 CEST | 443 | 49708 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.185066938 CEST | 49708 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:14.185066938 CEST | 49708 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:14.185120106 CEST | 443 | 49708 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.223989964 CEST | 443 | 49708 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.225547075 CEST | 49708 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:14.225575924 CEST | 443 | 49708 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.227071047 CEST | 49708 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:14.227081060 CEST | 443 | 49708 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.381501913 CEST | 443 | 49708 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.381603003 CEST | 443 | 49708 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.381715059 CEST | 49708 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:14.381860971 CEST | 49708 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:14.381860971 CEST | 49708 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:14.381880045 CEST | 443 | 49708 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.381891012 CEST | 443 | 49708 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.508158922 CEST | 49709 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:14.508213997 CEST | 443 | 49709 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.508326054 CEST | 49709 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:14.508681059 CEST | 49709 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:14.508698940 CEST | 443 | 49709 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.548810959 CEST | 443 | 49709 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.549654007 CEST | 49709 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:14.549674988 CEST | 443 | 49709 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.551974058 CEST | 49709 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:14.551985979 CEST | 443 | 49709 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.576965094 CEST | 443 | 49709 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.577059031 CEST | 443 | 49709 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.577168941 CEST | 49709 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:14.577250957 CEST | 49709 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:14.577272892 CEST | 443 | 49709 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.577291012 CEST | 49709 | 443 | 192.168.2.7 | 18.66.192.71 |
| Aug 3, 2023 08:14:14.577301025 CEST | 443 | 49709 | 18.66.192.71 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.587845087 CEST | 49710 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.587903976 CEST | 443 | 49710 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.588222980 CEST | 49710 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.588500977 CEST | 49710 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.588516951 CEST | 443 | 49710 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.628932953 CEST | 443 | 49710 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.629594088 CEST | 49710 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.629594088 CEST | 49710 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.629625082 CEST | 443 | 49710 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.633929968 CEST | 49710 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.633951902 CEST | 443 | 49710 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.657682896 CEST | 443 | 49710 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.657774925 CEST | 443 | 49710 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.657835960 CEST | 49710 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.657835960 CEST | 49710 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.657932997 CEST | 49710 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.657932997 CEST | 49710 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.657963991 CEST | 443 | 49710 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.658833027 CEST | 49710 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.677987099 CEST | 49711 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.678044081 CEST | 443 | 49711 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.678160906 CEST | 49711 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.678452015 CEST | 49711 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.678468943 CEST | 443 | 49711 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.719845057 CEST | 443 | 49711 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.719928026 CEST | 49711 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.720526934 CEST | 49711 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.720549107 CEST | 443 | 49711 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.723989964 CEST | 49711 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.724014044 CEST | 443 | 49711 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.748445988 CEST | 443 | 49711 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.748545885 CEST | 443 | 49711 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.748548031 CEST | 49711 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.748617887 CEST | 49711 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.748651028 CEST | 49711 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.748681068 CEST | 443 | 49711 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.748699903 CEST | 49711 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.748737097 CEST | 49711 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:14.902475119 CEST | 49712 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:14.902525902 CEST | 443 | 49712 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.902595997 CEST | 49712 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:14.903177977 CEST | 49712 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:14.903209925 CEST | 443 | 49712 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.962044954 CEST | 443 | 49712 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.962152958 CEST | 49712 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:14.963622093 CEST | 443 | 49712 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.963720083 CEST | 49712 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:14.966424942 CEST | 49712 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:14.966440916 CEST | 443 | 49712 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.967083931 CEST | 443 | 49712 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.970690012 CEST | 49712 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:15.010806084 CEST | 443 | 49712 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:15.086056948 CEST | 443 | 49712 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:15.086214066 CEST | 443 | 49712 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:15.086359024 CEST | 49712 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:15.087194920 CEST | 49712 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:15.087225914 CEST | 443 | 49712 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:15.114604950 CEST | 49713 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:15.114670992 CEST | 443 | 49713 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:15.114813089 CEST | 49713 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:15.115118027 CEST | 49713 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:15.115143061 CEST | 443 | 49713 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:15.170269012 CEST | 443 | 49713 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:15.176851988 CEST | 49713 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:15.176884890 CEST | 443 | 49713 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:15.178479910 CEST | 49713 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:15.178493977 CEST | 443 | 49713 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:15.829472065 CEST | 443 | 49713 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:15.829559088 CEST | 443 | 49713 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:15.829679012 CEST | 49713 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:15.829679012 CEST | 49713 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:15.829772949 CEST | 49713 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:15.829797983 CEST | 443 | 49713 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:15.837546110 CEST | 49714 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:15.837591887 CEST | 443 | 49714 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:15.837654114 CEST | 49714 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:15.838001013 CEST | 49714 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:15.838027000 CEST | 443 | 49714 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:15.890163898 CEST | 443 | 49714 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:15.891309023 CEST | 49714 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:15.891344070 CEST | 443 | 49714 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:15.893898964 CEST | 49714 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:15.893915892 CEST | 443 | 49714 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:16.521562099 CEST | 443 | 49714 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:16.521742105 CEST | 443 | 49714 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:16.521830082 CEST | 49714 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:16.521938086 CEST | 49714 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:16.522002935 CEST | 443 | 49714 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:16.555166006 CEST | 49715 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:16.555231094 CEST | 443 | 49715 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:16.555438042 CEST | 49715 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:16.555938005 CEST | 49715 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:16.555963039 CEST | 443 | 49715 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:16.612648964 CEST | 443 | 49715 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:16.612799883 CEST | 49715 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:16.614051104 CEST | 443 | 49715 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:16.614145994 CEST | 49715 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:16.621707916 CEST | 49715 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:16.621742964 CEST | 443 | 49715 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:16.622127056 CEST | 443 | 49715 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:16.622215986 CEST | 49715 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:16.622849941 CEST | 49715 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:16.670800924 CEST | 443 | 49715 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:17.294323921 CEST | 443 | 49715 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:17.294375896 CEST | 443 | 49715 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:17.294433117 CEST | 49715 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:17.294464111 CEST | 443 | 49715 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:17.294492960 CEST | 49715 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:17.294518948 CEST | 49715 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:17.294537067 CEST | 443 | 49715 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:17.294578075 CEST | 443 | 49715 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:17.294600964 CEST | 49715 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:17.294619083 CEST | 49715 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:17.295005083 CEST | 49715 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:17.295031071 CEST | 443 | 49715 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:17.295062065 CEST | 49715 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:17.295087099 CEST | 49715 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:17.303968906 CEST | 49716 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:17.304017067 CEST | 443 | 49716 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:17.304116011 CEST | 49716 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:17.304419041 CEST | 49716 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:17.304435015 CEST | 443 | 49716 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:17.360411882 CEST | 443 | 49716 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:17.361174107 CEST | 49716 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:17.361254930 CEST | 443 | 49716 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:17.365369081 CEST | 49716 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:17.365422010 CEST | 443 | 49716 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:17.987092972 CEST | 443 | 49716 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:17.987286091 CEST | 443 | 49716 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:17.987479925 CEST | 49716 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:17.987973928 CEST | 49716 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:17.988022089 CEST | 443 | 49716 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:18.026976109 CEST | 49717 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:18.027036905 CEST | 443 | 49717 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:18.027148962 CEST | 49717 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:18.027579069 CEST | 49717 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:18.027600050 CEST | 443 | 49717 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:18.081372976 CEST | 443 | 49717 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:18.082197905 CEST | 49717 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:18.082248926 CEST | 443 | 49717 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:18.084172964 CEST | 49717 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:18.084197998 CEST | 443 | 49717 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:18.253545046 CEST | 443 | 49717 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:18.253657103 CEST | 443 | 49717 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:18.253746033 CEST | 49717 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:18.253794909 CEST | 49717 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:18.253794909 CEST | 49717 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:18.253819942 CEST | 443 | 49717 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:18.253832102 CEST | 443 | 49717 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:18.261785030 CEST | 49718 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:18.261845112 CEST | 443 | 49718 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:18.261929989 CEST | 49718 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:18.262223005 CEST | 49718 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:18.262254000 CEST | 443 | 49718 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:18.316881895 CEST | 443 | 49718 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:18.316994905 CEST | 49718 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:18.317414045 CEST | 49718 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:18.317433119 CEST | 443 | 49718 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:18.320046902 CEST | 49718 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:18.320070028 CEST | 443 | 49718 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:18.481148958 CEST | 443 | 49718 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:18.481209993 CEST | 443 | 49718 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:18.481373072 CEST | 443 | 49718 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:18.481417894 CEST | 49718 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:18.481462002 CEST | 49718 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:18.481903076 CEST | 49718 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:18.481935024 CEST | 443 | 49718 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:18.481961966 CEST | 49718 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:18.482019901 CEST | 49718 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:18.500138998 CEST | 49719 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:18.500185966 CEST | 443 | 49719 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:18.500292063 CEST | 49719 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:18.500571966 CEST | 49719 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:18.500588894 CEST | 443 | 49719 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:18.551937103 CEST | 443 | 49719 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:18.552505016 CEST | 49719 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:18.552524090 CEST | 443 | 49719 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:18.555098057 CEST | 49719 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:18.555113077 CEST | 443 | 49719 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:19.178740025 CEST | 443 | 49719 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:19.178889990 CEST | 443 | 49719 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:19.178976059 CEST | 49719 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:19.179271936 CEST | 49719 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:19.179294109 CEST | 443 | 49719 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:19.213754892 CEST | 49720 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:19.213802099 CEST | 443 | 49720 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:19.213897943 CEST | 49720 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:19.214096069 CEST | 49720 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:19.214112043 CEST | 443 | 49720 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:19.273614883 CEST | 443 | 49720 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:19.274091959 CEST | 49720 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:19.274115086 CEST | 443 | 49720 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:19.275659084 CEST | 49720 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:19.275671959 CEST | 443 | 49720 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:19.931565046 CEST | 443 | 49720 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:19.931749105 CEST | 443 | 49720 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:19.931883097 CEST | 49720 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:19.931884050 CEST | 49720 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:19.931966066 CEST | 443 | 49720 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:19.932079077 CEST | 49720 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:19.932106972 CEST | 443 | 49720 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:19.942374945 CEST | 49721 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:19.942445040 CEST | 443 | 49721 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:19.942528963 CEST | 49721 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:19.942934990 CEST | 49721 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:19.942966938 CEST | 443 | 49721 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:20.000662088 CEST | 443 | 49721 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:20.000804901 CEST | 49721 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:20.001158953 CEST | 49721 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:20.001183033 CEST | 443 | 49721 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:20.004158974 CEST | 49721 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:20.004187107 CEST | 443 | 49721 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:20.662828922 CEST | 443 | 49721 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:20.662950039 CEST | 443 | 49721 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:20.663006067 CEST | 49721 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:20.663038969 CEST | 443 | 49721 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:20.663060904 CEST | 49721 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:20.663089991 CEST | 49721 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:20.663100004 CEST | 443 | 49721 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:20.663146973 CEST | 49721 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:20.663153887 CEST | 443 | 49721 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:20.663213968 CEST | 443 | 49721 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:20.663255930 CEST | 49721 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:20.663276911 CEST | 49721 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:20.668466091 CEST | 49721 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:20.668514967 CEST | 443 | 49721 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:20.668531895 CEST | 49721 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:20.668603897 CEST | 49721 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:20.670888901 CEST | 49722 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:20.670944929 CEST | 443 | 49722 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:20.671032906 CEST | 49722 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:20.671317101 CEST | 49722 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:20.671340942 CEST | 443 | 49722 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:20.731837988 CEST | 443 | 49722 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:20.732706070 CEST | 49722 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:20.732762098 CEST | 443 | 49722 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:20.736618996 CEST | 49722 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:20.736649990 CEST | 443 | 49722 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:20.968724012 CEST | 443 | 49722 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:20.968952894 CEST | 443 | 49722 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:20.969052076 CEST | 49722 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:21.002094030 CEST | 49722 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:21.002142906 CEST | 443 | 49722 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:21.030204058 CEST | 49723 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:21.030270100 CEST | 443 | 49723 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:21.030574083 CEST | 49723 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:21.030791998 CEST | 49723 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:21.030819893 CEST | 443 | 49723 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:21.086246967 CEST | 443 | 49723 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:21.088644028 CEST | 49723 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:21.088704109 CEST | 443 | 49723 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:21.094140053 CEST | 49723 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:21.094181061 CEST | 443 | 49723 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:21.757426023 CEST | 443 | 49723 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:21.757536888 CEST | 443 | 49723 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:21.757829905 CEST | 49723 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:21.758018017 CEST | 49723 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:21.758048058 CEST | 443 | 49723 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:21.758177996 CEST | 49723 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:21.758193970 CEST | 443 | 49723 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:21.773540020 CEST | 49724 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:21.773600101 CEST | 443 | 49724 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:21.773688078 CEST | 49724 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:21.774240017 CEST | 49724 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:21.774274111 CEST | 443 | 49724 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:21.832262993 CEST | 443 | 49724 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:21.832360029 CEST | 49724 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:21.833139896 CEST | 49724 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:21.833163977 CEST | 443 | 49724 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:21.837723970 CEST | 49724 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:21.837754011 CEST | 443 | 49724 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:22.024755001 CEST | 443 | 49724 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:22.024821043 CEST | 443 | 49724 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:22.024957895 CEST | 443 | 49724 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:22.025021076 CEST | 49724 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:22.025068998 CEST | 49724 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:22.055824041 CEST | 49724 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:22.055866957 CEST | 443 | 49724 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:22.055943966 CEST | 49724 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:22.055943966 CEST | 49724 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:23.319870949 CEST | 49725 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:23.319947004 CEST | 443 | 49725 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:23.320059061 CEST | 49725 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:23.320317984 CEST | 49725 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:23.320349932 CEST | 443 | 49725 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:23.377497911 CEST | 443 | 49725 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:23.378192902 CEST | 49725 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:23.378223896 CEST | 443 | 49725 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:23.382245064 CEST | 49725 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:23.382275105 CEST | 443 | 49725 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:23.509910107 CEST | 443 | 49725 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:23.510278940 CEST | 443 | 49725 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:23.510385990 CEST | 49725 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:23.510447025 CEST | 49725 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:23.510483980 CEST | 443 | 49725 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:23.534815073 CEST | 49726 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:23.534857035 CEST | 443 | 49726 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:23.534972906 CEST | 49726 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:23.535645008 CEST | 49726 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:23.535664082 CEST | 443 | 49726 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:23.591025114 CEST | 443 | 49726 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:23.591926098 CEST | 49726 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:23.591943026 CEST | 443 | 49726 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:23.595662117 CEST | 49726 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:23.595669985 CEST | 443 | 49726 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.252630949 CEST | 443 | 49726 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.252842903 CEST | 443 | 49726 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.252969027 CEST | 49726 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.252969027 CEST | 49726 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.252969027 CEST | 49726 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.252996922 CEST | 443 | 49726 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.263473034 CEST | 49727 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.263561010 CEST | 443 | 49727 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.263662100 CEST | 49727 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.264065981 CEST | 49727 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.264122009 CEST | 443 | 49727 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.324737072 CEST | 443 | 49727 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.324815035 CEST | 49727 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.325402021 CEST | 49727 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.325416088 CEST | 443 | 49727 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.328001022 CEST | 49727 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.328016996 CEST | 443 | 49727 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.504066944 CEST | 443 | 49727 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.504220963 CEST | 443 | 49727 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.504230022 CEST | 49727 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.504271030 CEST | 443 | 49727 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.504303932 CEST | 49727 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.504323959 CEST | 49727 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.504379988 CEST | 443 | 49727 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.504441977 CEST | 49727 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.504479885 CEST | 443 | 49727 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.504540920 CEST | 49727 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.504605055 CEST | 443 | 49727 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.504673004 CEST | 49727 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.553455114 CEST | 49727 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.553509951 CEST | 443 | 49727 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.553534985 CEST | 49727 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.553570032 CEST | 49727 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.560230017 CEST | 49726 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.560256958 CEST | 443 | 49726 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.560782909 CEST | 49728 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.560841084 CEST | 443 | 49728 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.560941935 CEST | 49728 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.561350107 CEST | 49728 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.561388969 CEST | 443 | 49728 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.622889996 CEST | 443 | 49728 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.623840094 CEST | 49728 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.623883963 CEST | 443 | 49728 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.626141071 CEST | 49728 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.626168966 CEST | 443 | 49728 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.756702900 CEST | 443 | 49728 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.757240057 CEST | 443 | 49728 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.757381916 CEST | 49728 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.757884979 CEST | 49728 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.757920980 CEST | 443 | 49728 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.798824072 CEST | 49729 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.798922062 CEST | 443 | 49729 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.799083948 CEST | 49729 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.799338102 CEST | 49729 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.799381018 CEST | 443 | 49729 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.863683939 CEST | 443 | 49729 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.864264011 CEST | 49729 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.864309072 CEST | 443 | 49729 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:24.865767002 CEST | 49729 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:24.865803957 CEST | 443 | 49729 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:25.026401997 CEST | 443 | 49729 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:25.026863098 CEST | 443 | 49729 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:25.027003050 CEST | 49729 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:25.027105093 CEST | 49729 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:25.027105093 CEST | 49729 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:25.027137041 CEST | 443 | 49729 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:25.027154922 CEST | 443 | 49729 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:25.034697056 CEST | 49730 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:25.034745932 CEST | 443 | 49730 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:25.034902096 CEST | 49730 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:25.035202026 CEST | 49730 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:25.035218000 CEST | 443 | 49730 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:25.097076893 CEST | 443 | 49730 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:25.097517967 CEST | 49730 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:25.098074913 CEST | 49730 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:25.098089933 CEST | 443 | 49730 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:25.100972891 CEST | 49730 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:25.100997925 CEST | 443 | 49730 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:25.765691042 CEST | 443 | 49730 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:25.765770912 CEST | 443 | 49730 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:25.765912056 CEST | 49730 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:25.765943050 CEST | 443 | 49730 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:25.765985966 CEST | 49730 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:25.765995979 CEST | 443 | 49730 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:25.766107082 CEST | 49730 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:25.766551971 CEST | 49730 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:25.766582966 CEST | 443 | 49730 | 142.250.203.97 | 192.168.2.7 |
| Aug 3, 2023 08:14:25.766596079 CEST | 49730 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:25.766668081 CEST | 49730 | 443 | 192.168.2.7 | 142.250.203.97 |
| Aug 3, 2023 08:14:26.689609051 CEST | 49731 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:26.689683914 CEST | 443 | 49731 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:26.689817905 CEST | 49731 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:26.690145016 CEST | 49731 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:26.690215111 CEST | 443 | 49731 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:26.730645895 CEST | 443 | 49731 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:26.730829954 CEST | 49731 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:26.731370926 CEST | 49731 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:26.731404066 CEST | 443 | 49731 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:26.735035896 CEST | 49731 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:26.735065937 CEST | 443 | 49731 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:26.758816004 CEST | 443 | 49731 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:26.758960962 CEST | 443 | 49731 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:26.759026051 CEST | 49731 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:26.759077072 CEST | 49731 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:26.759309053 CEST | 49731 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:26.759344101 CEST | 443 | 49731 | 18.66.192.52 | 192.168.2.7 |
| Aug 3, 2023 08:14:26.759377956 CEST | 49731 | 443 | 192.168.2.7 | 18.66.192.52 |
| Aug 3, 2023 08:14:26.759414911 CEST | 49731 | 443 | 192.168.2.7 | 18.66.192.52 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Aug 3, 2023 08:14:09.148771048 CEST | 50505 | 53 | 192.168.2.7 | 8.8.8.8 |
| Aug 3, 2023 08:14:09.186094999 CEST | 53 | 50505 | 8.8.8.8 | 192.168.2.7 |
| Aug 3, 2023 08:14:13.178793907 CEST | 63926 | 53 | 192.168.2.7 | 8.8.8.8 |
| Aug 3, 2023 08:14:13.224915028 CEST | 53 | 63926 | 8.8.8.8 | 192.168.2.7 |
| Aug 3, 2023 08:14:14.854551077 CEST | 53336 | 53 | 192.168.2.7 | 8.8.8.8 |
| Aug 3, 2023 08:14:14.901240110 CEST | 53 | 53336 | 8.8.8.8 | 192.168.2.7 |
| Aug 3, 2023 08:14:16.532018900 CEST | 51007 | 53 | 192.168.2.7 | 8.8.8.8 |
| Aug 3, 2023 08:14:16.552572966 CEST | 53 | 51007 | 8.8.8.8 | 192.168.2.7 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Aug 3, 2023 08:14:09.148771048 CEST | 192.168.2.7 | 8.8.8.8 | 0x259d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Aug 3, 2023 08:14:13.178793907 CEST | 192.168.2.7 | 8.8.8.8 | 0xd2aa | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Aug 3, 2023 08:14:14.854551077 CEST | 192.168.2.7 | 8.8.8.8 | 0xcebd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Aug 3, 2023 08:14:16.532018900 CEST | 192.168.2.7 | 8.8.8.8 | 0xbc31 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Aug 3, 2023 08:14:09.186094999 CEST | 8.8.8.8 | 192.168.2.7 | 0x259d | No error (0) | dd6qg4wn9ejpd.cloudfront.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Aug 3, 2023 08:14:09.186094999 CEST | 8.8.8.8 | 192.168.2.7 | 0x259d | No error (0) | 18.66.192.71 | A (IP address) | IN (0x0001) | false | ||
| Aug 3, 2023 08:14:09.186094999 CEST | 8.8.8.8 | 192.168.2.7 | 0x259d | No error (0) | 18.66.192.79 | A (IP address) | IN (0x0001) | false | ||
| Aug 3, 2023 08:14:09.186094999 CEST | 8.8.8.8 | 192.168.2.7 | 0x259d | No error (0) | 18.66.192.93 | A (IP address) | IN (0x0001) | false | ||
| Aug 3, 2023 08:14:09.186094999 CEST | 8.8.8.8 | 192.168.2.7 | 0x259d | No error (0) | 18.66.192.52 | A (IP address) | IN (0x0001) | false | ||
| Aug 3, 2023 08:14:13.224915028 CEST | 8.8.8.8 | 192.168.2.7 | 0xd2aa | No error (0) | dd6qg4wn9ejpd.cloudfront.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Aug 3, 2023 08:14:13.224915028 CEST | 8.8.8.8 | 192.168.2.7 | 0xd2aa | No error (0) | 18.66.192.52 | A (IP address) | IN (0x0001) | false | ||
| Aug 3, 2023 08:14:13.224915028 CEST | 8.8.8.8 | 192.168.2.7 | 0xd2aa | No error (0) | 18.66.192.79 | A (IP address) | IN (0x0001) | false | ||
| Aug 3, 2023 08:14:13.224915028 CEST | 8.8.8.8 | 192.168.2.7 | 0xd2aa | No error (0) | 18.66.192.71 | A (IP address) | IN (0x0001) | false | ||
| Aug 3, 2023 08:14:13.224915028 CEST | 8.8.8.8 | 192.168.2.7 | 0xd2aa | No error (0) | 18.66.192.93 | A (IP address) | IN (0x0001) | false | ||
| Aug 3, 2023 08:14:14.901240110 CEST | 8.8.8.8 | 192.168.2.7 | 0xcebd | No error (0) | blogspot.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Aug 3, 2023 08:14:14.901240110 CEST | 8.8.8.8 | 192.168.2.7 | 0xcebd | No error (0) | 142.250.203.97 | A (IP address) | IN (0x0001) | false | ||
| Aug 3, 2023 08:14:16.552572966 CEST | 8.8.8.8 | 192.168.2.7 | 0xbc31 | No error (0) | blogspot.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Aug 3, 2023 08:14:16.552572966 CEST | 8.8.8.8 | 192.168.2.7 | 0xbc31 | No error (0) | 142.250.203.97 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 0 | 192.168.2.7 | 49699 | 18.66.192.71 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:09 UTC | 0 | OUT | |
| 2023-08-03 06:14:09 UTC | 0 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 1 | 192.168.2.7 | 49700 | 18.66.192.71 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:09 UTC | 0 | OUT | |
| 2023-08-03 06:14:09 UTC | 1 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 10 | 192.168.2.7 | 49709 | 18.66.192.71 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:14 UTC | 26 | OUT | |
| 2023-08-03 06:14:14 UTC | 26 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 11 | 192.168.2.7 | 49710 | 18.66.192.52 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:14 UTC | 27 | OUT | |
| 2023-08-03 06:14:14 UTC | 27 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 12 | 192.168.2.7 | 49711 | 18.66.192.52 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:14 UTC | 28 | OUT | |
| 2023-08-03 06:14:14 UTC | 28 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 13 | 192.168.2.7 | 49712 | 142.250.203.97 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:14 UTC | 29 | OUT | |
| 2023-08-03 06:14:15 UTC | 29 | IN | |
| 2023-08-03 06:14:15 UTC | 30 | IN | |
| 2023-08-03 06:14:15 UTC | 30 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 14 | 192.168.2.7 | 49713 | 142.250.203.97 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:15 UTC | 30 | OUT | |
| 2023-08-03 06:14:15 UTC | 30 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 15 | 192.168.2.7 | 49714 | 142.250.203.97 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:15 UTC | 31 | OUT | |
| 2023-08-03 06:14:16 UTC | 31 | IN | |
| 2023-08-03 06:14:16 UTC | 31 | IN | |
| 2023-08-03 06:14:16 UTC | 32 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 16 | 192.168.2.7 | 49715 | 142.250.203.97 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:16 UTC | 32 | OUT | |
| 2023-08-03 06:14:17 UTC | 32 | IN | |
| 2023-08-03 06:14:17 UTC | 32 | IN | |
| 2023-08-03 06:14:17 UTC | 33 | IN | |
| 2023-08-03 06:14:17 UTC | 34 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 17 | 192.168.2.7 | 49716 | 142.250.203.97 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:17 UTC | 35 | OUT | |
| 2023-08-03 06:14:17 UTC | 35 | IN | |
| 2023-08-03 06:14:17 UTC | 35 | IN | |
| 2023-08-03 06:14:17 UTC | 36 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 18 | 192.168.2.7 | 49717 | 142.250.203.97 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:18 UTC | 36 | OUT | |
| 2023-08-03 06:14:18 UTC | 36 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 19 | 192.168.2.7 | 49718 | 142.250.203.97 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:18 UTC | 36 | OUT | |
| 2023-08-03 06:14:18 UTC | 37 | IN | |
| 2023-08-03 06:14:18 UTC | 37 | IN | |
| 2023-08-03 06:14:18 UTC | 38 | IN | |
| 2023-08-03 06:14:18 UTC | 39 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 2 | 192.168.2.7 | 49701 | 18.66.192.71 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:12 UTC | 2 | OUT | |
| 2023-08-03 06:14:13 UTC | 2 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 20 | 192.168.2.7 | 49719 | 142.250.203.97 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:18 UTC | 39 | OUT | |
| 2023-08-03 06:14:19 UTC | 40 | IN | |
| 2023-08-03 06:14:19 UTC | 40 | IN | |
| 2023-08-03 06:14:19 UTC | 40 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 21 | 192.168.2.7 | 49720 | 142.250.203.97 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:19 UTC | 40 | OUT | |
| 2023-08-03 06:14:19 UTC | 41 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 22 | 192.168.2.7 | 49721 | 142.250.203.97 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:20 UTC | 41 | OUT | |
| 2023-08-03 06:14:20 UTC | 41 | IN | |
| 2023-08-03 06:14:20 UTC | 42 | IN | |
| 2023-08-03 06:14:20 UTC | 42 | IN | |
| 2023-08-03 06:14:20 UTC | 44 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 23 | 192.168.2.7 | 49722 | 142.250.203.97 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:20 UTC | 44 | OUT | |
| 2023-08-03 06:14:20 UTC | 44 | IN | |
| 2023-08-03 06:14:20 UTC | 45 | IN | |
| 2023-08-03 06:14:20 UTC | 45 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 24 | 192.168.2.7 | 49723 | 142.250.203.97 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:21 UTC | 45 | OUT | |
| 2023-08-03 06:14:21 UTC | 45 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 25 | 192.168.2.7 | 49724 | 142.250.203.97 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:21 UTC | 46 | OUT | |
| 2023-08-03 06:14:22 UTC | 46 | IN | |
| 2023-08-03 06:14:22 UTC | 46 | IN | |
| 2023-08-03 06:14:22 UTC | 47 | IN | |
| 2023-08-03 06:14:22 UTC | 48 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 26 | 192.168.2.7 | 49725 | 142.250.203.97 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:23 UTC | 49 | OUT | |
| 2023-08-03 06:14:23 UTC | 49 | IN | |
| 2023-08-03 06:14:23 UTC | 50 | IN | |
| 2023-08-03 06:14:23 UTC | 50 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 27 | 192.168.2.7 | 49726 | 142.250.203.97 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:23 UTC | 50 | OUT | |
| 2023-08-03 06:14:24 UTC | 50 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 28 | 192.168.2.7 | 49727 | 142.250.203.97 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:24 UTC | 50 | OUT | |
| 2023-08-03 06:14:24 UTC | 51 | IN | |
| 2023-08-03 06:14:24 UTC | 51 | IN | |
| 2023-08-03 06:14:24 UTC | 52 | IN | |
| 2023-08-03 06:14:24 UTC | 53 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 29 | 192.168.2.7 | 49728 | 142.250.203.97 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:24 UTC | 54 | OUT | |
| 2023-08-03 06:14:24 UTC | 54 | IN | |
| 2023-08-03 06:14:24 UTC | 54 | IN | |
| 2023-08-03 06:14:24 UTC | 54 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 3 | 192.168.2.7 | 49702 | 18.66.192.52 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:13 UTC | 2 | OUT | |
| 2023-08-03 06:14:13 UTC | 3 | IN | |
| 2023-08-03 06:14:13 UTC | 4 | IN | |
| 2023-08-03 06:14:13 UTC | 19 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 30 | 192.168.2.7 | 49729 | 142.250.203.97 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:24 UTC | 54 | OUT | |
| 2023-08-03 06:14:25 UTC | 55 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 31 | 192.168.2.7 | 49730 | 142.250.203.97 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:25 UTC | 55 | OUT | |
| 2023-08-03 06:14:25 UTC | 55 | IN | |
| 2023-08-03 06:14:25 UTC | 56 | IN | |
| 2023-08-03 06:14:25 UTC | 57 | IN | |
| 2023-08-03 06:14:25 UTC | 58 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 32 | 192.168.2.7 | 49731 | 18.66.192.52 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:26 UTC | 58 | OUT | |
| 2023-08-03 06:14:26 UTC | 58 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 4 | 192.168.2.7 | 49703 | 18.66.192.52 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:13 UTC | 19 | OUT | |
| 2023-08-03 06:14:13 UTC | 20 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 5 | 192.168.2.7 | 49704 | 18.66.192.71 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:13 UTC | 21 | OUT | |
| 2023-08-03 06:14:13 UTC | 21 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 6 | 192.168.2.7 | 49705 | 18.66.192.71 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:13 UTC | 21 | OUT | |
| 2023-08-03 06:14:13 UTC | 22 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 7 | 192.168.2.7 | 49706 | 18.66.192.52 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:13 UTC | 23 | OUT | |
| 2023-08-03 06:14:13 UTC | 23 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 8 | 192.168.2.7 | 49707 | 18.66.192.52 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:14 UTC | 24 | OUT | |
| 2023-08-03 06:14:14 UTC | 24 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 9 | 192.168.2.7 | 49708 | 18.66.192.71 | 443 | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-08-03 06:14:14 UTC | 25 | OUT | |
| 2023-08-03 06:14:14 UTC | 25 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 08:14:04 |
| Start date: | 03/08/2023 |
| Path: | C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x1130000 |
| File size: | 1'937'688 bytes |
| MD5 hash: | 0B9AB9B9C4DE429473D6450D4297A123 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Target ID: | 1 |
| Start time: | 08:14:08 |
| Start date: | 03/08/2023 |
| Path: | C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xd10000 |
| File size: | 466'688 bytes |
| MD5 hash: | EA19F4A0D18162BE3A0C8DAD249ADE8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Target ID: | 2 |
| Start time: | 08:14:08 |
| Start date: | 03/08/2023 |
| Path: | C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xd10000 |
| File size: | 466'688 bytes |
| MD5 hash: | EA19F4A0D18162BE3A0C8DAD249ADE8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Target ID: | 7 |
| Start time: | 08:15:18 |
| Start date: | 03/08/2023 |
| Path: | C:\Windows\splwow64.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff717f10000 |
| File size: | 130'560 bytes |
| MD5 hash: | 8D59B31FF375059E3C32B17BF31A76D5 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
⊘No disassembly