Edit tour
Windows
Analysis Report
invoice.docx.doc
Overview
General Information
| Sample name: | invoice.docx.doc |
| Analysis ID: | 1482854 |
| MD5: | b75bd88d4f4f2a7a5e77a4109d55c6ea |
| SHA1: | 064c35b26c31413319d938fbc6ebaa3c4c85392e |
| SHA256: | b74bbed109e630f69004a7372b4271fad04ace2cea48e99d730401738ee47deb |
| Tags: | doc |
| Infos: |   |
 | |
Detection
FormBook
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus detection for URL or domain
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Microsoft Office launches external ms-search protocol handler (WebDAV)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected FormBook
.NET source code contains potential unpacker
Adds a directory exclusion to Windows Defender
Contains an external reference to another file
Document exploit detected (process start blacklist hit)
Drops PE files with a suspicious file extension
Injects a PE file into a foreign processes
Installs new ROOT certificates
Machine Learning detection for dropped file
Microsoft Office drops suspicious files
Office drops RTF file
Office equation editor drops PE file
Office equation editor establishes network connection
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Office viewer loads remote template
Sigma detected: Equation Editor Network Connection
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Suspicious Microsoft Office Child Process
Allocates memory with a write watch (potentially for evading sandboxes)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Document contains Microsoft Equation 3.0 OLE entries
Document misses a certain OLE stream usually present in this Microsoft Office document type
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Office Equation Editor has been started
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Powershell Defender Exclusion
Sigma detected: SCR File Write Event
Sigma detected: Suspicious Office Outbound Connections
Sigma detected: Suspicious Screensaver Binary File Creation
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara signature match
Classification
- System is w7x64
WINWORD.EXE (PID: 2052 cmdline: "C:\Progra m Files\Mi crosoft Of fice\Offic e14\WINWOR D.EXE" /Au tomation - Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5) 
EQNEDT32.EXE (PID: 3224 cmdline: "C:\Progra m Files\Co mmon Files \Microsoft Shared\EQ UATION\EQN EDT32.EXE" -Embeddin g MD5: A87236E214F6D42A65F5DEDAC816AEC8) 
milliano89012.scr (PID: 3288 cmdline: "C:\Users\ user\AppDa ta\Roaming \milliano8 9012.scr" MD5: 3E71689FBA4D56A7F1C7923351518EA8) 
powershell.exe (PID: 3336 cmdline: "C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" Add-MpPref erence -Ex clusionPat h "C:\User s\user\App Data\Roami ng\millian o89012.scr " MD5: EB32C070E658937AA9FA9F3AE629B2B8) - milliano89012.scr (PID: 3364 cmdline:
"C:\Users\ user\AppDa ta\Roaming \milliano8 9012.scr" MD5: 3E71689FBA4D56A7F1C7923351518EA8)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| Formbook, Formbo | FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware. |
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| INDICATOR_RTF_MalVer_Objects | Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. | ditekSHen |
| |
| INDICATOR_RTF_MalVer_Objects | Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. | ditekSHen |
|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_FormBook_1 | Yara detected FormBook | Joe Security | ||
| Windows_Trojan_Formbook_1112e116 | unknown | unknown |
| |
| JoeSecurity_FormBook_1 | Yara detected FormBook | Joe Security | ||
| Windows_Trojan_Formbook_1112e116 | unknown | unknown |
|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_FormBook_1 | Yara detected FormBook | Joe Security | ||
| Windows_Trojan_Formbook_1112e116 | unknown | unknown |
| |
| JoeSecurity_FormBook_1 | Yara detected FormBook | Joe Security | ||
| Windows_Trojan_Formbook_1112e116 | unknown | unknown |
|
System Summary |   |
|---|
| Source: | Author: Max Altgelt (Nextron Systems): | ||
| Source: | Author: Florian Roth (Nextron Systems): | ||
| Source: | Author: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: | ||
| Source: | Author: Florian Roth (Nextron Systems): | ||
| Source: | Author: Christopher Peacock @securepeacock, SCYTHE @scythe_io: | ||
| Source: | Author: X__Junior (Nextron Systems): | ||
| Source: | Author: frack113: | ||
| Source: | Author: frack113: | ||
| Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): | ||
| Source: | Author: Nasreddine Bencherchali (Nextron Systems): | ||
| Source: | Author: frack113: | ||
⊘No Snort rule has matched
| Timestamp: | 2024-07-26T09:26:19.038068+0200 |
| SID: | 2022053 |
| Source Port: | 443 |
| Destination Port: | 49168 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
Exploits | |
|---|
| Source: | Network connect: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Stream path '_1783469528/\x1CompObj' : | ||
| Source: | Process created: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Software Vulnerabilities | |
|---|
| Source: | Process created: | ||
| Source: | Code function: | 10_2_00391DC0 | |
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | ASN Name: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
E-Banking Fraud | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
System Summary | |
|---|
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Code function: | 13_2_0042CE2F | |
| Source: | Code function: | 13_2_00DA07AC | |
| Source: | Code function: | 13_2_00D9F9F0 | |
| Source: | Code function: | 13_2_00D9FAE8 | |
| Source: | Code function: | 13_2_00D9FB68 | |
| Source: | Code function: | 13_2_00D9FDC0 | |
| Source: | Code function: | 13_2_00DA00C4 | |
| Source: | Code function: | 13_2_00DA0048 | |
| Source: | Code function: | 13_2_00DA0078 | |
| Source: | Code function: | 13_2_00DA0060 | |
| Source: | Code function: | 13_2_00DA01D4 | |
| Source: | Code function: | 13_2_00DA010C | |
| Source: | Code function: | 13_2_00DA0C40 | |
| Source: | Code function: | 13_2_00DA10D0 | |
| Source: | Code function: | 13_2_00DA1148 | |
| Source: | Code function: | 13_2_00D9F8CC | |
| Source: | Code function: | 13_2_00D9F900 | |
| Source: | Code function: | 13_2_00D9F938 | |
| Source: | Code function: | 13_2_00DA1930 | |
| Source: | Code function: | 13_2_00D9FAD0 | |
| Source: | Code function: | 13_2_00D9FAB8 | |
| Source: | Code function: | 13_2_00D9FA50 | |
| Source: | Code function: | 13_2_00D9FA20 | |
| Source: | Code function: | 13_2_00D9FBE8 | |
| Source: | Code function: | 13_2_00D9FBB8 | |
| Source: | Code function: | 13_2_00D9FB50 | |
| Source: | Code function: | 13_2_00D9FC90 | |
| Source: | Code function: | 13_2_00D9FC48 | |
| Source: | Code function: | 13_2_00D9FC60 | |
| Source: | Code function: | 13_2_00D9FC30 | |
| Source: | Code function: | 13_2_00D9FD8C | |
| Source: | Code function: | 13_2_00DA1D80 | |
| Source: | Code function: | 13_2_00D9FD5C | |
| Source: | Code function: | 13_2_00D9FED0 | |
| Source: | Code function: | 13_2_00D9FEA0 | |
| Source: | Code function: | 13_2_00D9FE24 | |
| Source: | Code function: | 13_2_00D9FFFC | |
| Source: | Code function: | 13_2_00D9FFB4 | |
| Source: | Code function: | 13_2_00D9FF34 | |
| Source: | Code function: | 9_2_00542F90 | |
| Source: | Code function: | 10_2_003953B4 | |
| Source: | Code function: | 10_2_00390544 | |
| Source: | Code function: | 10_2_003994A7 | |
| Source: | Code function: | 10_2_00396A48 | |
| Source: | Code function: | 10_2_00397AF4 | |
| Source: | Code function: | 10_2_00C921C9 | |
| Source: | Code function: | 10_2_00C99E40 | |
| Source: | Code function: | 10_2_00C972E0 | |
| Source: | Code function: | 10_2_00C972F0 | |
| Source: | Code function: | 10_2_00C9658A | |
| Source: | Code function: | 10_2_00C97728 | |
| Source: | Code function: | 10_2_00C969D0 | |
| Source: | Code function: | 10_2_00C96DF8 | |
| Source: | Code function: | 10_2_00C96E08 | |
| Source: | Code function: | 10_2_00395284 | |
| Source: | Code function: | 10_2_00395748 | |
| Source: | Code function: | 13_2_00403014 | |
| Source: | Code function: | 13_2_0040301C | |
| Source: | Code function: | 13_2_0040382D | |
| Source: | Code function: | 13_2_0040383C | |
| Source: | Code function: | 13_2_004108A7 | |
| Source: | Code function: | 13_2_004108AF | |
| Source: | Code function: | 13_2_0041712F | |
| Source: | Code function: | 13_2_00410ACF | |
| Source: | Code function: | 13_2_0040EB4F | |
| Source: | Code function: | 13_2_00401BBC | |
| Source: | Code function: | 13_2_0042F45F | |
| Source: | Code function: | 13_2_00401500 | |
| Source: | Code function: | 13_2_00403E3C | |
| Source: | Code function: | 13_2_00DAE0C6 | |
| Source: | Code function: | 13_2_00DAE2E9 | |
| Source: | Code function: | 13_2_00DD63DB | |
| Source: | Code function: | 13_2_00E563BF | |
| Source: | Code function: | 13_2_00DFA37B | |
| Source: | Code function: | 13_2_00DB2305 | |
| Source: | Code function: | 13_2_00E3443E | |
| Source: | Code function: | 13_2_00E305E3 | |
| Source: | Code function: | 13_2_00DCC5F0 | |
| Source: | Code function: | 13_2_00DF6540 | |
| Source: | Code function: | 13_2_00DBE6C1 | |
| Source: | Code function: | 13_2_00DB4680 | |
| Source: | Code function: | 13_2_00E52622 | |
| Source: | Code function: | 13_2_00DFA634 | |
| Source: | Code function: | 13_2_00DBC7BC | |
| Source: | Code function: | 13_2_00DBC85C | |
| Source: | Code function: | 13_2_00DD286D | |
| Source: | Code function: | 13_2_00E449F5 | |
| Source: | Code function: | 13_2_00DC69FE | |
| Source: | Code function: | 13_2_00DB29B2 | |
| Source: | Code function: | 13_2_00E5098E | |
| Source: | Code function: | 13_2_00DFC920 | |
| Source: | Code function: | 13_2_00E36BCB | |
| Source: | Code function: | 13_2_00E5CBA4 | |
| Source: | Code function: | 13_2_00E52C9C | |
| Source: | Code function: | 13_2_00E3AC5E | |
| Source: | Code function: | 13_2_00DBCD5B | |
| Source: | Code function: | 13_2_00DE0D3B | |
| Source: | Code function: | 13_2_00DCEE4C | |
| Source: | Code function: | 13_2_00DE2E2F | |
| Source: | Code function: | 13_2_00E22FDC | |
| Source: | Code function: | 13_2_00E4CFB1 | |
| Source: | Code function: | 13_2_00DC0F3F | |
| Source: | Code function: | 13_2_00DC905A | |
| Source: | Code function: | 13_2_00E2D06D | |
| Source: | Code function: | 13_2_00DB3040 | |
| Source: | Code function: | 13_2_00DDD005 | |
| Source: | Code function: | 13_2_00E3D13F | |
| Source: | Code function: | 13_2_00E51238 | |
| Source: | Code function: | 13_2_00DAF3CF | |
| Source: | Code function: | 13_2_00DB7353 | |
| Source: | Code function: | 13_2_00DC1489 | |
| Source: | Code function: | 13_2_00DE5485 | |
| Source: | Code function: | 13_2_00DED47D | |
| Source: | Code function: | 13_2_00E535DA | |
| Source: | Code function: | 13_2_00DB351F | |
| Source: | Code function: | 13_2_00DE57C3 | |
| Source: | Code function: | 13_2_00E3579A | |
| Source: | Code function: | 13_2_00E4771D | |
| Source: | Code function: | 13_2_00E4F8EE | |
| Source: | Code function: | 13_2_00E2F8C4 | |
| Source: | Code function: | 13_2_00E3394B | |
| Source: | Code function: | 13_2_00E35955 | |
| Source: | Code function: | 13_2_00E63A83 | |
| Source: | Code function: | 13_2_00DAFBD7 | |
| Source: | Code function: | 13_2_00E3DBDA | |
| Source: | Code function: | 13_2_00DD7B00 | |
| Source: | Code function: | 13_2_00E4FDDD | |
| Source: | Code function: | 13_2_00DDDF7C | |
| Source: | Code function: | 13_2_00E3BF14 | |
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Security API names: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | OLE indicator, Word Document stream: | ||
| Source: | OLE document summary: | ||
| Source: | OLE document summary: | ||
| Source: | OLE document summary: | ||
| Source: | Console Write: | Jump to behavior | ||
| Source: | Console Write: | Jump to behavior | ||
| Source: | Console Write: | Jump to behavior | ||
| Source: | Console Write: | Jump to behavior | ||
| Source: | Console Write: | Jump to behavior | ||
| Source: | Console Write: | Jump to behavior | ||
| Source: | Console Write: | Jump to behavior | ||
| Source: | Console Write: | Jump to behavior | ||
| Source: | Console Write: | Jump to behavior | ||
| Source: | Console Write: | Jump to behavior | ||
| Source: | Console Write: | Jump to behavior | ||
| Source: | Console Write: | Jump to behavior | ||
| Source: | Console Write: | Jump to behavior | ||
| Source: | Console Write: | Jump to behavior | ||
| Source: | Console Write: | Jump to behavior | ||
| Source: | Console Write: | Jump to behavior | ||
| Source: | Console Write: | Jump to behavior | ||
| Source: | Console Write: | Jump to behavior | ||
| Source: | Console Write: | Jump to behavior | ||
| Source: | Console Write: | Jump to behavior | ||
| Source: | Console Write: | Jump to behavior | ||
| Source: | Console Write: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | LNK file: | ||
| Source: | Window detected: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Initial sample: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Initial sample: | ||
Data Obfuscation | |
|---|
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | .Net Code: | ||
| Source: | Code function: | 13_2_00448B4B | |
| Source: | Code function: | 9_2_0054726B | |
| Source: | Code function: | 9_2_0054724B | |
| Source: | Code function: | 9_2_0054727B | |
| Source: | Code function: | 9_2_0054746F | |
| Source: | Code function: | 9_2_0054663B | |
| Source: | Code function: | 9_2_00546633 | |
| Source: | Code function: | 9_2_00543CDB | |
| Source: | Code function: | 9_2_00546F9F | |
| Source: | Code function: | 9_2_00543CEB | |
| Source: | Code function: | 9_2_00543CFB | |
| Source: | Code function: | 9_2_00543C9B | |
| Source: | Code function: | 9_2_0054728B | |
| Source: | Code function: | 9_2_0054688D | |
| Source: | Code function: | 9_2_00543D5B | |
| Source: | Code function: | 9_2_00543F77 | |
| Source: | Code function: | 9_2_0054717B | |
| Source: | Code function: | 9_2_0054718B | |
| Source: | Code function: | 9_2_00543F7F | |
| Source: | Code function: | 9_2_00538F61 | |
| Source: | Code function: | 9_2_00543D7B | |
| Source: | Code function: | 9_2_00543D3B | |
| Source: | Code function: | 9_2_00543D1B | |
| Source: | Code function: | 9_2_00543D4B | |
| Source: | Code function: | 9_2_005471DB | |
| Source: | Code function: | 9_2_005471EB | |
| Source: | Code function: | 9_2_005301F5 | |
| Source: | Code function: | 9_2_0054720B | |
| Source: | Code function: | 9_2_00543D9B | |
| Source: | Code function: | 9_2_00543D8B | |
| Source: | Code function: | 9_2_00546FA7 | |
| Source: | Code function: | 10_2_0039AFE9 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
| Source: | High entropy of concatenated method names: | ||
Persistence and Installation Behavior | |
|---|
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Extracted files from sample: | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | File dump: | Jump to dropped file | ||
| Source: | File dump: | Jump to dropped file | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Code function: | 13_2_00DF0101 | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | API coverage: | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Code function: | 13_2_00DF0101 | |
| Source: | Code function: | 13_2_00DA07AC | |
| Source: | Code function: | 13_2_00446B54 | |
| Source: | Code function: | 13_2_00448B4B | |
| Source: | Code function: | 13_2_00D900EA | |
| Source: | Code function: | 13_2_00D90080 | |
| Source: | Code function: | 13_2_00DB26F8 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Code function: | 13_2_00446B54 | |
| Source: | Code function: | 13_2_004485FB | |
| Source: | Memory allocated: | Jump to behavior | ||
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 13_2_0044812F | |
| Source: | Key value queried: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Command and Scripting Interpreter | 1 DLL Side-Loading | 111 Process Injection | 11 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 11 Disable or Modify Tools | LSASS Memory | 13 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | 33 Exploitation for Client Execution | Logon Script (Windows) | Logon Script (Windows) | 41 Virtualization/Sandbox Evasion | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 111 Process Injection | NTDS | 41 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 4 Obfuscated Files or Information | Cached Domain Credentials | 1 Remote System Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Install Root Certificate | DCSync | 1 File and Directory Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 12 Software Packing | Proc Filesystem | 14 System Information Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
| Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 1 DLL Side-Loading | /etc/passwd and /etc/shadow | Network Sniffing | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 30% | Virustotal | Browse | ||
| 29% | ReversingLabs | Document-Office.Exploit.CVE-2017-0199 |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Avira | EXP/CVE-2018-0798.Gen | ||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 45% | ReversingLabs | ByteCode-MSIL.Spyware.Negasteal | ||
| 34% | Virustotal | Browse | ||
| 45% | ReversingLabs | ByteCode-MSIL.Spyware.Negasteal | ||
| 34% | Virustotal | Browse |
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 6% | Virustotal | Browse |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 15% | Virustotal | Browse | ||
| 100% | Avira URL Cloud | malware | ||
| 0% | Avira URL Cloud | safe | ||
| 13% | Virustotal | Browse | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 0% | Virustotal | Browse | ||
| 12% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 6% | Virustotal | Browse |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| darpexllc.top | 188.114.97.3 | true | true |
| unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown | |
| true |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| true |
| unknown | ||
| false |
| unknown | ||
| true |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| true |
| unknown | ||
| true |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| true |
| unknown | ||
| true |
| unknown | ||
| true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 188.114.97.3 | darpexllc.top | European Union | 13335 | CLOUDFLARENETUS | true | |
| 188.114.96.3 | unknown | European Union | 13335 | CLOUDFLARENETUS | true |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1482854 |
| Start date and time: | 2024-07-26 09:25:05 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 8m 16s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsofficecookbook.jbs |
| Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
| Number of analysed new started processes analysed: | 16 |
| Number of new started drivers analysed: | 1 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | invoice.docx.doc |
| Detection: | MAL |
| Classification: | mal100.troj.expl.evad.winDOC@8/22@14/2 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): mrxdav.sys, dllhost.exe, rundll32.exe, WMIADAP.exe, conhost.exe
- Execution Graph export aborted for target EQNEDT32.EXE, PID 3224 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 03:26:16 | API Interceptor | |
| 03:26:18 | API Interceptor | |
| 03:26:20 | API Interceptor |
| Input | Output |
|---|---|
| URL: Office document Model: gpt-4o | ```json
{
"riskscore": 0,
"reasons": "The provided screenshot of the office document does not contain any visually prominent buttons or links. The text in the screenshot does not create a sense of urgency or interest, nor does it include phrases typically used in phishing attempts such as 'Click here to view document' or 'To view secured document click here'. Additionally, there is no impersonation of well-known brands. Therefore, there is no indication that this document is designed to mislead the user into clicking on a potentially harmful link."
} |
 |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 188.114.97.3 | Get hash | malicious | Remcos | Browse |
| |
| Get hash | malicious | Amadey, GO Backdoor | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | CobaltStrike | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| 188.114.96.3 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | FormBook, PureLog Stealer | Browse |
| ||
| Get hash | malicious | CobaltStrike | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Azorult, GuLoader | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| darpexllc.top | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CLOUDFLARENETUS | Get hash | malicious | Babadeda | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Amadey, Babadeda, RedLine, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | Babadeda | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Babadeda | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | Babadeda | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Amadey, Babadeda, RedLine, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | Babadeda | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Babadeda | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 05af1f5ca1b87cc9cc9b25185115607d | Get hash | malicious | Snake Keylogger | Browse |
| |
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
| Get hash | malicious | VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| 7dcce5b76c8b17472d024758970a406b | Get hash | malicious | Remcos | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
| Get hash | malicious | VIP Keylogger | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
|
⊘No context
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD (copy)
Download File
| Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 131072 |
| Entropy (8bit): | 0.025498425711638555 |
| Encrypted: | false |
| SSDEEP: | 6:I3DPcx07vxggLRJBTt3RXv//4tfnRujlw//+GtluJ/eRuj:I3DPpHvYg3J/ |
| MD5: | 5A001F5F2ED80D1F571ADAF7629B3FEB |
| SHA1: | FE282853C6971BD290FA11170055409134780B56 |
| SHA-256: | 6A991AC26AB2A0EBA4DD59B3726B42DDEF33CA60BD1B6D6B6B25DA2E6C61C3A3 |
| SHA-512: | D8DB7B45354E7C809DC416DE012603C2D505C8DA32BD184DC175669F1E4965C51FDF91A9D295964714826DA1555F1AD10625638A2C173405F5CA08B81AC88626 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Download File
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 64 |
| Entropy (8bit): | 0.34726597513537405 |
| Encrypted: | false |
| SSDEEP: | 3:Nlll:Nll |
| MD5: | 446DD1CF97EABA21CF14D03AEBC79F27 |
| SHA1: | 36E4CC7367E0C7B40F4A8ACE272941EA46373799 |
| SHA-256: | A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF |
| SHA-512: | A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\milli[1].doc
Download File
| Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 637941 |
| Entropy (8bit): | 4.2755395736762845 |
| Encrypted: | false |
| SSDEEP: | 6144:s62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62s:H |
| MD5: | 2A00CBB3C7C2F67B0386B302B190B988 |
| SHA1: | FF8FC669C14328FAFFFB90D6AFE1B72A02CC26A7 |
| SHA-256: | 172F0DB920CE6C876377D7C2A4B40E04D9CFAFFB9ECA9666A60135BB84DFB0E3 |
| SHA-512: | 84E4F27750722D063E119ECA797C516A24C10CA9E979C2DE40F2673FF2A259EADC85A0B6A2D985440127C2F3E26B0B61C57BB8AD9ED6BDBDBDC37B7C81DF1AB6 |
| Malicious: | false |
| Yara Hits: |
|
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\milli[1].scr 
Download File
| Process: | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 796680 |
| Entropy (8bit): | 7.9271745777180485 |
| Encrypted: | false |
| SSDEEP: | 12288:UDfmrsi/DyklWYQFpCIHkZmkHQ8Wx7h5OMkrqq2zXNTweo935Xt1aPT6syGASq1M:UarsiuklcAw/15oqVzX6eoV5XHW6tRM |
| MD5: | 3E71689FBA4D56A7F1C7923351518EA8 |
| SHA1: | A71BE3D76435F207625064CA75CEB999CA079551 |
| SHA-256: | 4B191437619920E04354CABAC5F3546D7D556F66A96A11C2038610B403FAAAA3 |
| SHA-512: | F69A521CEC7285307452574FB92321F3C1532A2F6B6DC5F031477D214D61886137B580F0B31B98D9978FC96D059E844C3FEBB5B25663FAB004116D3244D83DC5 |
| Malicious: | true |
| Antivirus: |
|
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BD83929C.doc
Download File
| Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 637941 |
| Entropy (8bit): | 4.2755395736762845 |
| Encrypted: | false |
| SSDEEP: | 6144:s62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62s:H |
| MD5: | 2A00CBB3C7C2F67B0386B302B190B988 |
| SHA1: | FF8FC669C14328FAFFFB90D6AFE1B72A02CC26A7 |
| SHA-256: | 172F0DB920CE6C876377D7C2A4B40E04D9CFAFFB9ECA9666A60135BB84DFB0E3 |
| SHA-512: | 84E4F27750722D063E119ECA797C516A24C10CA9E979C2DE40F2673FF2A259EADC85A0B6A2D985440127C2F3E26B0B61C57BB8AD9ED6BDBDBDC37B7C81DF1AB6 |
| Malicious: | false |
| Yara Hits: |
|
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{29E2E29E-E8D7-4444-B4C1-491BD16FE991}.tmp
Download File
| Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5632 |
| Entropy (8bit): | 3.8266230358187814 |
| Encrypted: | false |
| SSDEEP: | 48:rEzvMPEIDtFYaegmU7USArY2oMnFmvG7occY:yMPFtFiUISczouHoc |
| MD5: | 760833728786CF1A545814194A6C56D7 |
| SHA1: | 57BD0F3B42F5FDC3533356C07B266B5C5DFB06D0 |
| SHA-256: | D129166317C9423C9B2734539A03E7D5EEDDE120161C383D337892F0FA2D5041 |
| SHA-512: | 8BDB0BF45F1A4789ADF7C17E4507E5213C4351F9CFDD2DEB5FDFE1893F961EC39C335D1F336C69738D3D5685D3DA3A48D736A9A807FD170D8AB0CE34464CF0F8 |
| Malicious: | true |
| Antivirus: |
|
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{56C650F8-251B-4F9F-9E2B-F04CCC4FE6B6}.tmp
Download File
| Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1024 |
| Entropy (8bit): | 0.05390218305374581 |
| Encrypted: | false |
| SSDEEP: | 3:ol3lYdn:4Wn |
| MD5: | 5D4D94EE7E06BBB0AF9584119797B23A |
| SHA1: | DBB111419C704F116EFA8E72471DD83E86E49677 |
| SHA-256: | 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1 |
| SHA-512: | 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A1073337-7931-4D9D-A676-8287E6D3EA6C}.tmp
Download File
| Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1536 |
| Entropy (8bit): | 1.3555252507007243 |
| Encrypted: | false |
| SSDEEP: | 3:Iiiiiiiiiif3l/Hlnl/bl//l/bllBl/PvvvvvvvvvvFl/l/lAqsalHl3lldHzlb4:IiiiiiiiiifdLloZQc8++lsJe1Mz/ |
| MD5: | 37B853BD3D4056DA85CF1479EA685D90 |
| SHA1: | 310314134111F417E95FFAEEB25BF01B92B4A8F9 |
| SHA-256: | 4143A43F38285E53DFC5277A9FA14AF1E9E0C4FA2E2FEA8C2C34147B1CE8BA1E |
| SHA-512: | 6CB45264B47136DF0AB58F1F9CF66B20C89B5D38BE03BB24841D20037AF5925CD3BE42C2593AFCB08074A51CDBB06D20076886D5CFAF2CB128309046B2A2CB02 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{BA8241C7-1C05-4EA4-BBE6-D99AA80FB952}.tmp
Download File
| Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 511450 |
| Entropy (8bit): | 3.621629728928142 |
| Encrypted: | false |
| SSDEEP: | 6144:RemBdeFemQZdeHemBde2em/deXemBdexemBdeMemBdememBdekemBde6emBdeqeS:k |
| MD5: | 271957CE1E8C89ECC5B78817AFF72C3B |
| SHA1: | A09354D842AA8EB80F1809A4C0495A182D4299E0 |
| SHA-256: | 29909FE15CB930A5F538F574A6E37EE8D6B007B32861E2ED53CC8488084ACD93 |
| SHA-512: | 41DAD904919ACBE45028AC4EF5907AB2D37F0FFEDBB18771B9D11D7CEF320D06A008993B5C27CA816F49DE52A1B362B80AD66D75672155141787BD494F220EB6 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FE26605D-C8CD-4092-9A88-DD4D987634F8}.tmp
Download File
| Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 617472 |
| Entropy (8bit): | 3.4409990610292085 |
| Encrypted: | false |
| SSDEEP: | 6144:0yemryemryemryemryemryemryemryemryemryemryemryemryemryemryemryeF:oe |
| MD5: | B5359F36F266316C16715BD41EC80445 |
| SHA1: | 55A846008B66E5BA4F6FB2EFC49F829CA7460815 |
| SHA-256: | 9A254016620F537E8D73525283BF80576D562BF5D1DF3A05AD13B26F89B77F52 |
| SHA-512: | D8E01762D7736BA5069E252631A54E82741414BCC8968A3D76587E4EEA99787F3E66BDE7A89A52E8CC3D9971206367B1A1A3BEB76FC59EDF1B7FBDC7C12CAECF |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 131072 |
| Entropy (8bit): | 0.025583137954129403 |
| Encrypted: | false |
| SSDEEP: | 6:I3DPcZ8Rj+vxggLRvmgtVKdZ/RXv//4tfnRujlw//+GtluJ/eRuj:I3DPI8R8DgHvYg3J/ |
| MD5: | 719C8D86B124A9F8B7885504C92EA850 |
| SHA1: | 423D7F94FA2BFEE6A461267D6740E410CD066B76 |
| SHA-256: | 1C1BE3CD62D6ABFA7E0BBF326EB590BC85E640E0C0AA43B0653326A73B9B339F |
| SHA-512: | 5ED399A8084E39769A25DD10417CE8465AAD8B61ABC03775F31D38A3E6D05EF63EA65A95A5C7EA05317D3C26F73316766361DCE61A9B7561C9A1E7D028332DCA |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 131072 |
| Entropy (8bit): | 0.025498425711638555 |
| Encrypted: | false |
| SSDEEP: | 6:I3DPcx07vxggLRJBTt3RXv//4tfnRujlw//+GtluJ/eRuj:I3DPpHvYg3J/ |
| MD5: | 5A001F5F2ED80D1F571ADAF7629B3FEB |
| SHA1: | FE282853C6971BD290FA11170055409134780B56 |
| SHA-256: | 6A991AC26AB2A0EBA4DD59B3726B42DDEF33CA60BD1B6D6B6B25DA2E6C61C3A3 |
| SHA-512: | D8DB7B45354E7C809DC416DE012603C2D505C8DA32BD184DC175669F1E4965C51FDF91A9D295964714826DA1555F1AD10625638A2C173405F5CA08B81AC88626 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 48 |
| Entropy (8bit): | 4.487649282740801 |
| Encrypted: | false |
| SSDEEP: | 3:HRAbABGQYm2fEGGlKVKy:HRYFVm4EGGAD |
| MD5: | 8E82C76B2A48B851EF117B08AE55B919 |
| SHA1: | F6672ABE65F9EC765F4078C8CFDEB5008CD3F260 |
| SHA-256: | CB35CFC6A4A4C158BB434A25A8A3188884EE7DB908DB5E018C0E34B1FFCC862B |
| SHA-512: | 6A234503A14065DD64E6F82B34E850841126F08316657C1E4225C41D1DE44558B6284FAFC9A24642367A69FF12044BC893446EC6F00855F6EDF574A4A05CAFDA |
| Malicious: | true |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 96 |
| Entropy (8bit): | 4.4589525379265975 |
| Encrypted: | false |
| SSDEEP: | 3:M1xM1DNfLFSm46XVgGlKVLrfLFSv:MSDFFfFgGAL3Fc |
| MD5: | 315A02B52D8363EA1451058965CCAC10 |
| SHA1: | 5BA37B75F6E41867385C0906697512E7FB0B0D41 |
| SHA-256: | B8BCE2E76E5E88442E25A722C9527AEDB2E58B2695CA861CB7EC4C6AE9AEB029 |
| SHA-512: | 7D2D4AACCEEA051E69CB7C8BF33F2BDDBE67AEBBB146811A7A63D3321ACE4BD004B615A31A654403DBD6CFA867CED0FCB8DF49D02F998DC0D5208F8AB2E7383D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1024 |
| Entropy (8bit): | 4.569209869233163 |
| Encrypted: | false |
| SSDEEP: | 24:8Py0c/XTlMT4MMynqLTe7U9tyDv3qBk7N:8y/XTlSSyqLTvBBiN |
| MD5: | 05CE73A6C5B64959E0969106580F7D6E |
| SHA1: | A6A286D4AD3548E6CEAEDFA301A1CD4314C6F05A |
| SHA-256: | 2500DB5ACAF9DB74051C56C665501D3F235B9586AD6B888A01C6636DC2F3C18C |
| SHA-512: | 742EE74E44EBE129EA8169FB6F368191226806B057783B1EDD3D8C2FA76CB1BA9DA02DA91A929731944278D15E1EAEDE9164C324583F8F4D6CC8CB131C05402B |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 57 |
| Entropy (8bit): | 4.601647742807128 |
| Encrypted: | false |
| SSDEEP: | 3:HRAbABGQYm2fEGGlKVKKLBU:HRYFVm4EGGAR1U |
| MD5: | 68942A67EEA5D2F28D080B183522ADF9 |
| SHA1: | 5A431596FE0774E9E6EA2130DC8EDC566B744C76 |
| SHA-256: | E045A5061F98CD436F9E30D2F44894A8DC64322A03FF5501830D4DFF4F61A500 |
| SHA-512: | 8BCF579F7A32537F63D54E2053F538769D1B0539658EE5D1BDA05C0BACA0BB3248CF21B36913C6BB22AEBE241402B7634A9AC3CE5A397DC7AE46E02E247B611A |
| Malicious: | true |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 162 |
| Entropy (8bit): | 2.4797606462020307 |
| Encrypted: | false |
| SSDEEP: | 3:vrJlaCkWtVyHlqlzl0pbklMWjV4lc+/dllln:vdsCkWtWYlz21kF2JV/l |
| MD5: | 2CF7D3B8DED3F1D5CE1AC92F3E51D4ED |
| SHA1: | 95E13378EA9CACA068B2687F01E9EF13F56627C2 |
| SHA-256: | 60DF94CDE4FD9B4A73BB13775079D75CE954B75DED5A2878277FA64AD767CAB1 |
| SHA-512: | 2D5797FBBE44766D93A5DE3D92911358C70D8BE60D5DF542ECEDB77D1195DC1EEF85E4CA1445595BE81550335A20AB3F11B512385FE20F75B1E269D6AB048E0A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2 |
| Entropy (8bit): | 1.0 |
| Encrypted: | false |
| SSDEEP: | 3:Qn:Qn |
| MD5: | F3B25701FE362EC84616A93A45CE9998 |
| SHA1: | D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB |
| SHA-256: | B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209 |
| SHA-512: | 98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 796680 |
| Entropy (8bit): | 7.9271745777180485 |
| Encrypted: | false |
| SSDEEP: | 12288:UDfmrsi/DyklWYQFpCIHkZmkHQ8Wx7h5OMkrqq2zXNTweo935Xt1aPT6syGASq1M:UarsiuklcAw/15oqVzX6eoV5XHW6tRM |
| MD5: | 3E71689FBA4D56A7F1C7923351518EA8 |
| SHA1: | A71BE3D76435F207625064CA75CEB999CA079551 |
| SHA-256: | 4B191437619920E04354CABAC5F3546D7D556F66A96A11C2038610B403FAAAA3 |
| SHA-512: | F69A521CEC7285307452574FB92321F3C1532A2F6B6DC5F031477D214D61886137B580F0B31B98D9978FC96D059E844C3FEBB5B25663FAB004116D3244D83DC5 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 162 |
| Entropy (8bit): | 2.4797606462020307 |
| Encrypted: | false |
| SSDEEP: | 3:vrJlaCkWtVyHlqlzl0pbklMWjV4lc+/dllln:vdsCkWtWYlz21kF2JV/l |
| MD5: | 2CF7D3B8DED3F1D5CE1AC92F3E51D4ED |
| SHA1: | 95E13378EA9CACA068B2687F01E9EF13F56627C2 |
| SHA-256: | 60DF94CDE4FD9B4A73BB13775079D75CE954B75DED5A2878277FA64AD767CAB1 |
| SHA-512: | 2D5797FBBE44766D93A5DE3D92911358C70D8BE60D5DF542ECEDB77D1195DC1EEF85E4CA1445595BE81550335A20AB3F11B512385FE20F75B1E269D6AB048E0A |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.991623684874781 |
| TrID: |
|
| File name: | invoice.docx.doc |
| File size: | 95'996 bytes |
| MD5: | b75bd88d4f4f2a7a5e77a4109d55c6ea |
| SHA1: | 064c35b26c31413319d938fbc6ebaa3c4c85392e |
| SHA256: | b74bbed109e630f69004a7372b4271fad04ace2cea48e99d730401738ee47deb |
| SHA512: | 804c44d64817ad8d4acdf987477018b30e76692d280e07755a2e2ba972c0a1ffbe396de15c9936103f73312cc9a70cb5ba25ca0506ec2272ac5a0c3930d15c44 |
| SSDEEP: | 1536:huzw/hgP0QF6smQKEMzqsQtrm5rbXkvMtLQ6j7jfmMIGSzyn5ivkSVkkKLkJe0z5:A0Q8hjOXIrbXyMtE6j/EfvkS8Lrg5 |
| TLSH: | DC9302316DDA36BAC74D2875B1B1BB6E72E68D1314722904B570DE8F23348B3E712E18 |
| File Content Preview: | PK...........X...7U... .......[Content_Types].xmlUT......f...f...f...n.0.E...............e.T.....U..<...;!.U.%U.M.d..sgby0ZW.[BB.|!.yOd.u0....>y....Iy.\.P.........M..X...s.x/%.9T....s...R..i&...j......:x.O].=.p...Z8.....I........U....Z...........r..s....B |
 | |
| Icon Hash: | 2764a3aaaeb7bdbf |
| Document Type: | OpenXML |
| Number of OLE Files: | 1 |
| Has Summary Info: | |
| Application Name: | |
| Encrypted Document: | False |
| Contains Word Document Stream: | True |
| Contains Workbook/Book Stream: | False |
| Contains PowerPoint Document Stream: | False |
| Contains Visio Document Stream: | False |
| Contains ObjectPool Stream: | False |
| Flash Objects Count: | 0 |
| Contains VBA Macros: | False |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Protocol | SID | Signature | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|---|---|---|
| 2024-07-26T09:26:19.038068+0200 | TCP | 2022053 | ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jul 26, 2024 09:26:01.812455893 CEST | 49161 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:01.812572002 CEST | 443 | 49161 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:01.812640905 CEST | 49161 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:01.819752932 CEST | 49161 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:01.819832087 CEST | 443 | 49161 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:02.309762955 CEST | 443 | 49161 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:02.309999943 CEST | 49161 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:02.315727949 CEST | 49161 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:02.315768003 CEST | 443 | 49161 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:02.316112041 CEST | 443 | 49161 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:02.316167116 CEST | 49161 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:02.442351103 CEST | 49161 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:02.484548092 CEST | 443 | 49161 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:02.767870903 CEST | 443 | 49161 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:02.767956972 CEST | 443 | 49161 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:02.768074989 CEST | 49161 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:02.768074989 CEST | 49161 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:02.774075985 CEST | 49161 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:02.774075985 CEST | 49161 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:02.774115086 CEST | 443 | 49161 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:02.774372101 CEST | 49161 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:03.719660044 CEST | 49162 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:03.719707012 CEST | 443 | 49162 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:03.719769001 CEST | 49162 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:03.720107079 CEST | 49162 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:03.720125914 CEST | 443 | 49162 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:04.242033958 CEST | 443 | 49162 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:04.242176056 CEST | 49162 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:04.250829935 CEST | 49162 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:04.250857115 CEST | 443 | 49162 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:04.251214027 CEST | 443 | 49162 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:04.256839037 CEST | 49162 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:04.300498009 CEST | 443 | 49162 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:04.599797010 CEST | 443 | 49162 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:04.599948883 CEST | 443 | 49162 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:04.600126982 CEST | 49162 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:04.619625092 CEST | 49162 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:04.619671106 CEST | 443 | 49162 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:04.619721889 CEST | 49162 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:04.619738102 CEST | 443 | 49162 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:08.876091003 CEST | 49163 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:08.876137018 CEST | 443 | 49163 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:08.876323938 CEST | 49163 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:08.876852989 CEST | 49163 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:08.876878977 CEST | 443 | 49163 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:09.382304907 CEST | 443 | 49163 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:09.382461071 CEST | 49163 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:09.403151989 CEST | 49163 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:09.403198957 CEST | 443 | 49163 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:09.403563023 CEST | 443 | 49163 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:09.423576117 CEST | 49163 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:09.464545012 CEST | 443 | 49163 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:09.754105091 CEST | 443 | 49163 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:09.754282951 CEST | 443 | 49163 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:09.754344940 CEST | 49163 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:09.779742002 CEST | 49163 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:09.779769897 CEST | 443 | 49163 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:09.779784918 CEST | 49163 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:09.779793978 CEST | 443 | 49163 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:09.779804945 CEST | 49163 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:09.779809952 CEST | 443 | 49163 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:09.957201004 CEST | 49164 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:09.957279921 CEST | 443 | 49164 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:09.957371950 CEST | 49164 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:09.957561970 CEST | 49164 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:09.957590103 CEST | 443 | 49164 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:10.434465885 CEST | 443 | 49164 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:10.434556961 CEST | 49164 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:10.439958096 CEST | 49164 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:10.439980030 CEST | 443 | 49164 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:10.440381050 CEST | 443 | 49164 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:10.441508055 CEST | 49164 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:10.484507084 CEST | 443 | 49164 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:10.791429043 CEST | 443 | 49164 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:10.791661024 CEST | 443 | 49164 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:10.791874886 CEST | 49164 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:10.810115099 CEST | 49164 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:10.810144901 CEST | 443 | 49164 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:13.914716005 CEST | 49165 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:13.914771080 CEST | 443 | 49165 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:13.914824963 CEST | 49165 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:13.917332888 CEST | 49165 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:13.917349100 CEST | 443 | 49165 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:14.430555105 CEST | 443 | 49165 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:14.430639029 CEST | 49165 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:14.436170101 CEST | 49165 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:14.436186075 CEST | 443 | 49165 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:14.436659098 CEST | 443 | 49165 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:14.437727928 CEST | 49165 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:14.480514050 CEST | 443 | 49165 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:14.802177906 CEST | 443 | 49165 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:14.802293062 CEST | 443 | 49165 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:14.802340031 CEST | 49165 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:14.802460909 CEST | 49165 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:14.802484035 CEST | 443 | 49165 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.054801941 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.054866076 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.054935932 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.055258989 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.055282116 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.554442883 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.554558039 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.581089020 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.581120014 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.583450079 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.583467007 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.691329956 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.691412926 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.691468000 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.691518068 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.691515923 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.691515923 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.691515923 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.691555977 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.691584110 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.691610098 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.691617966 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.691710949 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.691802979 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.691839933 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.691839933 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.691873074 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.691906929 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.691967010 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.692003012 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.692017078 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.692030907 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.692063093 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.692575932 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.692627907 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.696079016 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.696124077 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.722481966 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.783736944 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.783827066 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.783835888 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.783883095 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.783915043 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.783938885 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.783940077 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.783952951 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.783991098 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.783992052 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.784008980 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.784054995 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.784152985 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.784207106 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.784220934 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.784277916 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.784334898 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.784419060 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.784440994 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.784497023 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.784509897 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.784562111 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.785167933 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.785226107 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.785239935 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.785291910 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.785305023 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.785361052 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.785377026 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.785428047 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.785439968 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.785500050 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.785511971 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.785564899 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.786211967 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.786267996 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.786278963 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.786339998 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.786351919 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.786407948 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.786407948 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.786421061 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.786458969 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.786458969 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.787146091 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.787204981 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.826656103 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.826827049 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.826858997 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.826931953 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.876514912 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.876698017 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.876730919 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.876781940 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.876790047 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.876801014 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.876821041 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.876838923 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.876945019 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.877006054 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.877228022 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.877289057 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.877301931 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.877357006 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.877466917 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.877525091 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.878077984 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.878133059 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.878248930 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.878298998 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.878930092 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.878987074 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.879106998 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.879159927 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.879928112 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.879985094 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.880166054 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.880212069 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.880218983 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.880232096 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:15.880259037 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.880280018 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.920397043 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:15.920614004 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.122296095 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.122374058 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.122426033 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.122490883 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.122540951 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.122541904 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.122863054 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.122925997 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.124629974 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.124691010 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.124800920 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.124855995 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.125211000 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.125272036 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.125297070 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.125341892 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.125483036 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.125538111 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.125876904 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.125932932 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.126028061 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.126080036 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.126779079 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.126836061 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.127028942 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.127079964 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.127743959 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.127794027 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.127980947 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.128036022 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.128094912 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.128150940 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.128729105 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.128784895 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.128886938 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.128938913 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.129641056 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.129702091 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.129878044 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.129931927 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.129998922 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.130054951 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.130841017 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.130898952 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.131630898 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.131715059 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.131933928 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.131988049 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.132107019 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.132165909 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.132221937 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.132277012 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.133773088 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.133830070 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.134311914 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.134371042 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.134483099 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.134535074 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.134625912 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.134675026 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.136071920 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.136082888 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.136115074 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.136131048 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.136138916 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.136154890 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.136166096 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.137368917 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.137429953 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.137433052 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.137445927 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.137475014 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.139182091 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.139236927 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.139240980 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.139251947 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.139278889 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.139295101 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.139734983 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.139790058 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.139791965 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.139830112 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.139861107 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.140815973 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.140876055 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.140878916 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.140888929 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.140918970 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.141423941 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.141478062 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.141480923 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.141490936 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.141520977 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.142632961 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.142690897 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.142694950 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.142704010 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.142731905 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.142745972 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.157434940 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.157500982 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.157500982 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.157524109 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.157551050 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.157565117 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.157732964 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.157788038 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.157788038 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.157804012 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.157836914 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.158467054 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.158525944 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.158530951 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.158540010 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.158571005 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.159382105 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.159436941 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.159440041 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.159450054 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.159478903 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.159493923 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.160290003 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.160345078 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.160346031 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.160360098 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.160388947 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.161237955 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.161295891 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.161298037 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.161309958 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.161339998 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.162153006 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.162208080 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.162214041 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.162220955 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.162252903 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.197614908 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.197689056 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.197691917 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.197705030 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.197731972 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.197745085 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.247102022 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.247168064 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.247173071 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.247190952 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.247222900 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.247236967 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.247652054 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.247700930 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.247709036 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.247721910 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.247756958 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.247771025 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.248440981 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.248501062 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.248512030 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.248565912 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.249346972 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.249399900 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.249403000 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.249416113 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.249458075 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.250583887 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.250639915 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.279305935 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.279315948 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.279328108 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.279401064 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.279407024 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.279421091 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.279442072 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.279459000 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.279910088 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.289869070 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.289921045 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.289932966 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.289984941 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.290013075 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.352097034 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.352155924 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.352157116 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.352173090 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.352205992 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.352885008 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.352941990 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.352943897 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.352955103 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.352982998 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.352998018 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.353615046 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.353671074 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.353672981 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.353683949 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.353718042 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.353729010 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.353764057 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.353770971 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.353806019 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.353827000 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.353864908 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.353873014 CEST | 443 | 49166 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.353889942 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.353889942 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.353913069 CEST | 49166 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.503460884 CEST | 49167 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.503555059 CEST | 443 | 49167 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.503720999 CEST | 49167 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.504019976 CEST | 49167 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:16.504050016 CEST | 443 | 49167 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.975486994 CEST | 443 | 49167 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:16.975647926 CEST | 49167 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:17.136190891 CEST | 49167 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:17.136250019 CEST | 443 | 49167 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:17.137623072 CEST | 49167 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:17.137677908 CEST | 443 | 49167 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:17.246320009 CEST | 443 | 49167 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:17.246417046 CEST | 443 | 49167 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:17.246426105 CEST | 49167 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:17.246490955 CEST | 49167 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:17.246491909 CEST | 49167 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:17.246536970 CEST | 49167 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:17.937370062 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:17.937410116 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:17.937453985 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:17.954860926 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:17.954884052 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:18.453003883 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:18.453099966 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:18.459997892 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:18.460010052 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:18.460604906 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:18.460695028 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:18.598210096 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:18.644500971 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:18.929310083 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:18.929398060 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:18.929435015 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:18.929451942 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:18.929462910 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:18.929505110 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:18.929507971 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:18.929524899 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:18.929552078 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:18.929579020 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:18.929584980 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:18.929632902 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:18.929637909 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:18.929682970 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:18.929687977 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:18.929733992 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:18.929742098 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:18.929788113 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:18.929794073 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:18.929837942 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:18.929837942 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:18.929852009 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:18.929893017 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:18.934809923 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.035304070 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.035530090 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.035552025 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.035599947 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.035605907 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.035644054 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.035656929 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.035707951 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.035753012 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.035797119 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.035854101 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.035902023 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.035988092 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.036036015 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.036104918 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.036153078 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.036220074 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.036273003 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.036325932 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.036377907 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.036434889 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.036494017 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.036586046 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.036643028 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.036696911 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.036751032 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.036813021 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.036864042 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.036925077 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.036973953 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.037055969 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.037105083 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.037175894 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.037224054 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.037309885 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.037363052 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.037421942 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.037471056 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.037527084 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.037578106 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.038229942 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.038314104 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.038378954 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.038439035 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.038465023 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.038528919 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.143629074 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.143733025 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.143769979 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.143917084 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.143927097 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.143968105 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.143974066 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.144012928 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.144047022 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.144095898 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.144160986 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.144210100 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.144345045 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.144388914 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.144452095 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.144496918 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.144620895 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.144686937 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.144737005 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.144783974 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.144876003 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.144948959 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.144980907 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.145028114 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.145112038 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.145179987 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.145224094 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.145271063 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.145359039 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.145422935 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.145463943 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.145509005 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.145596027 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.145647049 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.145827055 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.145883083 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.145951986 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.146003008 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.146085024 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.146142006 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.146578074 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.146636963 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.146759033 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.146816015 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.146862984 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.146888971 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.146936893 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.147023916 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.147088051 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.147111893 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.147156954 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.147491932 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.147562027 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.148102999 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.235836983 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.235919952 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.235969067 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.236013889 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.252372980 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.252463102 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.252589941 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.252639055 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.252742052 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.252798080 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.252876997 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.252931118 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.253032923 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.253133059 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.253151894 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.253204107 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.253247976 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.253287077 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.253344059 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.253415108 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.253470898 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.253659964 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.253715038 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.253788948 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.253839970 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.253882885 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.253912926 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.253972054 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.254018068 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.254067898 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.254209042 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.254266977 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.254347086 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.254415035 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.254754066 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.254813910 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.254905939 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.254961967 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.255156994 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.255223036 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.255542994 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.255613089 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.255738020 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.255801916 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.256361961 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.256382942 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.256432056 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.256525040 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.256587982 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.256822109 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.256874084 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.356040955 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.356153965 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.356317997 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.356378078 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.356528044 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.356580019 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.356602907 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.356652021 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.356782913 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.364356041 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.364451885 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.364595890 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.364655018 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.365535975 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.365611076 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.365721941 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.365780115 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.365992069 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.366055965 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.366130114 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.366189957 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.366728067 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.366805077 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.366869926 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.366926908 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.367619991 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.367703915 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.367829084 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.367885113 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.368817091 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.368890047 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.368972063 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.369026899 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.436497927 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.436670065 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.436712027 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.436726093 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.436753988 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.436796904 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.437004089 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.437197924 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.437258959 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.437328100 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.437350035 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.437414885 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.458647013 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.458722115 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.458785057 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.458838940 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.458859921 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.459146976 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.459208965 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.459462881 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.459527016 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.459685087 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.459743023 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.459816933 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.459880114 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.461191893 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.461267948 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.461349010 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.461414099 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.463762045 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.463846922 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.464162111 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.464237928 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.466439009 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.466509104 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.466625929 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.466682911 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.466732025 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.466778040 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.468909025 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.468961000 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.528157949 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.528244019 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.528259993 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.528290987 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.528465986 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.528532982 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.528544903 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.528589010 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.528748989 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.528804064 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.528894901 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.528945923 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.546838045 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.546901941 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.546914101 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.546947002 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.547528982 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.547586918 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.547589064 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.547605038 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.547636032 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.548051119 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.548113108 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.548125029 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.548154116 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.548170090 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.548187017 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.548427105 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.548475027 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.548492908 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.548540115 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.548557997 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.548609972 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.548882008 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.548926115 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.549540043 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.549595118 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.549595118 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.549608946 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.549640894 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.550002098 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.550050974 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.550569057 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.550617933 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.550626040 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.550638914 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.550673962 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.550693035 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.550729990 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.551434040 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.551485062 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.551486969 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.551507950 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.551527977 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.551539898 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.560606003 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.560662031 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.619750023 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.619801998 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.620174885 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.620223999 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.620702028 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.620757103 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.620765924 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.620780945 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.620806932 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.620819092 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.620841026 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.639513969 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.639556885 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.639568090 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.639575958 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.639590979 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.639600992 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.639624119 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.639667988 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.639688969 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.640110970 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.640163898 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.640176058 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.640213013 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.640575886 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.640634060 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.641196966 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.641252995 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.641321898 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.641381979 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.642195940 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.642257929 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.642270088 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.642365932 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.642446041 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.642489910 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.642537117 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.642640114 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.643011093 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.643047094 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.643059015 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.643064976 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.643081903 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.643093109 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.643122911 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.643136978 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.643177986 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.643250942 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.643255949 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.643265009 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.643284082 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.643402100 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.652359962 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.652406931 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.652411938 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.652437925 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.652453899 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.652493000 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.712035894 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.712094069 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.712233067 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.712272882 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.712415934 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.712459087 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.712969065 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.713027954 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.713038921 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.713067055 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.713079929 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.713102102 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.731427908 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.731477976 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.731507063 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.731549978 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.731731892 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.731779099 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.731870890 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.731914997 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.732209921 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.732260942 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.732403040 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.732450008 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.732867956 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.732919931 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.732974052 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.733005047 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.733021975 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.733028889 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.733037949 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.733048916 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.733053923 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.733083963 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.733108044 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:19.733145952 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.733176947 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.733459949 CEST | 49168 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:19.733473063 CEST | 443 | 49168 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:23.531521082 CEST | 49169 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:23.531578064 CEST | 443 | 49169 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:23.531671047 CEST | 49169 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:23.675412893 CEST | 49169 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:23.675470114 CEST | 443 | 49169 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:24.182837963 CEST | 443 | 49169 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:24.182908058 CEST | 49169 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:24.283669949 CEST | 49169 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:24.283731937 CEST | 443 | 49169 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:24.284394026 CEST | 443 | 49169 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:24.285402060 CEST | 49169 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:24.332509041 CEST | 443 | 49169 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:24.765465975 CEST | 443 | 49169 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:24.765716076 CEST | 443 | 49169 | 188.114.97.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:24.765713930 CEST | 49169 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:24.765789986 CEST | 49169 | 443 | 192.168.2.22 | 188.114.97.3 |
| Jul 26, 2024 09:26:28.204308987 CEST | 49170 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:28.204416037 CEST | 443 | 49170 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:28.204476118 CEST | 49170 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:28.205037117 CEST | 49170 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:28.205070972 CEST | 443 | 49170 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:28.700398922 CEST | 443 | 49170 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:28.700500965 CEST | 49170 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:28.704536915 CEST | 49170 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:28.704600096 CEST | 443 | 49170 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:28.705167055 CEST | 443 | 49170 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:28.707207918 CEST | 49170 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:28.748506069 CEST | 443 | 49170 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:29.048670053 CEST | 443 | 49170 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:29.048894882 CEST | 443 | 49170 | 188.114.96.3 | 192.168.2.22 |
| Jul 26, 2024 09:26:29.048933029 CEST | 49170 | 443 | 192.168.2.22 | 188.114.96.3 |
| Jul 26, 2024 09:26:29.049011946 CEST | 49170 | 443 | 192.168.2.22 | 188.114.96.3 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jul 26, 2024 09:26:01.697520971 CEST | 54562 | 53 | 192.168.2.22 | 8.8.8.8 |
| Jul 26, 2024 09:26:01.808126926 CEST | 53 | 54562 | 8.8.8.8 | 192.168.2.22 |
| Jul 26, 2024 09:26:03.387453079 CEST | 52917 | 53 | 192.168.2.22 | 8.8.8.8 |
| Jul 26, 2024 09:26:03.400985003 CEST | 53 | 52917 | 8.8.8.8 | 192.168.2.22 |
| Jul 26, 2024 09:26:03.404119015 CEST | 62751 | 53 | 192.168.2.22 | 8.8.8.8 |
| Jul 26, 2024 09:26:03.719218969 CEST | 53 | 62751 | 8.8.8.8 | 192.168.2.22 |
| Jul 26, 2024 09:26:08.766789913 CEST | 57893 | 53 | 192.168.2.22 | 8.8.8.8 |
| Jul 26, 2024 09:26:08.862174988 CEST | 53 | 57893 | 8.8.8.8 | 192.168.2.22 |
| Jul 26, 2024 09:26:08.863652945 CEST | 54821 | 53 | 192.168.2.22 | 8.8.8.8 |
| Jul 26, 2024 09:26:08.875622034 CEST | 53 | 54821 | 8.8.8.8 | 192.168.2.22 |
| Jul 26, 2024 09:26:09.940021038 CEST | 54719 | 53 | 192.168.2.22 | 8.8.8.8 |
| Jul 26, 2024 09:26:09.947981119 CEST | 53 | 54719 | 8.8.8.8 | 192.168.2.22 |
| Jul 26, 2024 09:26:09.949438095 CEST | 49881 | 53 | 192.168.2.22 | 8.8.8.8 |
| Jul 26, 2024 09:26:09.956914902 CEST | 53 | 49881 | 8.8.8.8 | 192.168.2.22 |
| Jul 26, 2024 09:26:13.894876957 CEST | 54998 | 53 | 192.168.2.22 | 8.8.8.8 |
| Jul 26, 2024 09:26:13.901669025 CEST | 53 | 54998 | 8.8.8.8 | 192.168.2.22 |
| Jul 26, 2024 09:26:13.907996893 CEST | 52781 | 53 | 192.168.2.22 | 8.8.8.8 |
| Jul 26, 2024 09:26:13.914339066 CEST | 53 | 52781 | 8.8.8.8 | 192.168.2.22 |
| Jul 26, 2024 09:26:17.905297995 CEST | 63926 | 53 | 192.168.2.22 | 8.8.8.8 |
| Jul 26, 2024 09:26:17.916965961 CEST | 53 | 63926 | 8.8.8.8 | 192.168.2.22 |
| Jul 26, 2024 09:26:23.339454889 CEST | 65510 | 53 | 192.168.2.22 | 8.8.8.8 |
| Jul 26, 2024 09:26:23.347250938 CEST | 53 | 65510 | 8.8.8.8 | 192.168.2.22 |
| Jul 26, 2024 09:26:23.522252083 CEST | 62672 | 53 | 192.168.2.22 | 8.8.8.8 |
| Jul 26, 2024 09:26:23.531229019 CEST | 53 | 62672 | 8.8.8.8 | 192.168.2.22 |
| Jul 26, 2024 09:26:28.186235905 CEST | 56475 | 53 | 192.168.2.22 | 8.8.8.8 |
| Jul 26, 2024 09:26:28.194397926 CEST | 53 | 56475 | 8.8.8.8 | 192.168.2.22 |
| Jul 26, 2024 09:26:28.196923018 CEST | 49384 | 53 | 192.168.2.22 | 8.8.8.8 |
| Jul 26, 2024 09:26:28.203944921 CEST | 53 | 49384 | 8.8.8.8 | 192.168.2.22 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Jul 26, 2024 09:26:01.697520971 CEST | 192.168.2.22 | 8.8.8.8 | 0x8e97 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jul 26, 2024 09:26:03.387453079 CEST | 192.168.2.22 | 8.8.8.8 | 0x8eb2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jul 26, 2024 09:26:03.404119015 CEST | 192.168.2.22 | 8.8.8.8 | 0xd9df | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jul 26, 2024 09:26:08.766789913 CEST | 192.168.2.22 | 8.8.8.8 | 0x1100 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jul 26, 2024 09:26:08.863652945 CEST | 192.168.2.22 | 8.8.8.8 | 0x2664 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jul 26, 2024 09:26:09.940021038 CEST | 192.168.2.22 | 8.8.8.8 | 0xd97e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jul 26, 2024 09:26:09.949438095 CEST | 192.168.2.22 | 8.8.8.8 | 0x9c5b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jul 26, 2024 09:26:13.894876957 CEST | 192.168.2.22 | 8.8.8.8 | 0x4189 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jul 26, 2024 09:26:13.907996893 CEST | 192.168.2.22 | 8.8.8.8 | 0x2383 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jul 26, 2024 09:26:17.905297995 CEST | 192.168.2.22 | 8.8.8.8 | 0xbbb5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jul 26, 2024 09:26:23.339454889 CEST | 192.168.2.22 | 8.8.8.8 | 0x1185 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jul 26, 2024 09:26:23.522252083 CEST | 192.168.2.22 | 8.8.8.8 | 0x98ab | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jul 26, 2024 09:26:28.186235905 CEST | 192.168.2.22 | 8.8.8.8 | 0xae0f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jul 26, 2024 09:26:28.196923018 CEST | 192.168.2.22 | 8.8.8.8 | 0x61d4 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Jul 26, 2024 09:26:01.808126926 CEST | 8.8.8.8 | 192.168.2.22 | 0x8e97 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
| Jul 26, 2024 09:26:01.808126926 CEST | 8.8.8.8 | 192.168.2.22 | 0x8e97 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
| Jul 26, 2024 09:26:03.400985003 CEST | 8.8.8.8 | 192.168.2.22 | 0x8eb2 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
| Jul 26, 2024 09:26:03.400985003 CEST | 8.8.8.8 | 192.168.2.22 | 0x8eb2 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
| Jul 26, 2024 09:26:03.719218969 CEST | 8.8.8.8 | 192.168.2.22 | 0xd9df | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
| Jul 26, 2024 09:26:03.719218969 CEST | 8.8.8.8 | 192.168.2.22 | 0xd9df | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
| Jul 26, 2024 09:26:08.862174988 CEST | 8.8.8.8 | 192.168.2.22 | 0x1100 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
| Jul 26, 2024 09:26:08.862174988 CEST | 8.8.8.8 | 192.168.2.22 | 0x1100 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
| Jul 26, 2024 09:26:08.875622034 CEST | 8.8.8.8 | 192.168.2.22 | 0x2664 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
| Jul 26, 2024 09:26:08.875622034 CEST | 8.8.8.8 | 192.168.2.22 | 0x2664 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
| Jul 26, 2024 09:26:09.947981119 CEST | 8.8.8.8 | 192.168.2.22 | 0xd97e | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
| Jul 26, 2024 09:26:09.947981119 CEST | 8.8.8.8 | 192.168.2.22 | 0xd97e | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
| Jul 26, 2024 09:26:09.956914902 CEST | 8.8.8.8 | 192.168.2.22 | 0x9c5b | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
| Jul 26, 2024 09:26:09.956914902 CEST | 8.8.8.8 | 192.168.2.22 | 0x9c5b | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
| Jul 26, 2024 09:26:13.901669025 CEST | 8.8.8.8 | 192.168.2.22 | 0x4189 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
| Jul 26, 2024 09:26:13.901669025 CEST | 8.8.8.8 | 192.168.2.22 | 0x4189 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
| Jul 26, 2024 09:26:13.914339066 CEST | 8.8.8.8 | 192.168.2.22 | 0x2383 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
| Jul 26, 2024 09:26:13.914339066 CEST | 8.8.8.8 | 192.168.2.22 | 0x2383 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
| Jul 26, 2024 09:26:17.916965961 CEST | 8.8.8.8 | 192.168.2.22 | 0xbbb5 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
| Jul 26, 2024 09:26:17.916965961 CEST | 8.8.8.8 | 192.168.2.22 | 0xbbb5 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
| Jul 26, 2024 09:26:23.347250938 CEST | 8.8.8.8 | 192.168.2.22 | 0x1185 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
| Jul 26, 2024 09:26:23.347250938 CEST | 8.8.8.8 | 192.168.2.22 | 0x1185 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
| Jul 26, 2024 09:26:23.531229019 CEST | 8.8.8.8 | 192.168.2.22 | 0x98ab | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
| Jul 26, 2024 09:26:23.531229019 CEST | 8.8.8.8 | 192.168.2.22 | 0x98ab | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
| Jul 26, 2024 09:26:28.194397926 CEST | 8.8.8.8 | 192.168.2.22 | 0xae0f | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
| Jul 26, 2024 09:26:28.194397926 CEST | 8.8.8.8 | 192.168.2.22 | 0xae0f | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
| Jul 26, 2024 09:26:28.203944921 CEST | 8.8.8.8 | 192.168.2.22 | 0x61d4 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
| Jul 26, 2024 09:26:28.203944921 CEST | 8.8.8.8 | 192.168.2.22 | 0x61d4 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.22 | 49161 | 188.114.97.3 | 443 | 2052 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-26 07:26:02 UTC | 135 | OUT | |
| 2024-07-26 07:26:02 UTC | 703 | IN | |
| 2024-07-26 07:26:02 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.22 | 49162 | 188.114.96.3 | 443 | 2052 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-26 07:26:04 UTC | 123 | OUT | |
| 2024-07-26 07:26:04 UTC | 826 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 2 | 192.168.2.22 | 49163 | 188.114.96.3 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-26 07:26:09 UTC | 130 | OUT | |
| 2024-07-26 07:26:09 UTC | 703 | IN | |
| 2024-07-26 07:26:09 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 3 | 192.168.2.22 | 49164 | 188.114.96.3 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-26 07:26:10 UTC | 160 | OUT | |
| 2024-07-26 07:26:10 UTC | 726 | IN | |
| 2024-07-26 07:26:10 UTC | 231 | IN | |
| 2024-07-26 07:26:10 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 4 | 192.168.2.22 | 49165 | 188.114.96.3 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-26 07:26:14 UTC | 160 | OUT | |
| 2024-07-26 07:26:14 UTC | 726 | IN | |
| 2024-07-26 07:26:14 UTC | 231 | IN | |
| 2024-07-26 07:26:14 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.22 | 49166 | 188.114.97.3 | 443 | 2052 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-26 07:26:15 UTC | 353 | OUT | |
| 2024-07-26 07:26:15 UTC | 832 | IN | |
| 2024-07-26 07:26:15 UTC | 537 | IN | |
| 2024-07-26 07:26:15 UTC | 1369 | IN | |
| 2024-07-26 07:26:15 UTC | 1369 | IN | |
| 2024-07-26 07:26:15 UTC | 1369 | IN | |
| 2024-07-26 07:26:15 UTC | 1369 | IN | |
| 2024-07-26 07:26:15 UTC | 1369 | IN | |
| 2024-07-26 07:26:15 UTC | 1369 | IN | |
| 2024-07-26 07:26:15 UTC | 1369 | IN | |
| 2024-07-26 07:26:15 UTC | 1369 | IN | |
| 2024-07-26 07:26:15 UTC | 1369 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.22 | 49167 | 188.114.97.3 | 443 | 2052 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-26 07:26:17 UTC | 142 | OUT | |
| 2024-07-26 07:26:17 UTC | 828 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.22 | 49168 | 188.114.96.3 | 443 | 3224 | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-26 07:26:18 UTC | 309 | OUT | |
| 2024-07-26 07:26:18 UTC | 763 | IN | |
| 2024-07-26 07:26:18 UTC | 606 | IN | |
| 2024-07-26 07:26:18 UTC | 1369 | IN | |
| 2024-07-26 07:26:18 UTC | 1369 | IN | |
| 2024-07-26 07:26:18 UTC | 1369 | IN | |
| 2024-07-26 07:26:18 UTC | 1369 | IN | |
| 2024-07-26 07:26:18 UTC | 1369 | IN | |
| 2024-07-26 07:26:18 UTC | 1369 | IN | |
| 2024-07-26 07:26:18 UTC | 1369 | IN | |
| 2024-07-26 07:26:18 UTC | 1369 | IN | |
| 2024-07-26 07:26:18 UTC | 1369 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 8 | 192.168.2.22 | 49169 | 188.114.97.3 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-26 07:26:24 UTC | 160 | OUT | |
| 2024-07-26 07:26:24 UTC | 724 | IN | |
| 2024-07-26 07:26:24 UTC | 231 | IN | |
| 2024-07-26 07:26:24 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 9 | 192.168.2.22 | 49170 | 188.114.96.3 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-07-26 07:26:28 UTC | 160 | OUT | |
| 2024-07-26 07:26:29 UTC | 722 | IN | |
| 2024-07-26 07:26:29 UTC | 231 | IN | |
| 2024-07-26 07:26:29 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 03:25:58 |
| Start date: | 26/07/2024 |
| Path: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x13f730000 |
| File size: | 1'423'704 bytes |
| MD5 hash: | 9EE74859D22DAE61F1750B3A1BACB6F5 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 9 |
| Start time: | 03:26:16 |
| Start date: | 26/07/2024 |
| Path: | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 543'304 bytes |
| MD5 hash: | A87236E214F6D42A65F5DEDAC816AEC8 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 10 |
| Start time: | 03:26:18 |
| Start date: | 26/07/2024 |
| Path: | C:\Users\user\AppData\Roaming\milliano89012.scr |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x11a0000 |
| File size: | 796'680 bytes |
| MD5 hash: | 3E71689FBA4D56A7F1C7923351518EA8 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Antivirus matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 11 |
| Start time: | 03:26:19 |
| Start date: | 26/07/2024 |
| Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x1100000 |
| File size: | 427'008 bytes |
| MD5 hash: | EB32C070E658937AA9FA9F3AE629B2B8 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 13 |
| Start time: | 03:26:20 |
| Start date: | 26/07/2024 |
| Path: | C:\Users\user\AppData\Roaming\milliano89012.scr |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x11a0000 |
| File size: | 796'680 bytes |
| MD5 hash: | 3E71689FBA4D56A7F1C7923351518EA8 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
Function 00542F90 Relevance: .4, Instructions: 374COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 21.5% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 0% |
| Total number of Nodes: | 161 |
| Total number of Limit Nodes: | 11 |
Graph
Function 00390544 Relevance: 2.8, Strings: 1, Instructions: 1592COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00395748 Relevance: 1.1, Instructions: 1086COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00395284 Relevance: 1.1, Instructions: 1083COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00396A48 Relevance: .6, Instructions: 594COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003953B4 Relevance: .6, Instructions: 593COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0039D704 Relevance: 5.1, Strings: 4, Instructions: 121COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C98482 Relevance: 1.6, APIs: 1, Instructions: 109COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C98488 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C981F8 Relevance: 1.6, APIs: 1, Instructions: 105memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C98200 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C980CA Relevance: 1.6, APIs: 1, Instructions: 97threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C980D0 Relevance: 1.6, APIs: 1, Instructions: 96threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C97FD8 Relevance: 1.6, APIs: 1, Instructions: 77threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00C97FE0 Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003949CF Relevance: 1.5, Strings: 1, Instructions: 258COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003912D8 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0039D618 Relevance: 1.3, Strings: 1, Instructions: 63COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00397D51 Relevance: 1.3, Strings: 1, Instructions: 11COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0039A811 Relevance: 1.3, Strings: 1, Instructions: 9COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003944F9 Relevance: 1.3, Strings: 1, Instructions: 6COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0039D250 Relevance: .2, Instructions: 203COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0039D260 Relevance: .2, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00390960 Relevance: .2, Instructions: 192COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00390534 Relevance: .2, Instructions: 192COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0039ED04 Relevance: .2, Instructions: 172COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0039E279 Relevance: .1, Instructions: 135COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0039E389 Relevance: .1, Instructions: 124COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0039E138 Relevance: .1, Instructions: 117COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0039E148 Relevance: .1, Instructions: 114COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00390C10 Relevance: .1, Instructions: 107COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0039FC22 Relevance: .1, Instructions: 97COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00396912 Relevance: .1, Instructions: 93COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0039E288 Relevance: .1, Instructions: 90COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0039FC30 Relevance: .1, Instructions: 90COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003952C4 Relevance: .1, Instructions: 81COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001AD274 Relevance: .1, Instructions: 76COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0033D1D4 Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0033D0EC Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003993F0 Relevance: .1, Instructions: 57COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 001AD26F Relevance: .1, Instructions: 57COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00393ABF Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00391B20 Relevance: .1, Instructions: 55COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003912C8 Relevance: .1, Instructions: 54COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0033D0E7 Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0033D1CF Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00391C00 Relevance: .0, Instructions: 48COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0039E770 Relevance: .0, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00393B78 Relevance: .0, Instructions: 40COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00394D50 Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0039E780 Relevance: .0, Instructions: 38COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00390848 Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00390919 Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0039D5D8 Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00390500 Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003948AF Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00397D78 Relevance: .0, Instructions: 14COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0039497F Relevance: .0, Instructions: 13COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0039A750 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0039A839 Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00394518 Relevance: .0, Instructions: 10COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0039DDBF Relevance: .0, Instructions: 9COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0039DDC0 Relevance: .0, Instructions: 9COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00394E10 Relevance: .0, Instructions: 9COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00397C90 Relevance: .0, Instructions: 8COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0039A848 Relevance: .0, Instructions: 7COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003949B8 Relevance: .0, Instructions: 7COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00394528 Relevance: .0, Instructions: 7COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00397D88 Relevance: .0, Instructions: 7COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00394E48 Relevance: .0, Instructions: 7COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0039443E Relevance: .0, Instructions: 5COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00391DC0 Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 0.9% |
| Dynamic/Decrypted Code Coverage: | 3.9% |
| Signature Coverage: | 6.9% |
| Total number of Nodes: | 102 |
| Total number of Limit Nodes: | 7 |
Graph
Function 0042CE2F Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00DA07AC Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D9F9F0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D9FAE8 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D9FB68 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D9FDC0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042D19F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0042D14F Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 0042D1EF Relevance: 1.5, APIs: 1, Instructions: 25COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00446B54 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00D90080 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00DB26F8 Relevance: .0, Instructions: 44COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00DF0101 Relevance: .0, Instructions: 31COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D900EA Relevance: .0, Instructions: 20COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00DA00C4 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00DA0048 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00DA0078 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00DA0060 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00DA01D4 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00DA010C Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00DA0C40 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00DA10D0 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00DA1148 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D9F8CC Relevance: .0, Instructions: 6COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D9F900 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D9F938 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00DA1930 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D9FAD0 Relevance: .0, Instructions: 6COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D9FAB8 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D9FA50 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D9FA20 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D9FBE8 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D9FBB8 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D9FB50 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D9FC90 Relevance: .0, Instructions: 6COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D9FC48 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D9FC60 Relevance: .0, Instructions: 6COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D9FC30 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D9FD8C Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00DA1D80 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D9FD5C Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D9FED0 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D9FEA0 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D9FE24 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D9FFFC Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D9FFB4 Relevance: .0, Instructions: 6COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00D9FF34 Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401000 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 155windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004011B0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 142windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044988D Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00DDFCC9 Relevance: 6.3, APIs: 4, Instructions: 257COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00E55CFA Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 237COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|