Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
CY SEC AUDIT PLAN 2025.docx.doc

Overview

General Information

Sample name:CY SEC AUDIT PLAN 2025.docx.doc
Analysis ID:1587391
MD5:0ffd99b46024863228e14efea8265ff2
SHA1:274b3cdab333bce3309d7444b2cb82fd7c0b1926
SHA256:896ddb35cde29b51ec5cf0da0197605d5fd754c1f9f45e97d40cd287fb5a2d25
Tags:aptdocSidewinderuser-smica83
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
Contains an external reference to another file
Office viewer loads remote template
Detected non-DNS traffic on DNS port
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Yara signature match

Classification

Process Tree

  • System is w10x64
  • WINWORD.EXE (PID: 5584 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding MD5: 1A0C2C2E7D9C4BC18E91604E9B0C7678)
    • FLTLDR.EXE (PID: 7468 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE" C:\Program Files (x86)\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT MD5: 7E33DE81287ADE7C97AE4900AEB2B020)
    • FLTLDR.EXE (PID: 7780 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE" C:\Program Files (x86)\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT MD5: 7E33DE81287ADE7C97AE4900AEB2B020)
    • FLTLDR.EXE (PID: 7220 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE" C:\Program Files (x86)\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT MD5: 7E33DE81287ADE7C97AE4900AEB2B020)
    • splwow64.exe (PID: 7348 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
_rels\document.xml.relsINDICATOR_OLE_RemoteTemplateDetects XML relations where an OLE object is refrencing an external target in dropper OOXML documentsditekSHen
  • 0x27a:$olerel: relationships/oleObject
  • 0x293:$target1: Target="http
  • 0x2d3:$mode: TargetMode="External

Sigma Signatures

System Summary

barindex
Sigma detected: Suspicious Office Outbound Connections
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.5, DestinationIsIpv6: false, DestinationPort: 49719, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE, Initiated: true, ProcessId: 5584, Protocol: tcp, SourceIp: 151.236.12.150, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-10T10:20:12.288060+010020283713Unknown Traffic192.168.2.549719151.236.12.150443TCP
2025-01-10T10:20:13.428555+010020283713Unknown Traffic192.168.2.549721151.236.12.150443TCP
2025-01-10T10:20:16.959899+010020283713Unknown Traffic192.168.2.549727151.236.12.150443TCP
2025-01-10T10:20:18.350386+010020283713Unknown Traffic192.168.2.549731151.236.12.150443TCP
2025-01-10T10:20:20.699652+010020283713Unknown Traffic192.168.2.561860151.236.12.150443TCP
2025-01-10T10:20:23.232764+010020283713Unknown Traffic192.168.2.561881151.236.12.150443TCP
2025-01-10T10:20:23.253545+010020283713Unknown Traffic192.168.2.561880151.236.12.150443TCP
2025-01-10T10:20:24.320899+010020283713Unknown Traffic192.168.2.561888151.236.12.150443TCP
2025-01-10T10:20:24.342634+010020283713Unknown Traffic192.168.2.561891151.236.12.150443TCP
2025-01-10T10:20:25.423463+010020283713Unknown Traffic192.168.2.561901151.236.12.150443TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-10T10:20:15.937134+010020551291A Network Trojan was detected151.236.12.150443192.168.2.549722TCP
2025-01-10T10:20:19.899983+010020551291A Network Trojan was detected151.236.12.150443192.168.2.549738TCP
2025-01-10T10:20:25.861718+010020551291A Network Trojan was detected151.236.12.150443192.168.2.561900TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-10T10:20:15.935699+010020338581Malware Command and Control Activity Detected192.168.2.549722151.236.12.150443TCP
2025-01-10T10:20:19.897734+010020338581Malware Command and Control Activity Detected192.168.2.549738151.236.12.150443TCP
2025-01-10T10:20:25.861460+010020338581Malware Command and Control Activity Detected192.168.2.561900151.236.12.150443TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-10T10:20:14.759008+010020550801Malware Command and Control Activity Detected192.168.2.549721151.236.12.150443TCP
2025-01-10T10:20:18.768656+010020550801Malware Command and Control Activity Detected192.168.2.549731151.236.12.150443TCP
2025-01-10T10:20:24.736514+010020550801Malware Command and Control Activity Detected192.168.2.561888151.236.12.150443TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-10T10:20:22.550964+010018100051Potentially Bad Traffic192.168.2.561870151.236.12.150443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: unknownHTTPS traffic detected: 151.236.12.150:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.236.12.150:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.236.12.150:443 -> 192.168.2.5:61870 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.236.12.150:443 -> 192.168.2.5:61901 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.236.12.150:443 -> 192.168.2.5:61935 version: TLS 1.2
Source: global trafficDNS query: name: paknavy.modpak.live
Source: global trafficTCP traffic: 192.168.2.5:49722 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61900 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49719 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49719 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49719 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49719 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49719 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49719 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49719 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49722 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49722 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49722 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49722 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49722 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49722 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49722 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49722 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49722 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49722 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49722 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49731 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49731 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49731 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49731 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49731 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49731 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49731 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49731 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61859 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61859 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61859 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61860 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61860 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61860 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61859 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61859 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61859 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61860 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61860 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61859 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61859 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61859 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61859 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61860 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61860 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61870 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61870 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61870 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61870 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61870 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61870 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61870 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61870 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61870 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61870 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61870 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61870 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61870 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61880 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61880 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61880 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61881 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61881 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61881 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61881 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61881 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61880 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61880 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61881 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61888 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61888 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61888 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61880 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61880 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61891 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61891 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61891 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61880 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61888 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61888 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61891 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61891 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61888 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61888 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61888 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61900 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61900 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61900 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61891 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61891 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61891 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61901 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61901 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61901 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61901 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61901 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61901 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61900 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61900 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61900 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61901 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61900 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61900 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61900 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61908 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61908 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61908 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61908 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61908 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61908 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61908 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61908 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61908 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61935 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61935 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61935 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61935 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61935 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61935 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61935 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61935 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61935 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61935 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61935 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49719 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49719
Source: global trafficTCP traffic: 192.168.2.5:49719 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49719 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49719
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49719
Source: global trafficTCP traffic: 192.168.2.5:49719 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49719 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49719
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49719
Source: global trafficTCP traffic: 192.168.2.5:49719 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49719
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49719
Source: global trafficTCP traffic: 192.168.2.5:49719 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49721
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49721
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49721
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49721
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49721
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49721
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49721
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49721
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49721
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49722 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49722
Source: global trafficTCP traffic: 192.168.2.5:49722 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49722 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49722
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49722
Source: global trafficTCP traffic: 192.168.2.5:49722 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49722 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49722
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49722
Source: global trafficTCP traffic: 192.168.2.5:49722 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49722 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49722
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49722
Source: global trafficTCP traffic: 192.168.2.5:49722 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49722
Source: global trafficTCP traffic: 192.168.2.5:49722 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49722
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49722
Source: global trafficTCP traffic: 192.168.2.5:49722 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49722 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49722
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49726
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49726
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49727
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49727
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49726
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49726
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49726
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49727
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49727
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49727
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49726
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49726
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49726 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49727
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49727
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49727 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49727
Source: global trafficTCP traffic: 192.168.2.5:49731 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49731
Source: global trafficTCP traffic: 192.168.2.5:49731 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49731 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49731
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49731
Source: global trafficTCP traffic: 192.168.2.5:49731 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49731
Source: global trafficTCP traffic: 192.168.2.5:49731 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49731
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49731
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49731
Source: global trafficTCP traffic: 192.168.2.5:49731 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49731 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49731
Source: global trafficTCP traffic: 192.168.2.5:49731 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49731
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49738
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49738
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49738
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49738
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49738
Source: global trafficTCP traffic: 192.168.2.5:61853 -> 1.1.1.1:53
Source: global trafficTCP traffic: 1.1.1.1:53 -> 192.168.2.5:61853
Source: global trafficTCP traffic: 192.168.2.5:61853 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.5:61853 -> 1.1.1.1:53
Source: global trafficTCP traffic: 1.1.1.1:53 -> 192.168.2.5:61853
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49738
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49738
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49738
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49738
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:49738
Source: global trafficTCP traffic: 192.168.2.5:49738 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61859 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61859
Source: global trafficTCP traffic: 192.168.2.5:61859 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61859 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61859
Source: global trafficTCP traffic: 192.168.2.5:61860 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61860
Source: global trafficTCP traffic: 192.168.2.5:61860 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61860 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61860
Source: global trafficTCP traffic: 1.1.1.1:53 -> 192.168.2.5:61853
Source: global trafficTCP traffic: 192.168.2.5:61853 -> 1.1.1.1:53
Source: global trafficTCP traffic: 1.1.1.1:53 -> 192.168.2.5:61853
Source: global trafficTCP traffic: 192.168.2.5:61853 -> 1.1.1.1:53
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61859
Source: global trafficTCP traffic: 192.168.2.5:61859 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61859 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61859
Source: global trafficTCP traffic: 192.168.2.5:61859 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61859
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61860
Source: global trafficTCP traffic: 192.168.2.5:61860 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61860
Source: global trafficTCP traffic: 192.168.2.5:61860 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61860
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61859
Source: global trafficTCP traffic: 192.168.2.5:61859 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61859 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61859
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61859
Source: global trafficTCP traffic: 192.168.2.5:61859 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61859 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61860
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61860
Source: global trafficTCP traffic: 192.168.2.5:61860 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61860 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61860
Source: global trafficTCP traffic: 192.168.2.5:61870 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61870
Source: global trafficTCP traffic: 192.168.2.5:61870 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61870 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61870
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61870
Source: global trafficTCP traffic: 192.168.2.5:61870 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61870 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61870
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61870
Source: global trafficTCP traffic: 192.168.2.5:61870 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61870 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61870
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61870
Source: global trafficTCP traffic: 192.168.2.5:61870 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61870
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61870
Source: global trafficTCP traffic: 192.168.2.5:61870 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61870 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61870 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61870
Source: global trafficTCP traffic: 192.168.2.5:61870 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61870 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61880 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61880
Source: global trafficTCP traffic: 192.168.2.5:61880 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61880 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61880
Source: global trafficTCP traffic: 192.168.2.5:61881 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61881
Source: global trafficTCP traffic: 192.168.2.5:61881 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61881 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61881
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61881
Source: global trafficTCP traffic: 192.168.2.5:61881 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61881
Source: global trafficTCP traffic: 192.168.2.5:61881 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61881
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61880
Source: global trafficTCP traffic: 192.168.2.5:61880 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61880
Source: global trafficTCP traffic: 192.168.2.5:61880 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61880
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61881
Source: global trafficTCP traffic: 192.168.2.5:61881 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61888 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61888
Source: global trafficTCP traffic: 192.168.2.5:61888 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61888 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61888
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61880
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61880
Source: global trafficTCP traffic: 192.168.2.5:61880 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61880 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61891 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61891
Source: global trafficTCP traffic: 192.168.2.5:61891 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61891 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61891
Source: global trafficTCP traffic: 192.168.2.5:61880 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61880
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61888
Source: global trafficTCP traffic: 192.168.2.5:61888 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61888
Source: global trafficTCP traffic: 192.168.2.5:61888 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61888
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61891
Source: global trafficTCP traffic: 192.168.2.5:61891 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61891
Source: global trafficTCP traffic: 192.168.2.5:61891 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61891
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61888
Source: global trafficTCP traffic: 192.168.2.5:61888 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61888 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61888
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61888
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61888
Source: global trafficTCP traffic: 192.168.2.5:61888 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61900 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61900
Source: global trafficTCP traffic: 192.168.2.5:61900 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61900 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61900
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61891
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61891
Source: global trafficTCP traffic: 192.168.2.5:61891 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61891 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61891
Source: global trafficTCP traffic: 192.168.2.5:61891 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61891
Source: global trafficTCP traffic: 192.168.2.5:61901 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61901
Source: global trafficTCP traffic: 192.168.2.5:61901 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61901 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61901
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61901
Source: global trafficTCP traffic: 192.168.2.5:61901 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61901 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61901
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61901
Source: global trafficTCP traffic: 192.168.2.5:61901 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61900
Source: global trafficTCP traffic: 192.168.2.5:61900 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61900 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61900
Source: global trafficTCP traffic: 192.168.2.5:61900 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61900
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61901
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61901
Source: global trafficTCP traffic: 192.168.2.5:61901 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61900
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61900
Source: global trafficTCP traffic: 192.168.2.5:61900 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61900 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61900 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61900
Source: global trafficTCP traffic: 192.168.2.5:61908 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61908
Source: global trafficTCP traffic: 192.168.2.5:61908 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61908 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61908
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61908
Source: global trafficTCP traffic: 192.168.2.5:61908 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61908 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61908
Source: global trafficTCP traffic: 192.168.2.5:61908 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61908
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61908
Source: global trafficTCP traffic: 192.168.2.5:61908 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61908 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61908
Source: global trafficTCP traffic: 192.168.2.5:61908 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61935 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61935
Source: global trafficTCP traffic: 192.168.2.5:61935 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61935 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61935
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61935
Source: global trafficTCP traffic: 192.168.2.5:61935 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61935 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61935
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61935
Source: global trafficTCP traffic: 192.168.2.5:61935 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61935 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61935
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61935
Source: global trafficTCP traffic: 192.168.2.5:61935 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61935 -> 151.236.12.150:443
Source: global trafficTCP traffic: 151.236.12.150:443 -> 192.168.2.5:61935
Source: global trafficTCP traffic: 192.168.2.5:61935 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61935 -> 151.236.12.150:443

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2055080 - Severity 1 - ET MALWARE TA399/Sidewinder Activity Payload Request M3, Microsoft Word UA Request for .rtf : 192.168.2.5:49731 -> 151.236.12.150:443
Source: Network trafficSuricata IDS: 1810005 - Severity 1 - Joe Security ANOMALY Microsoft Office WebDAV Discovery : 192.168.2.5:61870 -> 151.236.12.150:443
Source: Network trafficSuricata IDS: 2033858 - Severity 1 - ET MALWARE TA399/Sidewinder Activity Payload Request M2, Microsoft Office UA Request for .rtf : 192.168.2.5:49738 -> 151.236.12.150:443
Source: Network trafficSuricata IDS: 2033858 - Severity 1 - ET MALWARE TA399/Sidewinder Activity Payload Request M2, Microsoft Office UA Request for .rtf : 192.168.2.5:49722 -> 151.236.12.150:443
Source: Network trafficSuricata IDS: 2055080 - Severity 1 - ET MALWARE TA399/Sidewinder Activity Payload Request M3, Microsoft Word UA Request for .rtf : 192.168.2.5:61888 -> 151.236.12.150:443
Source: Network trafficSuricata IDS: 2033858 - Severity 1 - ET MALWARE TA399/Sidewinder Activity Payload Request M2, Microsoft Office UA Request for .rtf : 192.168.2.5:61900 -> 151.236.12.150:443
Source: Network trafficSuricata IDS: 2055080 - Severity 1 - ET MALWARE TA399/Sidewinder Activity Payload Request M3, Microsoft Word UA Request for .rtf : 192.168.2.5:49721 -> 151.236.12.150:443
Source: global trafficTCP traffic: 192.168.2.5:61853 -> 1.1.1.1:53
Source: Joe Sandbox ViewASN Name: EDIS-AS-EUAT EDIS-AS-EUAT
Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49721 -> 151.236.12.150:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:61860 -> 151.236.12.150:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:61880 -> 151.236.12.150:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:61881 -> 151.236.12.150:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49719 -> 151.236.12.150:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:61891 -> 151.236.12.150:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:61901 -> 151.236.12.150:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:61888 -> 151.236.12.150:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49731 -> 151.236.12.150:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49727 -> 151.236.12.150:443
Source: Network trafficSuricata IDS: 2055129 - Severity 1 - ET MALWARE Possible TA399/SideWinder Related Empty .rtf Inbound : 151.236.12.150:443 -> 192.168.2.5:49738
Source: Network trafficSuricata IDS: 2055129 - Severity 1 - ET MALWARE Possible TA399/SideWinder Related Empty .rtf Inbound : 151.236.12.150:443 -> 192.168.2.5:49722
Source: Network trafficSuricata IDS: 2055129 - Severity 1 - ET MALWARE Possible TA399/SideWinder Related Empty .rtf Inbound : 151.236.12.150:443 -> 192.168.2.5:61900
Source: global trafficHTTP traffic detected: GET /70137347_audit/Profile.rtf HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)Accept-Encoding: gzip, deflateHost: paknavy.modpak.liveConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /70137347_audit/Profile.rtf HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)Accept-Encoding: gzip, deflateHost: paknavy.modpak.liveConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /70137347_audit/Profile.rtf HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)Accept-Encoding: gzip, deflateHost: paknavy.modpak.liveConnection: Keep-Alive
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /70137347_audit/Profile.rtf HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)Accept-Encoding: gzip, deflateHost: paknavy.modpak.liveConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /70137347_audit/Profile.rtf HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)Accept-Encoding: gzip, deflateHost: paknavy.modpak.liveConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /70137347_audit/Profile.rtf HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)Accept-Encoding: gzip, deflateHost: paknavy.modpak.liveConnection: Keep-Alive
Source: global trafficDNS traffic detected: DNS query: paknavy.modpak.live
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 61870 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61891 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61900 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61908
Source: unknownNetwork traffic detected: HTTP traffic on port 61935 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61881 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61888
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61860 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61900
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61901
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61880
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61881
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61860
Source: unknownNetwork traffic detected: HTTP traffic on port 61908 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 61901 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61880 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61935
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61859
Source: unknownNetwork traffic detected: HTTP traffic on port 61859 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61888 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61891
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61870
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownHTTPS traffic detected: 151.236.12.150:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.236.12.150:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.236.12.150:443 -> 192.168.2.5:61870 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.236.12.150:443 -> 192.168.2.5:61901 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.236.12.150:443 -> 192.168.2.5:61935 version: TLS 1.2

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: _rels\document.xml.rels, type: SAMPLEMatched rule: Detects XML relations where an OLE object is refrencing an external target in dropper OOXML documents Author: ditekSHen
Source: _rels\document.xml.rels, type: SAMPLEMatched rule: INDICATOR_OLE_RemoteTemplate author = ditekSHen, description = Detects XML relations where an OLE object is refrencing an external target in dropper OOXML documents
Source: classification engineClassification label: mal64.evad.winDOC@10/7@1/1
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\Desktop\~$ SEC AUDIT PLAN 2025.docx.docJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\{0BD46277-5B95-4F48-A79C-DADDA8D5D0BE} - OProcSessId.datJump to behavior
Source: CY SEC AUDIT PLAN 2025.docx.docOLE indicator, Word Document stream: true
Source: ~WRD0000.tmp.0.drOLE indicator, Word Document stream: true
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE" C:\Program Files (x86)\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE" C:\Program Files (x86)\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE" C:\Program Files (x86)\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE" C:\Program Files (x86)\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLTJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE" C:\Program Files (x86)\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLTJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE" C:\Program Files (x86)\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLTJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXESection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXESection loaded: c2r32.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXESection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXESection loaded: vcruntime140.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXESection loaded: msvcp140.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXESection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXESection loaded: c2r32.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXESection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXESection loaded: vcruntime140.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXESection loaded: msvcp140.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXESection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXESection loaded: c2r32.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXESection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXESection loaded: vcruntime140.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXESection loaded: msvcp140.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXESection loaded: uxtheme.dllJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: CY SEC AUDIT PLAN 2025.docx.docInitial sample: OLE zip file path = word/media/image2.jpg
Source: ~WRD0000.tmp.0.drInitial sample: OLE zip file path = word/media/image5.emf
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: CY SEC AUDIT PLAN 2025.docx.docStatic file information: File size 1960592 > 1048576
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
Source: CY SEC AUDIT PLAN 2025.docx.docInitial sample: OLE indicators vbamacros = False

Persistence and Installation Behavior

barindex
Contains an external reference to another file
Source: _rels\document.xml.relsExtracted files from sample: https://paknavy.modpak.live/70137347_audit/profile.rtf
Office viewer loads remote template
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXESection loaded: netapi32.dll and davhlpr.dll loadedJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 1818Jump to behavior
Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 8092Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeLast function: Thread delayed
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
Source: CY SEC AUDIT PLAN 2025.docx.doc, ~WRD0000.tmp.0.dr, image3.pngBinary or memory string: qeMUFVz
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXEQueries volume information: C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_977\AC\Temp\FL3C14.tmp VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXEQueries volume information: C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_2620\AC\Temp\FL59EE.tmp VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXEQueries volume information: C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_8e2\AC\Temp\FL86BB.tmp VolumeInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
Windows Management Instrumentation		1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping11
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts3
Exploitation for Client Execution		Boot or Logon Initialization Scripts1
DLL Side-Loading		11
Virtualization/Sandbox Evasion		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager11
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS1
Application Window Discovery		Distributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials12
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1587391 Sample: CY SEC AUDIT PLAN 2025.docx.doc Startdate: 10/01/2025 Architecture: WINDOWS Score: 64 19 paknavy.modpak.live 2->19 21 bg.microsoft.map.fastly.net 2->21 25 Suricata IDS alerts for network traffic 2->25 27 Malicious sample detected (through community Yara rule) 2->27 29 Contains an external reference to another file 2->29 7 WINWORD.EXE 232 147 2->7         started        signatures3 process4 dnsIp5 23 paknavy.modpak.live 151.236.12.150, 443, 49719, 49721 EDIS-AS-EUAT European Union 7->23 31 Office viewer loads remote template 7->31 11 splwow64.exe 1 7->11         started        13 FLTLDR.EXE 7->13         started        15 FLTLDR.EXE 7->15         started        17 FLTLDR.EXE 7->17         started        signatures6 process7

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
CY SEC AUDIT PLAN 2025.docx.doc5%VirustotalBrowse
CY SEC AUDIT PLAN 2025.docx.doc0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://paknavy.modpak.live/70137347_audit/Profile.rtf0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    		high
    paknavy.modpak.live
    		151.236.12.150
    		truetrue
      		unknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://paknavy.modpak.live/70137347_audit/Profile.rtftrue
      • Avira URL Cloud: safe
      		unknown

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      151.236.12.150
      		paknavy.modpak.liveEuropean Union
      		57169EDIS-AS-EUATtrue

      General Information

      Joe Sandbox version:42.0.0 Malachite
      Analysis ID:1587391
      Start date and time:2025-01-10 10:19:08 +01:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 9m 15s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:defaultwindowsofficecookbook.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:20
      Number of new started drivers analysed:1
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Sample name:CY SEC AUDIT PLAN 2025.docx.doc
      Detection:MAL
      Classification:mal64.evad.winDOC@10/7@1/1
      EGA Information:Failed
      HCA Information:
      • Successful, ratio: 100%
      • Number of executed functions: 0
      • Number of non-executed functions: 0
      Cookbook Comments:
      • Found application associated with file extension: .doc
      • Found Word or Excel or PowerPoint or XPS Viewer
      • Attach to Office via COM
      • Scroll down
      • Close Viewer
      • Override analysis time to 55815.6709 for current running targets taking high CPU consumption
      • Override analysis time to 111631.3418 for current running targets taking high CPU consumption
      • Override analysis time to 223262.6836 for current running targets taking high CPU consumption

      Warnings

      • Exclude process from analysis (whitelisted): mrxdav.sys, dllhost.exe, sppsvc.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe, MavInject32.exe
      • Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.113.194.132, 52.109.89.19, 199.232.214.172, 20.189.173.6, 2.21.65.130, 2.21.65.149, 184.51.148.194, 184.51.148.162, 88.221.110.227, 88.221.110.138, 184.28.90.27, 52.111.236.34, 52.111.236.33, 52.111.236.35, 52.111.236.32, 20.189.173.10, 40.126.32.68, 4.175.87.197, 13.107.246.45
      • Excluded domains from analysis (whitelisted): binaries.templates.cdn.office.net.edgesuite.net, slscr.update.microsoft.com, templatesmetadata.office.net.edgekey.net, weu-azsc-000.roaming.officeapps.live.com, eur.roaming1.live.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1847.dscg2.akamai.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, templatesmetadata.office.net, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, prod1.naturallanguage
      • Report size exceeded maximum capacity and may have missing behavior information.
      • Report size getting too big, too many NtCreateFile calls found.
      • Report size getting too big, too many NtOpenFile calls found.
      • Report size getting too big, too many NtQueryAttributesFile calls found.
      • Report size getting too big, too many NtQueryValueKey calls found.
      • Report size getting too big, too many NtReadFile calls found.
      • Report size getting too big, too many NtReadVirtualMemory calls found.

      Simulations

      Behavior and APIs

      TimeTypeDescription
      04:20:27API Interceptor18422398x Sleep call for process: splwow64.exe modified

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      bg.microsoft.map.fastly.netgem2.exeGet hashmaliciousXmrigBrowse
      • 199.232.210.172
      1736491685cd440ba02224486139c45779065ac91a3edb422c48d3d3c6920c4d30fc9d2bfc582.dat-decoded.exeGet hashmaliciousAsyncRAT, DcRatBrowse
      • 199.232.210.172
      gqIYXW7GfB.exeGet hashmaliciousDCRatBrowse
      • 199.232.214.172
      https://ik.imagekit.io/nrof2h909/Sherman%20Pruitt,%20Chief%20of%20Police,%20MSCJ.pdf?updatedAt=1736444487005Get hashmaliciousUnknownBrowse
      • 199.232.210.172
      https://marcuso-wq.github.io/home/Get hashmaliciousHTMLPhisherBrowse
      • 199.232.214.172
      1Ta6ojwHc6.exeGet hashmaliciousDCRatBrowse
      • 199.232.210.172
      Nuevo-orden.xla.xlsxGet hashmaliciousUnknownBrowse
      • 199.232.214.172
      Appraisal-nation-Review_and_Signature_Request46074.pdfGet hashmaliciousUnknownBrowse
      • 199.232.214.172
      new.batGet hashmaliciousUnknownBrowse
      • 199.232.210.172
      MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5.zipGet hashmaliciousUnknownBrowse
      • 199.232.210.172

      ASNs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      EDIS-AS-EUATfile.exeGet hashmaliciousFormBook, PureLog StealerBrowse
      • 185.26.237.170
      Acrobat_DC_x64_VIP_v10.12.msiGet hashmaliciousBumbleBeeBrowse
      • 149.154.153.2
      otis.exeGet hashmaliciousUnknownBrowse
      • 192.121.170.106
      ssowoface.dllGet hashmaliciousUnknownBrowse
      • 192.36.61.122
      ssowoface.dllGet hashmaliciousUnknownBrowse
      • 192.36.61.122
      msws.msiGet hashmaliciousORPCBackdoorBrowse
      • 151.236.9.174
      msws.msiGet hashmaliciousORPCBackdoorBrowse
      • 151.236.9.174
      Mcb5K3TOWT.exeGet hashmaliciousUnknownBrowse
      • 192.36.38.33
      987123.exeGet hashmaliciousLummaC, Eternity Stealer, LummaC Stealer, SmokeLoader, Stealc, zgRATBrowse
      • 192.36.38.33
      16GAuqLUFK.exeGet hashmaliciousGlupteba, RedLine, SmokeLoader, StealcBrowse
      • 192.36.38.33

      JA3 Fingerprints

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      6271f898ce5be7dd52b0fc260d0662b3Nuevo-orden.xla.xlsxGet hashmaliciousUnknownBrowse
      • 151.236.12.150
      Nuevo-orden.xla.xlsxGet hashmaliciousUnknownBrowse
      • 151.236.12.150
      phish_alert_sp2_2.0.0.0 (1).emlGet hashmaliciousUnknownBrowse
      • 151.236.12.150
      PO#3311-20250108003.xlsGet hashmaliciousUnknownBrowse
      • 151.236.12.150
      PO#3311-20250108003.xlsGet hashmaliciousUnknownBrowse
      • 151.236.12.150
      http://www.cipassoitalia.it/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
      • 151.236.12.150
      ipmsg5.6.18_installer.exeGet hashmaliciousUnknownBrowse
      • 151.236.12.150
      https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102Get hashmaliciousUnknownBrowse
      • 151.236.12.150
      skript.batGet hashmaliciousVidarBrowse
      • 151.236.12.150
      GtEVo1eO2p.exeGet hashmaliciousLummaCBrowse
      • 151.236.12.150
      a0e9f5d64349fb13191bc781f81f42e1PO#3_RKG367.batGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
      • 151.236.12.150
      Invoice.exeGet hashmaliciousLummaCBrowse
      • 151.236.12.150
      24EPV9vjc5.exeGet hashmaliciousUnknownBrowse
      • 151.236.12.150
      kXzODlqJak.exeGet hashmaliciousUnknownBrowse
      • 151.236.12.150
      24EPV9vjc5.exeGet hashmaliciousUnknownBrowse
      • 151.236.12.150
      kXzODlqJak.exeGet hashmaliciousUnknownBrowse
      • 151.236.12.150
      cLm7ThwEvh.msiGet hashmaliciousUnknownBrowse
      • 151.236.12.150
      digitalisierungskonzept_muster.jsGet hashmaliciousUnknownBrowse
      • 151.236.12.150
      NvOxePa.exeGet hashmaliciousLummaCBrowse
      • 151.236.12.150
      37f463bf4616ecd445d4a1937da06e19gem1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
      • 151.236.12.150
      FIWszl1A8l.exeGet hashmaliciousGhostRatBrowse
      • 151.236.12.150
      2873466535874-68348745.02.exeGet hashmaliciousUnknownBrowse
      • 151.236.12.150
      n41dQbiw1Y.exeGet hashmaliciousBabuk, DjvuBrowse
      • 151.236.12.150
      stage3.exeGet hashmaliciousCobaltStrikeBrowse
      • 151.236.12.150
      1C24TDP_000000029.jseGet hashmaliciousMassLogger RATBrowse
      • 151.236.12.150
      drop1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
      • 151.236.12.150
      DyM4yXX.exeGet hashmaliciousVidarBrowse
      • 151.236.12.150
      http://cipassoitalia.itGet hashmaliciousCAPTCHA Scam ClickFixBrowse
      • 151.236.12.150
      DHL_Awb_Shipping_Invoice_doc_010720257820020031808174CN1800301072025.bat.exeGet hashmaliciousRemcosBrowse
      • 151.236.12.150

      Dropped Files

      No context

      Created / dropped Files

      C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_2620\AC\Temp\FL59EE.tmp

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      File Type:ASCII text, with no line terminators
      Category:dropped
      Size (bytes):50
      Entropy (8bit):4.46146788019945
      Encrypted:false
      SSDEEP:3:wcek9LRAlxkAMvtEKb:wJcexJC
      MD5:A471D39C02EE8428702B468C843C62E3
      SHA1:91E6F53C4DCE4D7822F120DA20A75113E5A7DCED
      SHA-256:0C9A8CE9516EDB686FAF2BEE4BD9DC3285207031FE5F2F742ACCF4A525518D8E
      SHA-512:806DD530CE299B765554BB6AE827506D63B9D8A24294DF4E827CA8B808894C2B8845009239F80282F522177DE483D95099E74EF797E6F3B15A2B54F92DFFC03B
      Malicious:false
      Reputation:moderate, very likely benign file
      Preview:<Default Extension="jpg" ContentType="image/jpg"/>

      C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_8e2\AC\Temp\FL86BB.tmp

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      File Type:ASCII text, with no line terminators
      Category:dropped
      Size (bytes):50
      Entropy (8bit):4.46146788019945
      Encrypted:false
      SSDEEP:3:wcek9LRAlxkAMvtEKb:wJcexJC
      MD5:A471D39C02EE8428702B468C843C62E3
      SHA1:91E6F53C4DCE4D7822F120DA20A75113E5A7DCED
      SHA-256:0C9A8CE9516EDB686FAF2BEE4BD9DC3285207031FE5F2F742ACCF4A525518D8E
      SHA-512:806DD530CE299B765554BB6AE827506D63B9D8A24294DF4E827CA8B808894C2B8845009239F80282F522177DE483D95099E74EF797E6F3B15A2B54F92DFFC03B
      Malicious:false
      Reputation:moderate, very likely benign file
      Preview:<Default Extension="jpg" ContentType="image/jpg"/>

      C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_977\AC\Temp\FL3C14.tmp

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      File Type:ASCII text, with no line terminators
      Category:dropped
      Size (bytes):50
      Entropy (8bit):4.46146788019945
      Encrypted:false
      SSDEEP:3:wcek9LRAlxkAMvtEKb:wJcexJC
      MD5:A471D39C02EE8428702B468C843C62E3
      SHA1:91E6F53C4DCE4D7822F120DA20A75113E5A7DCED
      SHA-256:0C9A8CE9516EDB686FAF2BEE4BD9DC3285207031FE5F2F742ACCF4A525518D8E
      SHA-512:806DD530CE299B765554BB6AE827506D63B9D8A24294DF4E827CA8B808894C2B8845009239F80282F522177DE483D95099E74EF797E6F3B15A2B54F92DFFC03B
      Malicious:false
      Preview:<Default Extension="jpg" ContentType="image/jpg"/>

      C:\Users\user\Desktop\CY SEC AUDIT PLAN 2025.docx.doc (copy)

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      File Type:Microsoft Word 2007+
      Category:dropped
      Size (bytes):1972244
      Entropy (8bit):7.997707099635989
      Encrypted:true
      SSDEEP:49152:46rtadz2C+4yzr0Yd06K/73dIyP1ccVxb+6gFGbnF+JwNf:46rtasCby3Td0F/znP1ccVxS64hwt
      MD5:4F713AD7C6489ED00475181EF5B549CB
      SHA1:97C9453D04E8CB4D2105E71A0B4B44A64D216A90
      SHA-256:85FA24C6D99D70451677E740EB5B19F3F8A2C890B30AFDA54E5ADABE46A10123
      SHA-512:FBEBE666CFEA4C66D2D2FE74FD6D7C8BDC62A6AA7442A272B9EE06EBA207F6E64C95F8B9E8C2636A83A2A4C978438041DEA894DB9FEFF2CCA3C0D0DEEFACD3B4
      Malicious:false
      Preview:PK..........!....4n...........[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j.0.E......J.(....e.h...4vD.BR^..Q..R...dc.f.w...d.U....5%......VHS..k..?.,Df.S.@I...d|{3.m...i.J...=Q...4..u`.RY.Y...c...@......`b.....^.bK....n7I@W${n..UI.N.&O...8Sw2i......9.$g..te.Y...........a...T9n..>.....M...Lc.][/..|..,N.t.U%9.|Rs.r..OV...h&.!...!n...ht..!F...`...a.....%...B...+.|.V.7D.{..wxv...)K.z......c..l.s....._.:....Az....o.{E.?.......PK..........!.........N......._rels/.rels ...(...................

      C:\Users\user\Desktop\~$ SEC AUDIT PLAN 2025.docx.doc

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      File Type:data
      Category:dropped
      Size (bytes):162
      Entropy (8bit):4.852502824531063
      Encrypted:false
      SSDEEP:3:klt+lll2Tbqs+izxfLIlaOgAbFWl/RTnQaaRVcfM:7t2PqfizJhOEl/wRVcfM
      MD5:374E13F9EAC00B158D7FF9DAE103B7FB
      SHA1:DA526851D8D7B2A0A3EBB6D95B2EC1A56D90B9FC
      SHA-256:02F840D8FA16F5684F80EF8AABCB0568F94627BA1D0627D3C4625306AF236247
      SHA-512:E5E1A354EEE8EDF71F2075E03CAF1089FEC58ECD72F005F90B9187E677F31E2A1F63AED58C7BCA2243A274E179C57A1A84AA630BD0FD968DAF96BD6CBFD55207
      Malicious:false
      Preview:.user.................................................a.l.f.o.n.s.....N..CE..t....YF.....]..bH..Bk...@.*..8....j....0...{.|aI@c......^...d#..}..i....p....=.i

      C:\Users\user\Desktop\~WRD0000.tmp

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      File Type:Microsoft Word 2007+
      Category:dropped
      Size (bytes):1972244
      Entropy (8bit):7.997707099635989
      Encrypted:true
      SSDEEP:49152:46rtadz2C+4yzr0Yd06K/73dIyP1ccVxb+6gFGbnF+JwNf:46rtasCby3Td0F/znP1ccVxS64hwt
      MD5:4F713AD7C6489ED00475181EF5B549CB
      SHA1:97C9453D04E8CB4D2105E71A0B4B44A64D216A90
      SHA-256:85FA24C6D99D70451677E740EB5B19F3F8A2C890B30AFDA54E5ADABE46A10123
      SHA-512:FBEBE666CFEA4C66D2D2FE74FD6D7C8BDC62A6AA7442A272B9EE06EBA207F6E64C95F8B9E8C2636A83A2A4C978438041DEA894DB9FEFF2CCA3C0D0DEEFACD3B4
      Malicious:false
      Preview:PK..........!....4n...........[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j.0.E......J.(....e.h...4vD.BR^..Q..R...dc.f.w...d.U....5%......VHS..k..?.,Df.S.@I...d|{3.m...i.J...=Q...4..u`.RY.Y...c...@......`b.....^.bK....n7I@W${n..UI.N.&O...8Sw2i......9.$g..te.Y...........a...T9n..>.....M...Lc.][/..|..,N.t.U%9.|Rs.r..OV...h&.!...!n...ht..!F...`...a.....%...B...+.|.V.7D.{..wxv...)K.z......c..l.s....._.:....Az....o.{E.?.......PK..........!.........N......._rels/.rels ...(...................

      C:\Users\user\Desktop\~WRD0000.tmp:Zone.Identifier

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      File Type:ASCII text, with CRLF line terminators
      Category:modified
      Size (bytes):26
      Entropy (8bit):3.95006375643621
      Encrypted:false
      SSDEEP:3:ggPYV:rPYV
      MD5:187F488E27DB4AF347237FE461A079AD
      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
      Malicious:false
      Preview:[ZoneTransfer]....ZoneId=0

      Static File Info

      General

      File type:Microsoft Word 2007+
      Entropy (8bit):7.999360600967597
      TrID:
      • Word Microsoft Office Open XML Format document (49504/1) 58.23%
      • Word Microsoft Office Open XML Format document (27504/1) 32.35%
      • ZIP compressed archive (8000/1) 9.41%
      File name:CY SEC AUDIT PLAN 2025.docx.doc
      File size:1'960'592 bytes
      MD5:0ffd99b46024863228e14efea8265ff2
      SHA1:274b3cdab333bce3309d7444b2cb82fd7c0b1926
      SHA256:896ddb35cde29b51ec5cf0da0197605d5fd754c1f9f45e97d40cd287fb5a2d25
      SHA512:819bace97bb8ce37ba1363c41de64cf8ef0a540fb6030e9e4e8ae33d37c4faef1aa259fd4f249db4fde88131f3182d676571a75439ef01ff93da987a3025268d
      SSDEEP:49152:esrY5SuN+iq8yNk7xwyLriiPilI19jCcFcTnSMhqNRZ:9rDiByiwy1cI19jCE2qPZ
      TLSH:7A9533F1890BEF739B5B553810E75758DE3A086B3C0536AA2F7039F25B1499E4B3229C
      File Content Preview:PK.........`)Z........N......._rels/.rels...j.0.@......Q....N/c......[IL...j...<...].aG.....zs.Fu..]...U......^.[..x.....1x.p.....f..#I)...Y.............*D....i")..c$...qU...~3..1..jH[{..=E......~.f?..3-.....].T...2.j).,.l0/%..b.......z......,..../.|f\.Z.

      File Icon

      Icon Hash:35e1cc889a8a8599

      Static OLE Info

      General

      Document Type:OpenXML
      Number of OLE Files:1

      OLE File "CY SEC AUDIT PLAN 2025.docx.doc"

      Indicators
      Has Summary Info:
      Application Name:
      Encrypted Document:False
      Contains Word Document Stream:True
      Contains Workbook/Book Stream:False
      Contains PowerPoint Document Stream:False
      Contains Visio Document Stream:False
      Contains ObjectPool Stream:False
      Flash Objects Count:0
      Contains VBA Macros:False

      Network Behavior

      Suricata IDS Alerts

      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
      2025-01-10T10:20:12.288060+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549719151.236.12.150443TCP
      2025-01-10T10:20:13.428555+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549721151.236.12.150443TCP
      2025-01-10T10:20:14.759008+01002055080ET MALWARE TA399/Sidewinder Activity Payload Request M3, Microsoft Word UA Request for .rtf1192.168.2.549721151.236.12.150443TCP
      2025-01-10T10:20:15.935699+01002033858ET MALWARE TA399/Sidewinder Activity Payload Request M2, Microsoft Office UA Request for .rtf 1192.168.2.549722151.236.12.150443TCP
      2025-01-10T10:20:15.937134+01002055129ET MALWARE Possible TA399/SideWinder Related Empty .rtf Inbound1151.236.12.150443192.168.2.549722TCP
      2025-01-10T10:20:16.959899+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549727151.236.12.150443TCP
      2025-01-10T10:20:18.350386+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549731151.236.12.150443TCP
      2025-01-10T10:20:18.768656+01002055080ET MALWARE TA399/Sidewinder Activity Payload Request M3, Microsoft Word UA Request for .rtf1192.168.2.549731151.236.12.150443TCP
      2025-01-10T10:20:19.897734+01002033858ET MALWARE TA399/Sidewinder Activity Payload Request M2, Microsoft Office UA Request for .rtf 1192.168.2.549738151.236.12.150443TCP
      2025-01-10T10:20:19.899983+01002055129ET MALWARE Possible TA399/SideWinder Related Empty .rtf Inbound1151.236.12.150443192.168.2.549738TCP
      2025-01-10T10:20:20.699652+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.561860151.236.12.150443TCP
      2025-01-10T10:20:22.550964+01001810005Joe Security ANOMALY Microsoft Office WebDAV Discovery1192.168.2.561870151.236.12.150443TCP
      2025-01-10T10:20:23.232764+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.561881151.236.12.150443TCP
      2025-01-10T10:20:23.253545+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.561880151.236.12.150443TCP
      2025-01-10T10:20:24.320899+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.561888151.236.12.150443TCP
      2025-01-10T10:20:24.342634+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.561891151.236.12.150443TCP
      2025-01-10T10:20:24.736514+01002055080ET MALWARE TA399/Sidewinder Activity Payload Request M3, Microsoft Word UA Request for .rtf1192.168.2.561888151.236.12.150443TCP
      2025-01-10T10:20:25.423463+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.561901151.236.12.150443TCP
      2025-01-10T10:20:25.861460+01002033858ET MALWARE TA399/Sidewinder Activity Payload Request M2, Microsoft Office UA Request for .rtf 1192.168.2.561900151.236.12.150443TCP
      2025-01-10T10:20:25.861718+01002055129ET MALWARE Possible TA399/SideWinder Related Empty .rtf Inbound1151.236.12.150443192.168.2.561900TCP

      Network Port Distribution

      TCP Packets

      TimestampSource PortDest PortSource IPDest IP
      Jan 10, 2025 10:20:11.611383915 CET49719443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:11.611423969 CET44349719151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:11.611491919 CET49719443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:11.611830950 CET49719443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:11.611848116 CET44349719151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:12.287985086 CET44349719151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:12.288059950 CET49719443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:12.291517019 CET49719443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:12.291528940 CET44349719151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:12.291929960 CET44349719151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:12.304179907 CET49719443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:12.351330996 CET44349719151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:12.714509010 CET44349719151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:12.718666077 CET49719443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:12.734309912 CET49721443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:12.734333992 CET44349721151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:12.734443903 CET49721443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:12.734642029 CET49721443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:12.734656096 CET44349721151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:13.407445908 CET44349721151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:13.428555012 CET49721443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:13.428577900 CET44349721151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:13.429522038 CET49721443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:13.429527044 CET44349721151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:14.758897066 CET44349721151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:14.759155035 CET49721443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:14.759155035 CET49721443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:14.759185076 CET44349721151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:14.759546041 CET44349721151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:14.759624958 CET44349721151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:14.759717941 CET49721443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:14.801682949 CET49722443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:14.801795006 CET44349722151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:14.801893950 CET49722443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:14.802213907 CET49722443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:14.802253962 CET44349722151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:15.487653017 CET44349722151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:15.487767935 CET49722443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:15.506046057 CET49722443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:15.506105900 CET44349722151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:15.506346941 CET44349722151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:15.507045984 CET49722443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:15.507442951 CET49722443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:15.551326990 CET44349722151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:15.935533047 CET44349722151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:15.935753107 CET49722443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:15.935781956 CET44349722151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:15.935847998 CET49722443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:15.936933994 CET44349722151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:15.936992884 CET44349722151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:15.937052011 CET49722443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:15.988745928 CET49722443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:15.988785028 CET44349722151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:16.064162016 CET49726443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:16.064194918 CET44349726151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:16.064291000 CET49726443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:16.064452887 CET49726443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:16.064457893 CET44349726151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:16.285295963 CET49727443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:16.285342932 CET44349727151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:16.285497904 CET49727443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:16.285762072 CET49727443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:16.285773039 CET44349727151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:16.735523939 CET44349726151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:16.735620975 CET49726443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:16.736105919 CET49726443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:16.736116886 CET44349726151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:16.736316919 CET49726443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:16.736324072 CET44349726151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:16.959186077 CET44349727151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:16.959898949 CET49727443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:16.959938049 CET44349727151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:16.960649014 CET49727443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:16.960664988 CET44349727151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:17.154606104 CET44349726151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:17.154690981 CET49726443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:17.154752970 CET44349726151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:17.154756069 CET49726443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:17.154808044 CET49726443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:17.371651888 CET44349727151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:17.371819019 CET44349727151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:17.371959925 CET49727443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:17.372329950 CET49727443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:17.372347116 CET44349727151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:17.384354115 CET49731443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:17.384434938 CET44349731151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:17.384527922 CET49731443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:17.384759903 CET49731443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:17.384787083 CET44349731151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:18.349674940 CET44349731151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:18.350385904 CET49731443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:18.350399017 CET44349731151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:18.351439953 CET49731443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:18.351445913 CET44349731151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:18.768682003 CET44349731151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:18.768763065 CET44349731151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:18.768857956 CET49731443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:18.768994093 CET49731443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:18.769006014 CET44349731151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:18.769020081 CET49731443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:18.769025087 CET44349731151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:18.777695894 CET49738443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:18.777796030 CET44349738151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:18.778001070 CET49738443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:18.778359890 CET49738443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:18.778388023 CET44349738151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:19.462928057 CET44349738151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:19.463022947 CET49738443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:19.463521004 CET49738443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:19.463531971 CET44349738151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:19.463743925 CET49738443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:19.463749886 CET44349738151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:19.873233080 CET6185353192.168.2.51.1.1.1
      Jan 10, 2025 10:20:19.878154039 CET53618531.1.1.1192.168.2.5
      Jan 10, 2025 10:20:19.878226995 CET6185353192.168.2.51.1.1.1
      Jan 10, 2025 10:20:19.878268957 CET6185353192.168.2.51.1.1.1
      Jan 10, 2025 10:20:19.883119106 CET53618531.1.1.1192.168.2.5
      Jan 10, 2025 10:20:19.897804976 CET44349738151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:19.898132086 CET49738443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:19.898154020 CET44349738151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:19.898215055 CET49738443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:19.899566889 CET44349738151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:19.899660110 CET49738443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:19.899699926 CET44349738151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:19.899966002 CET49738443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:19.899980068 CET44349738151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:19.900007010 CET49738443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:19.982788086 CET61859443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:19.982831955 CET44361859151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:19.983027935 CET61859443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:19.983928919 CET61859443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:19.983947992 CET44361859151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:20.021720886 CET61860443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:20.021763086 CET44361860151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:20.021830082 CET61860443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:20.024755001 CET61860443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:20.024777889 CET44361860151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:20.345804930 CET53618531.1.1.1192.168.2.5
      Jan 10, 2025 10:20:20.346611977 CET6185353192.168.2.51.1.1.1
      Jan 10, 2025 10:20:20.351609945 CET53618531.1.1.1192.168.2.5
      Jan 10, 2025 10:20:20.351676941 CET6185353192.168.2.51.1.1.1
      Jan 10, 2025 10:20:20.647557974 CET44361859151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:20.648394108 CET61859443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:20.648854017 CET61859443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:20.648868084 CET44361859151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:20.649178982 CET61859443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:20.649187088 CET44361859151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:20.699124098 CET44361860151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:20.699651957 CET61860443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:20.699664116 CET44361860151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:20.700982094 CET61860443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:20.700987101 CET44361860151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:21.059056044 CET44361859151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:21.059140921 CET61859443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:21.059269905 CET61859443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:21.059324980 CET44361859151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:21.059509039 CET44361859151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:21.059540033 CET61859443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:21.059559107 CET61859443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:21.113253117 CET44361860151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:21.113316059 CET44361860151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:21.113442898 CET61860443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:21.113714933 CET61860443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:21.113722086 CET44361860151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:21.431329966 CET61870443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:21.431356907 CET44361870151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:21.431543112 CET61870443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:21.431788921 CET61870443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:21.431806087 CET44361870151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:22.132478952 CET44361870151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:22.132580996 CET61870443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:22.134146929 CET61870443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:22.134157896 CET44361870151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:22.134926081 CET44361870151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:22.135001898 CET61870443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:22.135400057 CET61870443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:22.179359913 CET44361870151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:22.551018000 CET44361870151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:22.551086903 CET61870443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:22.551100969 CET44361870151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:22.551155090 CET44361870151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:22.551206112 CET61870443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:22.551217079 CET61870443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:22.551601887 CET61870443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:22.551611900 CET44361870151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:22.551626921 CET61870443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:22.551707029 CET61870443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:22.554999113 CET61880443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:22.555023909 CET44361880151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:22.555119991 CET61880443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:22.555300951 CET61880443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:22.555320024 CET44361880151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:22.560201883 CET61881443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:22.560246944 CET44361881151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:22.560405016 CET61881443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:22.560638905 CET61881443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:22.560659885 CET44361881151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:23.232278109 CET44361881151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:23.232764006 CET61881443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:23.232800007 CET44361881151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:23.233709097 CET61881443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:23.233717918 CET44361881151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:23.253074884 CET44361880151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:23.253545046 CET61880443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:23.253567934 CET44361880151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:23.254365921 CET61880443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:23.254371881 CET44361880151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:23.650866032 CET44361881151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:23.651429892 CET61881443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:23.654979944 CET61888443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:23.655019045 CET44361888151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:23.655097961 CET61888443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:23.655308008 CET61888443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:23.655320883 CET44361888151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:23.675190926 CET44361880151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:23.675362110 CET44361880151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:23.675492048 CET61880443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:23.675492048 CET61880443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:23.676500082 CET61891443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:23.676587105 CET44361891151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:23.676678896 CET61891443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:23.676846981 CET61891443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:23.676881075 CET44361891151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:23.975115061 CET61880443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:23.975136995 CET44361880151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:24.320502996 CET44361888151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:24.320899010 CET61888443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:24.320945978 CET44361888151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:24.321810007 CET61888443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:24.321815014 CET44361888151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:24.342226982 CET44361891151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:24.342633963 CET61891443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:24.342655897 CET44361891151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:24.343388081 CET61891443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:24.343398094 CET44361891151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:24.736536026 CET44361888151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:24.736741066 CET61888443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:24.736741066 CET61888443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:24.736824036 CET44361888151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:24.737166882 CET44361888151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:24.737251997 CET44361888151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:24.738229990 CET61888443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:24.741686106 CET61900443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:24.741746902 CET44361900151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:24.741821051 CET61900443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:24.742062092 CET61900443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:24.742094040 CET44361900151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:24.752753973 CET44361891151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:24.752810001 CET44361891151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:24.752866983 CET61891443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:24.752866983 CET61891443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:24.752893925 CET44361891151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:24.752908945 CET61891443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:24.752916098 CET44361891151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:24.756825924 CET61901443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:24.756892920 CET44361901151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:24.757075071 CET61901443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:24.757271051 CET61901443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:24.757302999 CET44361901151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:25.423377037 CET44361901151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:25.423463106 CET61901443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:25.424910069 CET61901443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:25.424931049 CET44361901151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:25.425225973 CET44361901151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:25.426382065 CET61901443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:25.440058947 CET44361900151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:25.440129995 CET61900443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:25.440495968 CET61900443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:25.440509081 CET44361900151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:25.440732956 CET61900443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:25.440738916 CET44361900151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:25.467339039 CET44361901151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:25.830101967 CET44361901151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:25.830756903 CET61901443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:25.861498117 CET44361900151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:25.861573935 CET44361900151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:25.861608028 CET61900443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:25.861635923 CET61900443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:25.862490892 CET61900443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:25.862513065 CET44361900151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:25.887356043 CET61908443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:25.887432098 CET44361908151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:25.887521982 CET61908443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:25.887681961 CET61908443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:25.887707949 CET44361908151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:26.575674057 CET44361908151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:26.575746059 CET61908443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:26.576077938 CET61908443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:26.576090097 CET44361908151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:26.576247931 CET61908443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:26.576255083 CET44361908151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:26.991668940 CET44361908151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:26.991816998 CET61908443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:26.991817951 CET61908443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:26.991889000 CET44361908151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:26.991945982 CET61908443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:31.205003977 CET61935443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:31.205064058 CET44361935151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:31.205118895 CET61935443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:31.205502033 CET61935443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:31.205523014 CET44361935151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:31.884488106 CET44361935151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:31.884557009 CET61935443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:31.886004925 CET61935443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:31.886017084 CET44361935151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:31.886511087 CET44361935151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:31.886560917 CET61935443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:31.886913061 CET61935443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:31.927323103 CET44361935151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:32.307003975 CET44361935151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:32.307073116 CET61935443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:32.307131052 CET61935443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:32.307168007 CET44361935151.236.12.150192.168.2.5
      Jan 10, 2025 10:20:32.307236910 CET61935443192.168.2.5151.236.12.150
      Jan 10, 2025 10:20:32.307293892 CET61935443192.168.2.5151.236.12.150

      UDP Packets

      TimestampSource PortDest PortSource IPDest IP
      Jan 10, 2025 10:20:11.490051985 CET6466653192.168.2.51.1.1.1
      Jan 10, 2025 10:20:11.610584021 CET53646661.1.1.1192.168.2.5
      Jan 10, 2025 10:20:19.872744083 CET53512821.1.1.1192.168.2.5

      DNS Queries

      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
      Jan 10, 2025 10:20:11.490051985 CET192.168.2.51.1.1.10x71b6Standard query (0)paknavy.modpak.liveA (IP address)IN (0x0001)false

      DNS Answers

      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
      Jan 10, 2025 10:20:09.463844061 CET1.1.1.1192.168.2.50xf3f0No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
      Jan 10, 2025 10:20:09.463844061 CET1.1.1.1192.168.2.50xf3f0No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
      Jan 10, 2025 10:20:11.610584021 CET1.1.1.1192.168.2.50x71b6No error (0)paknavy.modpak.live151.236.12.150A (IP address)IN (0x0001)false
      Jan 10, 2025 10:21:11.260518074 CET1.1.1.1192.168.2.50xbe90No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
      Jan 10, 2025 10:21:11.260518074 CET1.1.1.1192.168.2.50xbe90No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false

      HTTP Request Dependency Graph

      • paknavy.modpak.live

      HTTPS Proxied Packets

      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      0192.168.2.549719151.236.12.1504435584C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      TimestampBytes transferredDirectionData
      2025-01-10 09:20:12 UTC347OUTOPTIONS /70137347_audit/ HTTP/1.1
      Connection: Keep-Alive
      Authorization: Bearer
      User-Agent: Microsoft Office Word 2014
      X-Office-Major-Version: 16
      X-MS-CookieUri-Requested: t
      X-FeatureVersion: 1
      Accept-Auth: badger,Wlid1.1,Bearer,Basic,NTLM,Digest,Kerberos,Negotiate,Nego2
      X-MSGETWEBURL: t
      X-IDCRL_ACCEPTED: t
      Host: paknavy.modpak.live
      2025-01-10 09:20:12 UTC232INHTTP/1.1 405 Method Not Allowed
      Server: nginx
      Date: Fri, 10 Jan 2025 09:20:12 GMT
      Content-Type: text/html; charset=utf-8
      Content-Length: 196
      Connection: close
      X-Robots-Tag: noindex, nofollow
      Access-Control-Allow-Origin: *
      2025-01-10 09:20:12 UTC196INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
      Data Ascii: <html><head><title>405 Method Not Allowed</title></head><body bgcolor="white"><center><h1>405 Method Not Allowed</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      1192.168.2.549721151.236.12.1504435584C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      TimestampBytes transferredDirectionData
      2025-01-10 09:20:13 UTC337OUTHEAD /70137347_audit/Profile.rtf HTTP/1.1
      Connection: Keep-Alive
      Authorization: Bearer
      User-Agent: Microsoft Office Word 2014
      X-Office-Major-Version: 16
      X-MS-CookieUri-Requested: t
      X-FeatureVersion: 1
      Accept-Auth: badger,Wlid1.1,Bearer,Basic,NTLM,Digest,Kerberos,Negotiate,Nego2
      X-IDCRL_ACCEPTED: t
      Host: paknavy.modpak.live
      2025-01-10 09:20:14 UTC232INHTTP/1.1 405 Method Not Allowed
      Server: nginx
      Date: Fri, 10 Jan 2025 09:20:14 GMT
      Content-Type: text/html; charset=utf-8
      Content-Length: 196
      Connection: close
      X-Robots-Tag: noindex, nofollow
      Access-Control-Allow-Origin: *


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      2192.168.2.549722151.236.12.1504435584C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      TimestampBytes transferredDirectionData
      2025-01-10 09:20:15 UTC202OUTGET /70137347_audit/Profile.rtf HTTP/1.1
      Accept: */*
      User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)
      Accept-Encoding: gzip, deflate
      Host: paknavy.modpak.live
      Connection: Keep-Alive
      2025-01-10 09:20:15 UTC205INHTTP/1.1 200 OK
      Server: nginx
      Date: Fri, 10 Jan 2025 09:20:15 GMT
      Content-Type: application/rtf
      Content-Length: 8
      Connection: close
      X-Robots-Tag: noindex, nofollow
      Access-Control-Allow-Origin: *
      2025-01-10 09:20:15 UTC8INData Raw: 7b 5c 72 74 66 31 20 7d
      Data Ascii: {\rtf1 }


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      3192.168.2.549726151.236.12.1504435584C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      TimestampBytes transferredDirectionData
      2025-01-10 09:20:16 UTC240OUTHEAD /70137347_audit/Profile.rtf HTTP/1.1
      Authorization: Bearer
      X-MS-CookieUri-Requested: t
      X-FeatureVersion: 1
      X-IDCRL_ACCEPTED: t
      User-Agent: Microsoft Office Existence Discovery
      Host: paknavy.modpak.live
      Connection: Keep-Alive
      2025-01-10 09:20:17 UTC232INHTTP/1.1 405 Method Not Allowed
      Server: nginx
      Date: Fri, 10 Jan 2025 09:20:17 GMT
      Content-Type: text/html; charset=utf-8
      Content-Length: 196
      Connection: close
      X-Robots-Tag: noindex, nofollow
      Access-Control-Allow-Origin: *


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      4192.168.2.549727151.236.12.1504435584C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      TimestampBytes transferredDirectionData
      2025-01-10 09:20:16 UTC347OUTOPTIONS /70137347_audit/ HTTP/1.1
      Connection: Keep-Alive
      Authorization: Bearer
      User-Agent: Microsoft Office Word 2014
      X-Office-Major-Version: 16
      X-MS-CookieUri-Requested: t
      X-FeatureVersion: 1
      Accept-Auth: badger,Wlid1.1,Bearer,Basic,NTLM,Digest,Kerberos,Negotiate,Nego2
      X-MSGETWEBURL: t
      X-IDCRL_ACCEPTED: t
      Host: paknavy.modpak.live
      2025-01-10 09:20:17 UTC232INHTTP/1.1 405 Method Not Allowed
      Server: nginx
      Date: Fri, 10 Jan 2025 09:20:17 GMT
      Content-Type: text/html; charset=utf-8
      Content-Length: 196
      Connection: close
      X-Robots-Tag: noindex, nofollow
      Access-Control-Allow-Origin: *
      2025-01-10 09:20:17 UTC196INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
      Data Ascii: <html><head><title>405 Method Not Allowed</title></head><body bgcolor="white"><center><h1>405 Method Not Allowed</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      5192.168.2.549731151.236.12.1504435584C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      TimestampBytes transferredDirectionData
      2025-01-10 09:20:18 UTC337OUTHEAD /70137347_audit/Profile.rtf HTTP/1.1
      Connection: Keep-Alive
      Authorization: Bearer
      User-Agent: Microsoft Office Word 2014
      X-Office-Major-Version: 16
      X-MS-CookieUri-Requested: t
      X-FeatureVersion: 1
      Accept-Auth: badger,Wlid1.1,Bearer,Basic,NTLM,Digest,Kerberos,Negotiate,Nego2
      X-IDCRL_ACCEPTED: t
      Host: paknavy.modpak.live
      2025-01-10 09:20:18 UTC232INHTTP/1.1 405 Method Not Allowed
      Server: nginx
      Date: Fri, 10 Jan 2025 09:20:18 GMT
      Content-Type: text/html; charset=utf-8
      Content-Length: 196
      Connection: close
      X-Robots-Tag: noindex, nofollow
      Access-Control-Allow-Origin: *


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      6192.168.2.549738151.236.12.1504435584C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      TimestampBytes transferredDirectionData
      2025-01-10 09:20:19 UTC202OUTGET /70137347_audit/Profile.rtf HTTP/1.1
      Accept: */*
      User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)
      Accept-Encoding: gzip, deflate
      Host: paknavy.modpak.live
      Connection: Keep-Alive
      2025-01-10 09:20:19 UTC205INHTTP/1.1 200 OK
      Server: nginx
      Date: Fri, 10 Jan 2025 09:20:19 GMT
      Content-Type: application/rtf
      Content-Length: 8
      Connection: close
      X-Robots-Tag: noindex, nofollow
      Access-Control-Allow-Origin: *
      2025-01-10 09:20:19 UTC8INData Raw: 7b 5c 72 74 66 31 20 7d
      Data Ascii: {\rtf1 }


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      7192.168.2.561859151.236.12.1504435584C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      TimestampBytes transferredDirectionData
      2025-01-10 09:20:20 UTC240OUTHEAD /70137347_audit/Profile.rtf HTTP/1.1
      Authorization: Bearer
      X-MS-CookieUri-Requested: t
      X-FeatureVersion: 1
      X-IDCRL_ACCEPTED: t
      User-Agent: Microsoft Office Existence Discovery
      Host: paknavy.modpak.live
      Connection: Keep-Alive
      2025-01-10 09:20:21 UTC232INHTTP/1.1 405 Method Not Allowed
      Server: nginx
      Date: Fri, 10 Jan 2025 09:20:20 GMT
      Content-Type: text/html; charset=utf-8
      Content-Length: 196
      Connection: close
      X-Robots-Tag: noindex, nofollow
      Access-Control-Allow-Origin: *


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      8192.168.2.561860151.236.12.1504435584C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      TimestampBytes transferredDirectionData
      2025-01-10 09:20:20 UTC347OUTOPTIONS /70137347_audit/ HTTP/1.1
      Connection: Keep-Alive
      Authorization: Bearer
      User-Agent: Microsoft Office Word 2014
      X-Office-Major-Version: 16
      X-MS-CookieUri-Requested: t
      X-FeatureVersion: 1
      Accept-Auth: badger,Wlid1.1,Bearer,Basic,NTLM,Digest,Kerberos,Negotiate,Nego2
      X-MSGETWEBURL: t
      X-IDCRL_ACCEPTED: t
      Host: paknavy.modpak.live
      2025-01-10 09:20:21 UTC232INHTTP/1.1 405 Method Not Allowed
      Server: nginx
      Date: Fri, 10 Jan 2025 09:20:21 GMT
      Content-Type: text/html; charset=utf-8
      Content-Length: 196
      Connection: close
      X-Robots-Tag: noindex, nofollow
      Access-Control-Allow-Origin: *
      2025-01-10 09:20:21 UTC196INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
      Data Ascii: <html><head><title>405 Method Not Allowed</title></head><body bgcolor="white"><center><h1>405 Method Not Allowed</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      9192.168.2.561870151.236.12.1504435584C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      TimestampBytes transferredDirectionData
      2025-01-10 09:20:22 UTC250OUTOPTIONS /70137347_audit/ HTTP/1.1
      Authorization: Bearer
      X-MS-CookieUri-Requested: t
      X-FeatureVersion: 1
      X-IDCRL_ACCEPTED: t
      User-Agent: Microsoft Office Protocol Discovery
      Host: paknavy.modpak.live
      Content-Length: 0
      Connection: Keep-Alive
      2025-01-10 09:20:22 UTC232INHTTP/1.1 405 Method Not Allowed
      Server: nginx
      Date: Fri, 10 Jan 2025 09:20:22 GMT
      Content-Type: text/html; charset=utf-8
      Content-Length: 196
      Connection: close
      X-Robots-Tag: noindex, nofollow
      Access-Control-Allow-Origin: *
      2025-01-10 09:20:22 UTC196INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
      Data Ascii: <html><head><title>405 Method Not Allowed</title></head><body bgcolor="white"><center><h1>405 Method Not Allowed</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      10192.168.2.561881151.236.12.1504435584C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      TimestampBytes transferredDirectionData
      2025-01-10 09:20:23 UTC347OUTOPTIONS /70137347_audit/ HTTP/1.1
      Connection: Keep-Alive
      Authorization: Bearer
      User-Agent: Microsoft Office Word 2014
      X-Office-Major-Version: 16
      X-MS-CookieUri-Requested: t
      X-FeatureVersion: 1
      Accept-Auth: badger,Wlid1.1,Bearer,Basic,NTLM,Digest,Kerberos,Negotiate,Nego2
      X-MSGETWEBURL: t
      X-IDCRL_ACCEPTED: t
      Host: paknavy.modpak.live
      2025-01-10 09:20:23 UTC232INHTTP/1.1 405 Method Not Allowed
      Server: nginx
      Date: Fri, 10 Jan 2025 09:20:23 GMT
      Content-Type: text/html; charset=utf-8
      Content-Length: 196
      Connection: close
      X-Robots-Tag: noindex, nofollow
      Access-Control-Allow-Origin: *
      2025-01-10 09:20:23 UTC196INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
      Data Ascii: <html><head><title>405 Method Not Allowed</title></head><body bgcolor="white"><center><h1>405 Method Not Allowed</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      11192.168.2.561880151.236.12.1504435584C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      TimestampBytes transferredDirectionData
      2025-01-10 09:20:23 UTC399OUTOPTIONS /70137347_audit/ HTTP/1.1
      Connection: Keep-Alive
      Authorization: Bearer
      User-Agent: Microsoft Office Word 2014
      X-Office-Major-Version: 16
      X-MS-CookieUri-Requested: t
      X-FeatureVersion: 1
      Accept-Auth: badger,Wlid1.1,Bearer,Basic,NTLM,Digest,Kerberos,Negotiate,Nego2
      X-IDCRL_ACCEPTED: t
      X-IDCRL_OPTIONS: force-auth-challenge
      IgnoreCookieAuthentication: t
      Host: paknavy.modpak.live
      2025-01-10 09:20:23 UTC232INHTTP/1.1 405 Method Not Allowed
      Server: nginx
      Date: Fri, 10 Jan 2025 09:20:23 GMT
      Content-Type: text/html; charset=utf-8
      Content-Length: 196
      Connection: close
      X-Robots-Tag: noindex, nofollow
      Access-Control-Allow-Origin: *
      2025-01-10 09:20:23 UTC196INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
      Data Ascii: <html><head><title>405 Method Not Allowed</title></head><body bgcolor="white"><center><h1>405 Method Not Allowed</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      12192.168.2.561888151.236.12.1504435584C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      TimestampBytes transferredDirectionData
      2025-01-10 09:20:24 UTC337OUTHEAD /70137347_audit/Profile.rtf HTTP/1.1
      Connection: Keep-Alive
      Authorization: Bearer
      User-Agent: Microsoft Office Word 2014
      X-Office-Major-Version: 16
      X-MS-CookieUri-Requested: t
      X-FeatureVersion: 1
      Accept-Auth: badger,Wlid1.1,Bearer,Basic,NTLM,Digest,Kerberos,Negotiate,Nego2
      X-IDCRL_ACCEPTED: t
      Host: paknavy.modpak.live
      2025-01-10 09:20:24 UTC232INHTTP/1.1 405 Method Not Allowed
      Server: nginx
      Date: Fri, 10 Jan 2025 09:20:24 GMT
      Content-Type: text/html; charset=utf-8
      Content-Length: 196
      Connection: close
      X-Robots-Tag: noindex, nofollow
      Access-Control-Allow-Origin: *


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      13192.168.2.561891151.236.12.1504435584C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      TimestampBytes transferredDirectionData
      2025-01-10 09:20:24 UTC125OUTHEAD /70137347_audit/ HTTP/1.1
      Connection: Keep-Alive
      User-Agent: Microsoft Office Word 2014
      Host: paknavy.modpak.live
      2025-01-10 09:20:24 UTC232INHTTP/1.1 405 Method Not Allowed
      Server: nginx
      Date: Fri, 10 Jan 2025 09:20:24 GMT
      Content-Type: text/html; charset=utf-8
      Content-Length: 196
      Connection: close
      X-Robots-Tag: noindex, nofollow
      Access-Control-Allow-Origin: *


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      14192.168.2.561901151.236.12.1504435584C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      TimestampBytes transferredDirectionData
      2025-01-10 09:20:25 UTC342OUTOPTIONS /70137347_audit/ HTTP/1.1
      Connection: Keep-Alive
      Authorization: Bearer
      User-Agent: Microsoft Office Word
      X-Office-Major-Version: 16
      X-MS-CookieUri-Requested: t
      X-FeatureVersion: 1
      Accept-Auth: badger,Wlid1.1,Bearer,Basic,NTLM,Digest,Kerberos,Negotiate,Nego2
      X-MSGETWEBURL: t
      X-IDCRL_ACCEPTED: t
      Host: paknavy.modpak.live
      2025-01-10 09:20:25 UTC232INHTTP/1.1 405 Method Not Allowed
      Server: nginx
      Date: Fri, 10 Jan 2025 09:20:25 GMT
      Content-Type: text/html; charset=utf-8
      Content-Length: 196
      Connection: close
      X-Robots-Tag: noindex, nofollow
      Access-Control-Allow-Origin: *
      2025-01-10 09:20:25 UTC196INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
      Data Ascii: <html><head><title>405 Method Not Allowed</title></head><body bgcolor="white"><center><h1>405 Method Not Allowed</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      15192.168.2.561900151.236.12.1504435584C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      TimestampBytes transferredDirectionData
      2025-01-10 09:20:25 UTC202OUTGET /70137347_audit/Profile.rtf HTTP/1.1
      Accept: */*
      User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)
      Accept-Encoding: gzip, deflate
      Host: paknavy.modpak.live
      Connection: Keep-Alive
      2025-01-10 09:20:25 UTC205INHTTP/1.1 200 OK
      Server: nginx
      Date: Fri, 10 Jan 2025 09:20:25 GMT
      Content-Type: application/rtf
      Content-Length: 8
      Connection: close
      X-Robots-Tag: noindex, nofollow
      Access-Control-Allow-Origin: *
      2025-01-10 09:20:25 UTC8INData Raw: 7b 5c 72 74 66 31 20 7d
      Data Ascii: {\rtf1 }


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      16192.168.2.561908151.236.12.1504435584C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      TimestampBytes transferredDirectionData
      2025-01-10 09:20:26 UTC240OUTHEAD /70137347_audit/Profile.rtf HTTP/1.1
      Authorization: Bearer
      X-MS-CookieUri-Requested: t
      X-FeatureVersion: 1
      X-IDCRL_ACCEPTED: t
      User-Agent: Microsoft Office Existence Discovery
      Host: paknavy.modpak.live
      Connection: Keep-Alive
      2025-01-10 09:20:26 UTC232INHTTP/1.1 405 Method Not Allowed
      Server: nginx
      Date: Fri, 10 Jan 2025 09:20:26 GMT
      Content-Type: text/html; charset=utf-8
      Content-Length: 196
      Connection: close
      X-Robots-Tag: noindex, nofollow
      Access-Control-Allow-Origin: *


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      17192.168.2.561935151.236.12.1504435584C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      TimestampBytes transferredDirectionData
      2025-01-10 09:20:31 UTC240OUTHEAD /70137347_audit/Profile.rtf HTTP/1.1
      Authorization: Bearer
      X-MS-CookieUri-Requested: t
      X-FeatureVersion: 1
      X-IDCRL_ACCEPTED: t
      User-Agent: Microsoft Office Existence Discovery
      Host: paknavy.modpak.live
      Connection: Keep-Alive
      2025-01-10 09:20:32 UTC232INHTTP/1.1 405 Method Not Allowed
      Server: nginx
      Date: Fri, 10 Jan 2025 09:20:32 GMT
      Content-Type: text/html; charset=utf-8
      Content-Length: 196
      Connection: close
      X-Robots-Tag: noindex, nofollow
      Access-Control-Allow-Origin: *


      Statistics

      CPU Usage

      Click to jump to process

      Memory Usage

      Click to jump to process

      High Level Behavior Distribution

      Click to dive into process behavior distribution

      Behavior

      Click to jump to process

      System Behavior

      General

      Target ID:0
      Start time:04:20:00
      Start date:10/01/2025
      Path:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      Wow64 process (32bit):true
      Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
      Imagebase:0x7e0000
      File size:1'620'872 bytes
      MD5 hash:1A0C2C2E7D9C4BC18E91604E9B0C7678
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:false

      General

      Target ID:7
      Start time:04:20:07
      Start date:10/01/2025
      Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE
      Wow64 process (32bit):true
      Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE" C:\Program Files (x86)\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT
      Imagebase:0x960000
      File size:338'896 bytes
      MD5 hash:7E33DE81287ADE7C97AE4900AEB2B020
      Has elevated privileges:true
      Has administrator privileges:false
      Programmed in:C, C++ or other language
      Reputation:moderate
      Has exited:true

      General

      Target ID:10
      Start time:04:20:15
      Start date:10/01/2025
      Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE
      Wow64 process (32bit):true
      Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE" C:\Program Files (x86)\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT
      Imagebase:0x960000
      File size:338'896 bytes
      MD5 hash:7E33DE81287ADE7C97AE4900AEB2B020
      Has elevated privileges:true
      Has administrator privileges:false
      Programmed in:C, C++ or other language
      Reputation:moderate
      Has exited:true

      General

      Target ID:15
      Start time:04:20:26
      Start date:10/01/2025
      Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE
      Wow64 process (32bit):true
      Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE" C:\Program Files (x86)\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT
      Imagebase:0x960000
      File size:338'896 bytes
      MD5 hash:7E33DE81287ADE7C97AE4900AEB2B020
      Has elevated privileges:true
      Has administrator privileges:false
      Programmed in:C, C++ or other language
      Reputation:moderate
      Has exited:true

      General

      Target ID:17
      Start time:04:20:27
      Start date:10/01/2025
      Path:C:\Windows\splwow64.exe
      Wow64 process (32bit):false
      Commandline:C:\Windows\splwow64.exe 12288
      Imagebase:0x7ff609ca0000
      File size:163'840 bytes
      MD5 hash:77DE7761B037061C7C112FD3C5B91E73
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:false

      Disassembly

      No disassembly